Editing Guardian rules
Per-workspace thresholds, alert webhooks, rule-level on/off.
Open Dashboard → Guardian. Each rule has an on/off toggle, editable thresholds, and an optional Slack / email webhook URL for alerts.
| Rule | Default threshold | What you can tune |
|---|---|---|
| Dedup | 3 identical prompts in 60s | Count window, time window, action (block / throttle / alert-only) |
| Cost spike | 10× 24h rolling average in 5 min | Multiplier, window, action |
| Context bloat | 50,000 prompt tokens | Token ceiling, response action (reject / downgrade / truncate) |
| Zombie agent | 30 min identical traffic | Time window, variation threshold |
| Rate limit | Per-key RPM | RPM ceiling per key (also editable in Dashboard → Keys) |
Alerts fire on first violation
Webhooks are rate-limited to one alert per rule per hour, so a runaway agent doesn't flood your Slack. The alert payload includes the offending workspace, key, rule, and a link to the routing log.