Alerts
Risky patterns flagged in-session by your risk-detection rules — triage, resolve, or dismiss
Review queue
Triage — resolve or dismiss each flag
- criticalPolicy violationreviewed· 2d ago
Attempted edit outside allowed workspace path
- criticalProd accessdismissed· 19h ago
Session touched production database credentials
- criticalPII in transcript· 2d ago
Customer email addresses appeared in transcript
- criticalPII in transcript· 1d ago
Customer email addresses appeared in transcript
- criticalDestructive commandreviewed· 22h ago
Model proposed `rm -rf` on a tracked directory
- criticalPolicy violation· 20h ago
Attempted edit outside allowed workspace path
- criticalProd access· 23h ago
Session touched production database credentials
- criticalProd access· 18h ago
Session touched production database credentials
- highPolicy violation· 1d ago
Attempted edit outside allowed workspace path
- highDestructive commandreviewed· 2d ago
Model proposed `rm -rf` on a tracked directory
- highPolicy violation· 19h ago
Attempted edit outside allowed workspace path
- highPII in transcriptdismissed· 19h ago
Customer email addresses appeared in transcript
- highDestructive command· 19h ago
Model proposed `rm -rf` on a tracked directory
- mediumProd access· 1d ago
Session touched production database credentials
- mediumPolicy violation· 19h ago
Attempted edit outside allowed workspace path
- mediumDestructive command· 45m ago
Model proposed `rm -rf` on a tracked directory
- mediumDestructive command· 2d ago
Model proposed `rm -rf` on a tracked directory
- lowPolicy violationdismissed· 1d ago
Attempted edit outside allowed workspace path
- lowProd access· 23h ago
Session touched production database credentials
- lowPolicy violationreviewed· 22h ago
Attempted edit outside allowed workspace path
- lowPII in transcript· 2d ago
Customer email addresses appeared in transcript
- lowProd accessreviewed· 23h ago
Session touched production database credentials
- lowSecret exposurereviewed· 2h ago
Possible API key pasted into prompt context
- lowPolicy violationdismissed· 0m ago
Attempted edit outside allowed workspace path
- lowProd accessreviewed· 0m ago
Session touched production database credentials
- lowSecret exposuredismissed· 2d ago
Possible API key pasted into prompt context
- lowProd access· 1d ago
Session touched production database credentials
Signal integrity
Method signatures that look synthetic — team-level patterns routed to leads as conversation starters, never a named accusation or a ranking.
Faking work costs nearly as much as doing it — and leaves these detectable signatures. Read as a prompt to talk, not a verdict.
- mediumzero-rejection windowSRE Core · team-level· 14 sessions
14 consecutive sessions with 100% acceptance and zero rejected diffs — statistically unusual against the team's 58% baseline. Conversation starter, not an accusation.
Conversation starter · team-level - highedits with no prior readVendor Pod Chennai · team-level· 9 sessions
Edit tool calls landing on files never read in-session — consistent with pasted-in bulk output. Vendor sessions carry elevated integrity sensitivity.
Conversation starter · team-level - mediumtoken spike, flat tool diversityAnalytics · team-level· 6 sessions
Token volume 2.4× baseline while tool-call diversity stayed flat — volume without exploration. Often benign (data dumps); worth one look.
Conversation starter · team-level - lowabandoned-restart chainGrowth · team-level· 5 sessions
Chains of abandoned sessions immediately restarted on the same repo — can inflate session counts without outcomes.
Conversation starter · team-level