Handbook
Incident response
Updated
Severity cues
| Severity | Examples |
|---|---|
| SEV1 | Credential leak, suspected bulk data exfil via prompts |
| SEV2 | Task Ok accepted invalid outputs causing downstream corruption |
| SEV3 | Elevated gateway timeouts affecting SLA |
Immediate actions
- Contain: rotate gateway tokens if leaked; disable offending task route in consumer if needed.
- Preserve evidence: export redacted logs (Data handling).
- Communicate: stakeholders per org policy.
Technical triage
| Question | Action |
|---|---|
| Contract mismatch? | Diff contract.json vs deployed SHA |
| Regression in LCDL? | Bisect git between pins |
| Gateway-only? | Isolate with pytest -q offline slice |
Post-incident
- Patch contracts/tests/docs as needed.
- Update Known limitations if user-visible.