Incident response

Updated

Severity cues

Severity Examples
SEV1 Credential leak, suspected bulk data exfil via prompts
SEV2 Task Ok accepted invalid outputs causing downstream corruption
SEV3 Elevated gateway timeouts affecting SLA

Immediate actions

  1. Contain: rotate gateway tokens if leaked; disable offending task route in consumer if needed.
  2. Preserve evidence: export redacted logs (Data handling).
  3. Communicate: stakeholders per org policy.

Technical triage

Question Action
Contract mismatch? Diff contract.json vs deployed SHA
Regression in LCDL? Bisect git between pins
Gateway-only? Isolate with pytest -q offline slice

Post-incident