Platform FeaturesRules Engine

Rules Engine

Every event is evaluated by the Rules Engine in real-time. Rules fire instantly — no polling, no delays.

Rule Anatomy

IF [condition] AND/OR [condition] THEN [action] + [action]

Available Conditions

FieldOperatorsExample
actionequals, containsaction = "payment"
severityequalsseverity = "error"
ai_risk_score>, <, =score > 80
metadata.amount>, <, =amount > 10000
event_count_5min>count > 50
hour<, >hour < 8
day_of_weekequalsday = "saturday"

Available Actions

ActionDescription
blockStops agent, returns blocked: true
send_notificationEmail + Slack alert
create_incidentOpens incident in dashboard
require_approvalHuman-in-the-Loop pause
pause_agent(N)Pauses agent N minutes
disable_agentDisables until manual resume

Backtest

Every rule shows: "X events would have matched in last 7 days" before saving. Test before deploying.

EventsRule Templates

Was this helpful?

Something wrong? Open an issue on GitHub
bash
"tk-cmt"># High Value Payment Guard
IF action = "payment_processed"
AND metadata.amount > 10000
THEN
  require_approval
  create_incident(severity: "high")
  send_notification("Payment >€10K needs approval")

"tk-cmt"># Runaway Agent Circuit Breaker
IF event_count_last_5min > 50
THEN
  pause_agent(60)
  create_incident(severity: "critical")
  send_notification("Agent paused: 50+ events/5min")

"tk-cmt"># After-Hours Action Block
IF hour < 8 OR hour > 21
THEN
  block
  create_incident(severity: "high")
  send_notification("Action outside allowed hours")

"tk-cmt"># Prompt Injection Detection
IF ai_risk_score > 85
AND action contains "llm_call"
THEN
  block
  create_incident(severity: "critical")
  send_notification("Possible prompt injection")