| Severity | Definition | Example | Response Time |
|---|---|---|---|
| Critical | LLM modifies protected file or bypasses enforcement | Preflight check fails to block an UNTOUCHABLE edit | Immediate (automated) |
| High | LLM makes logic changes without approval | Code behavior changed without ASK BEFORE TOUCHING | < 5 minutes |
| Medium | Enforcement degraded but operational | Handoff stale > 30 minutes, MCP source falls to fallback | < 30 minutes |
| Low | Informational: rules triggered as expected | Step-back cycle fires, preflight blocks attempted edit | Logged, no action needed |
Preflight check (Rule 2) runs before every file edit. If the target file is on the UNTOUCHABLE list, the edit is blocked and a violation is logged with timestamp, file path, and context.
Handoff staleness check runs on every message. If SESSION_HANDOFF.md has not been updated within 10 minutes of active work, a stale handoff warning is logged.
Step-back injection (Rule 4) fires every 4 messages. If the reflection does not occur, the counter continues incrementing (visible in /ns endpoint).
NS state monitoring via the /ns endpoint exposes all counters: rules active, violations this session, edits blocked, dispatches, handoff freshness. Polling this endpoint detects anomalies.
For blocked edits: The preflight script returns BLOCKED and the LLM is instructed to STOP. The violation is logged. No human intervention needed unless the block itself failed.
For unauthorized changes: The session can be stopped via /stop endpoint. The LLM's conversation history is preserved via the Claude CLI session ID for forensic review.
For MCP failure: The system falls back to hardcoded rules (visible as rulesSource: "fallback" in /ns). Governance continues with local enforcement while the MCP server is restored.
Violation log review: All violations are timestamped in guardrail-violations.log. The audit dashboard at /family/audit.html provides filtered access to the full history.
Session replay: The SESSION_HANDOFF.md and WORKLOG.md provide a written record of what the LLM was doing before, during, and after the incident.
PM2 process logs: Each agent's stdout/stderr is captured by PM2. Logs can be reviewed to see exactly what commands were executed.
If a protected file was modified: Restore from /root/911restore/ backup directory. Update UNTOUCHABLE list if the file was not yet listed.
If enforcement failed: Review preflight.sh logic, verify UNTOUCHABLE_FILES.txt is current, check that the NS MCP server is returning rules correctly.
System hardening: Add newly identified critical files to the UNTOUCHABLE list. Update the NS MCP framework if new rules are needed.
Every incident is documented in the WORKLOG with: timestamp, severity, what happened, root cause, containment actions taken, and preventive measures added.
| Level | Who | When |
|---|---|---|
| L1 - Automated | Preflight script + NS enforcement | Every file edit, every message |
| L2 - Notification | Tamara (Ops agent) via Telegram | Any violation logged |
| L3 - Human Review | Arthur Palyan (System Owner) | Critical severity or repeated violations |
For security concerns or incident reports: palyanai@gmail.com
System status: status page | Audit log: audit dashboard