Governance Dashboard

Platform safety, cost controls, and eval quality

Snapshot generated at: 2026-04-13T03:50:00Z

Mixed telemetry

Includes live signals where available plus illustrative and snapshot values for portfolio demonstration of observability, guardrails, and evaluation patterns.

Trust Control Flow

Human approval required before strategist execution

Execution paused for review at HITL checkpoint

Policy check passed before response release

Decision trace logged with request and trace IDs

Guardrail-triggered outputs are blocked or redacted

Telemetry Snapshot

Policy Controls

Control	Status	Implementation
Content Security Policy	✓ Active	next.config.ts + proxy.ts
Rate Limiting (Upstash Redis)	✓ Active	10 req / 60s per IP, SHA-256 hash
Prompt Injection Detection	✓ Active	src/lib/guardrails.ts — centralized signatures
Competitor Mention Filter	✓ Active	Redacts 8 competitor names
Hallucination Heuristic	✓ Active	Key-fact presence check on long outputs
XSS Sanitization (DOMPurify)	✓ Active	All LLM output before render
IP SHA-256 Hashing	✓ Active	Never raw IPs in storage
npm audit (CI-enforced)	✓ Active	0 high/critical CVEs
Eval Regression Gate	✓ Active	fidelity ≥ 0.85, halluc. ≤ 0.10
HITL Checkpoint (Multi-Agent)	✓ Active	Human approval before Strategist runs

Recent Audit Events

Time	Event	Detail	Severity
14:07:58	guardrail.blocked	Prompt injection detected — IP redacted	warn
14:05:03	guardrail.redacted	Competitor mention filtered from output	info
14:03:12	eval.regression	Fidelity Δ +0.02 vs baseline — within gate	ok
14:01:44	rate_limit.triggered	429 issued to IP hash a93aa730	warn
13:58:31	deploy.passed	CI gate passed — fidelity 0.94, halluc. 0.02	ok
13:55:09	guardrail.blocked	Template injection {{}} in query body	warn
13:51:22	eval.completed	Snapshot run — eval posture recorded	ok

Token Latency vs. Cost (24h)

vs. cost/request (24h)

Hover to inspect hourly values · Blue = latency · Teal dashed = cost/request

Business hours show higher latency with lower cost/request due to increased cache hit rates. Simulated data — production would stream from OTEL collector via /api/enterprise-sim.

Why this matters to enterprise buyers

CFO perspective

Cost per interaction is tracked and gated. Rate limiting prevents runaway spend. Every token cost is observable.

CTO perspective

Guardrails, eval gating, and HITL checkpoints are code — not policy docs. They ship with the system and fail CI if broken.

CISO perspective

No raw IPs stored, prompt injection detected at the edge, all outputs sanitized before render, audit log immutable.