Overview
The Decision Sentinel is a background watcher that answers a question dashboards can’t: is the decisioning stream silently going wrong right now? It runs every 30 minutes (GET /api/v1/cron/ai-sentinel, CRON_SECRET-gated) and evaluates two metrics per tenant over the last 60 minutes versus the previous 60-minute window.
Metrics
Both metrics are computed fromdecision_traces and are also registered as standard alert-rule metrics, so you can build your own alert rules on them in Settings > Alerts:
| Metric | Definition | Warn | Hard breach |
|---|---|---|---|
suppression_rate | Qualified candidates removed by the suppression + contact-policy stages: (Σ afterQualification − Σ afterContactPolicy) / Σ afterQualification | ≥ 80% | ≥ 95% |
empty_candidate_rate | Decisions that returned zero offers: traces with finalCount = 0 / total traces | ≥ 30% | ≥ 50% |
What happens on a breach
- Warn breach — a System Health alert (source
sentinel) is written and appears on AI > Insights and the notification surfaces. Alerts are deduplicated within the window. - Hard breach — the alert severity is
critical(which also routes to configured side channels). If — and only if — the tenant has opted in via Settings > AI Configuration > AI Autonomy > “Sentinel may auto-pause active flows” (aiAutopilot.sentinelAutoPause: true), the Sentinel pauses all active decision flows using the same optimistic-locking pattern as the fairness recheck, with a full audit trail (auto_pause/sentinel_breach).