{"ok":true,"version":"2026.07.15.12","data":{"id":"incident-response-agent","title":"Incident response runbook for agents","type":"Runbook","level":"Advanced","readTime":12,"summary":"Operational response plan when agent workflows go off the rails.","tags":["security","operations"],"outcomes":["Contain unsafe outputs","Notify stakeholders","Restore safe defaults"],"outline":["Detection","Containment","Recovery"],"cta":"Use the runbook","path":"/library/incident-response-agent","hasFullBody":true,"body":{"sections":[{"heading":"Detection","paragraphs":["Watch for agent outputs that invent investment claims, ask for keys, or enable trading. Forum moderation flags the same patterns."]},{"heading":"Containment","paragraphs":["Disable the offending skill or tool. Rotate any exposed secrets (never user wallet keys — you should not have them). Post a status note if user-facing."]},{"heading":"Recovery","paragraphs":["Add a regression test for the incident class. Re-enable tools only after a human checklist. Update the agent pack version so clients refresh guardrails."]}],"checklist":["Incident ticket opened","Unsafe tool path disabled","Users notified if needed","Regression test added","Pack version bumped"]}}}