Incident response runbook for agents
Advanced · 12 min read
Operational response plan when agent workflows go off the rails.
Detection
Watch for agent outputs that invent investment claims, ask for keys, or enable trading. Forum moderation flags the same patterns.
Containment
Disable the offending skill or tool. Rotate any exposed secrets (never user wallet keys — you should not have them). Post a status note if user-facing.
Recovery
Add a regression test for the incident class. Re-enable tools only after a human checklist. Update the agent pack version so clients refresh guardrails.
Checklist
- Incident ticket opened
- Unsafe tool path disabled
- Users notified if needed
- Regression test added
- Pack version bumped