Alert Rules
Alert rules notify your team — by email, webhook, or in-portal notification — when AI sessions match conditions that require attention. Use them to catch high-risk decisions in real time, monitor guardrail failure rates, and flag anomalies before they become compliance incidents.
How alert rules work
When a new session is ingested and processed, VeriProof evaluates it against all active alert rules for the corresponding application. If any rule conditions are met, the configured notification actions fire.
Evaluation is synchronous with ingest — alerts trigger within seconds of a session being stored.
Creating an alert rule
- Open Alerts in the Customer Portal sidebar.
- Select the Alert Rules tab.
- Click New Rule.
- Configure the rule:
- Name — a descriptive label for the rule (e.g., “High risk loan decisions”)
- Scope — which Application to monitor (or “All Applications”)
- Trigger conditions — the criteria a session must match
- Actions — what happens when the rule fires
- Click Save & Activate.
Rule conditions
Conditions can be combined with AND / OR logic. Available condition types:
| Condition | Operators | Example |
|---|---|---|
| Risk Level | is / is not | Risk Level is HIGH or CRITICAL |
| Session Outcome | is / is not | Outcome is DENIED |
| Guardrail Action | is | Guardrail Action is blocked |
| Decision Confidence | less than / greater than | Confidence < 0.6 |
| Intent | contains / equals | Intent contains fraud |
| Governance Score | less than | Score < 70 |
| Model | equals | Model is gpt-4o |
Example: Alert on any blocked guardrail
WHEN: Guardrail Action = "blocked"
NOTIFY: team@yourcompany.com
SCOPE: All ApplicationsExample: Alert on low-confidence production decisions
WHEN: Decision Confidence < 0.65
AND Risk Level = "HIGH"
NOTIFY: compliance-team@yourcompany.com
+ Webhook: https://hooks.yourcompany.com/veriproof-alerts
SCOPE: Application = "loan-underwriting"Notification actions
| Action type | Configuration |
|---|---|
| One or more email addresses; customizable subject prefix | |
| Webhook | HTTPS POST to a URL you control; signed with HMAC-SHA256 |
| Portal notification | Bell icon notification for portal users in your account |
| Slack (via webhook) | Configure a Slack incoming webhook URL |
Webhook payload format
{
"rule_id": "rule_abc123",
"rule_name": "High risk loan decisions",
"triggered_at": "2026-03-15T14:22:33Z",
"session": {
"session_id": "loan_0042",
"application_id": "loan-underwriting",
"risk_level": "HIGH",
"outcome": "APPROVED",
"decision_confidence": 0.61,
"anchored": true
}
}Webhook requests include an X-VeriProof-Signature header containing the HMAC-SHA256 signature of the payload body, signed with your webhook secret. Verify this signature in your webhook receiver to authenticate the request.
Managing rules
Enable / disable a rule
Toggle the Active switch on any rule from the Alert Rules list. Disabled rules are not evaluated but are not deleted.
Rule history
Each matched event is logged on the Active Alerts tab in Alerts. The history shows which rule fired, which session triggered it, when the notification was sent, and whether the notification delivery succeeded.
Webhook delivery failures are retried up to 3 times with exponential backoff. Failed deliveries after all retries are logged as delivery_failed and visible in the history.
Default system alerts
VeriProof includes a set of read-only system alert rules that cannot be disabled:
| Alert | Trigger |
|---|---|
| API key revocation | Any API key in your account is revoked |
| Sustained SDK export failure | SDK has not exported spans in >60 minutes |
| Governance score degradation | Application-level governance score drops >20 points week-over-week |
System alerts are sent to all Admin-role portal users in your account.
FAQ
How quickly do alerts fire after a session is ingested?
Alert evaluation runs synchronously with ingest processing. Most alerts fire within 5–15 seconds of the session being submitted. Webhook delivery adds network round-trip on top of that.
Can I test an alert rule without sending real sessions?
Yes — use the sandbox environment. Sandbox API keys create sessions in the sandbox partition, and alert rules scoped to a specific application can be triggered by sandbox sessions. Alternatively, use the Test Rule button in the rule editor to fire the rule against an existing session.
Are alert rule evaluations included in my API rate limits?
No. Alert rule evaluation is an internal pipeline step and does not consume API quota.
Next steps
- Governance Scoring — understand the score that drives governance score alerts
- Compliance Monitoring — broader compliance coverage setup
- Webhooks Configuration — set up and manage webhook endpoints at the account level