Alerts & Email Notifications
Alert rules watch your organization’s audit activity and notify you when something looks wrong — a spike in denials, a high tool-call failure rate, or a service going unhealthy. Alerts appear in the dashboard and, when enabled, are emailed to your team.
Default rules
Every new organization starts with three rules already active, so monitoring works out of the box:
| Rule | Fires when |
|---|---|
| High Failure Rate | Tool-call failure rate exceeds 10% over 5 minutes |
| Denial Spike | More than 5 authorization denials in 5 minutes |
| Service Down | A core service fails its health check |
You can edit, disable, or delete these, and add your own.
Condition types
When you create a rule (Dashboard → Alerts → Create Rule), you choose a condition and a threshold. The threshold’s unit depends on the condition:
- Failure rate — a ratio between 0 and 1 (e.g.
0.10= 10%). - Denial spike — a count of denials in the window (e.g.
5). - Service down — use
1.
Advanced conditions are also available: elevation frequency, scope-violation spike, session denial ratio, and federated-agent anomaly.
Getting email notifications
Turn on Send email notification when creating or editing a rule. When the rule fires, AgentTrust ID emails the alert to your organization’s active admin users. There is no separate recipient list: to change who is notified, add or deactivate admins on your organization (Settings → Users).
Emails are sent per alert, de-duplicated to at most one per rule per hour, with a
subject like [AgentTrust ID CRITICAL] <title> and a severity-colored body.
To verify delivery without waiting for a real condition, use the Test (▶)
button on any rule — it sends a one-off [TEST] alert through the same path.
Severities
Alerts are info, warning, or critical. Critical alerts (for example a
service-down) are highlighted in the dashboard and should be acknowledged once
addressed.
Self-hosting
On the hosted product, email delivery is already configured — you only manage
rules and your admin users. If you self-host, the notification service needs SMTP
configured via environment variables (SMTP_HOST, SMTP_PORT, SMTP_USERNAME,
SMTP_PASSWORD, SMTP_FROM); until both SMTP_HOST and SMTP_USERNAME are set,
alerts are recorded in the dashboard but no email is sent.