TL;DR
Guardrly evaluates 8 alert rules: rate limit, high-frequency writes, consecutive DELETEs, 403s, 429s, 5xx errors, large writes, and off-hours operations.
8 AI Agent Alert Rules for Risky API Calls
Guardrly evaluates 8 alert rules for every operation logged.
| Rule | Signal | Default response |
|---|---|---|
| Rate limit | 50+ requests in 5 minutes | Warning |
| High frequency write | 10+ writes without a read | Warning |
| Consecutive delete | 3+ DELETE operations | Critical |
| Platform forbidden | 3 consecutive 403s | Critical |
| Platform rate limited | 2 consecutive 429s | Critical |
| Server errors | 3 consecutive 5xx responses | Warning |
| Large write | POST/PUT/PATCH payload over 10KB | Info |
| Off-hours operation | DELETE or POST between 00:00 and 06:00 UTC | Info |
Rule Reference
1. Rate Limit (Level 2)
Triggers when more than 50 requests are made in a 5-minute window.
- Threshold: 50 requests / 5 minutes (configurable)
- Notification: Dashboard only
2. High Frequency Write (Level 2)
Triggers when 10 or more consecutive write operations (POST, PUT, DELETE, PATCH) are made without any GET request.
- Threshold: 10 consecutive writes (configurable)
- Notification: Dashboard only
3. Consecutive Delete (Level 3 — Fixed)
Triggers when 3 or more DELETE operations are made in a row.
- Threshold: 3 consecutive DELETEs (not configurable)
- Notification: Dashboard + Email (Starter and above)
4. Platform Forbidden (Level 3 — Fixed)
Triggers when 3 consecutive requests return 403 Forbidden.
- Threshold: 3 consecutive 403s (not configurable)
- Notification: Dashboard + Email (Starter and above)
5. Rate Limited by Platform (Level 3 — Fixed)
Triggers when 2 consecutive requests return 429 Too Many Requests.
- Threshold: 2 consecutive 429s (not configurable)
- Notification: Dashboard + Email (Starter and above)
6. Server Errors (Level 2)
Triggers when 3 consecutive requests return 5xx errors.
- Threshold: 3 consecutive 5xx (configurable)
- Notification: Dashboard only
7. Large Write (Level 1 — Dashboard Only)
Triggers when a POST/PUT/PATCH payload exceeds 10KB. No push notification.
8. Off-Hours Operation (Level 1 — Dashboard Only)
Triggers when DELETE or POST operations occur between 00:00 and 06:00 UTC. No push notification.
Alert Levels
| Level | Name | Channels |
|---|---|---|
| 1 | Info | Dashboard only |
| 2 | Warning | Email (Starter+ plans) |
| 3 | Critical | Email (Starter+ plans) |
Deduplication
The same alert rule will not fire more than once every 10 minutes for the same user. This prevents alert spam.
Storm Protection
If more than 100 alerts fire within 1 minute, Guardrly enters silent mode for 15 minutes and sends a single summary alert.
Configuring Alert Rules
Go to app.guardrly.com/settings to:
- Enable or disable Level 1–2 rules
- Adjust thresholds for configurable rules
- Level 3 rules are fixed and cannot be disabled
For examples of why these rules matter, read the AI agent guardrails guide, Shopify API monitoring, and Meta Ads API monitoring.
FAQ
What are the 8 AI agent alert rules?
The 8 rules are rate limit, high-frequency write, consecutive delete, platform forbidden, platform rate limited, server errors, large write, and off-hours operation.
Which alert rules are fixed?
Consecutive DELETEs, repeated 403 responses, and repeated 429 responses are fixed critical rules because they indicate immediate production risk.
Which rules are configurable?
Rate limit, high-frequency write, server error, large write, and off-hours rules can be tuned for your AI agent workflow.
When are emails sent?
Email notifications are sent for critical alerts on paid plans, including repeated DELETE operations, 403 responses, and 429 responses.