Skip to main content

Event schema

Alerts and Use Cases evaluate rules over metadata events stored in the NeuralTrust metadata store. TrustGuard and TrustGate each emit one metadata record per request over OpenTelemetry (OTLP); a collector ingests them into separate TrustGate and TrustGuard event streams.
No raw prompt or response text is in the metadata stream. Identifiers, verdicts, counters, and finding labels only. Raw bodies live in a separate store keyed by trace_id for drill-down in the UI.

Architecture

StreamStorageUsed for
Metadata + findingsNeuralTrust metadata store (TrustGate and TrustGuard streams)Rules, alerts, logs list
Raw payloadClient-local Postgres (hybrid) or SaaS PostgresPrompt/response drill-down by trace_id
Correlation keys across streams: tenant_id, trace_id, session_id.

Entity and grouping

Entity is not a stored column. AlertEngine derives it from consumer_id — the v1 entity reference for “who” triggered the event.
Logical group keyStored asNotes
entity / consumerconsumer_idDefault alert subject
sessionsession_idSession-scoped bursts
appgateway_id (TrustGate) or collector_id (TrustGuard)Per-gateway or per-collector
routeurl_pathTrustGate HTTP path
There is no ip column. Rules that previously grouped by IP now use session or consumer. Predefined nt-uc-111 (Unidentified Consumer Surge) groups by session, not IP.

Common fields (both products)

Logical fieldStored asNotes
trace_idtrace_idCorrelation to raw payload
sessionsession_idSession grouping
consumer / entityconsumer_idEntity reference
consumer.nameconsumer_nameDisplay name
status.codehttp_statusHTTP status
status.outcomestatus_outcomeblock | transform | report | allow
is_flaggedis_flagged1 when any finding fires or outcome ≠ allow
securitysecurity (JSON array)Security tag labels
http_methodhttp_methodHTTP verb
modelrequest_modelLLM model
total_mslatency JSON .total_msEnd-to-end latency

TrustGate-only fields

Logical fieldStored as / JSONNotes
gateway_idgateway_idSource gateway
kindkindllm | mcp | a2a
providerproviderUpstream provider
routeurl_pathHTTP path alias
usage.*usage JSONToken counts
cost.*cost JSONCost in USD
latency.*latency JSONBreakdown (provider, gateway, policies, routing, …)
mcp.*mcp JSONMCP call metadata

TrustGuard-only fields

Logical fieldStored asNotes
collector_idcollector_idSource collector
collector_namecollector_nameDisplay name
directionrequest_directioninput | output — required for output-leak rules
protocolrequest_protocolllm | mcp | a2a
policy_id / policy_namepolicy_id / policy_nameEvaluating policy
latency.detectors_ms / latency.overhead_mslatency JSONDetector timing

Detection matching (TrustGuard)

Rules with a detection: block match over the raw detector_chain JSON array. AlertEngine normalizes each element at query time (not as a stored column).

Rule detection fields

FieldMeaning
detection.typeCanonical category: prompt_injection, secrets, pii, toxicity, behavioral_threat, multi_turn_escalation, code_injection, …
detection.actionblock, transform, allow, report
detection.confidence0–1 score (coalesced from nested signal.confidence)
detection.enforcedDerived: true when action is block or transform

Plugin → type mapping (nested chain)

When the flat detection_type field is empty, type is derived from source.plugin:
PluginCanonical detection.type
prompt_guard, tool_guardprompt_injection
data_loss_prevention + signal.type=secretsecrets
data_loss_prevention (else)pii
toxicitytoxicity
anomaly_detectorbehavioral_threat
multiturn_guardmulti_turn_escalation
code_sanitationcode_injection

Finding guard

Elements that only record detector execution (no detection_type, action, or signal.type) do not count as findings — so clean requests where detectors ran but did not fire are excluded from detection matches.

Advanced rule fields not in the custom builder

The engine supports additional predicates for advanced YAML rules. These are not yet in the UI field picker:
  • Latency sub-fields: latency.policies_ms, latency.routing_ms, …
  • Cost sub-fields: cost.prompt_usd, cost.completion_usd, cost.currency
  • MCP: mcp.operation, mcp.transport, mcp.upstream_status, mcp.rpc_error_code
  • Policy chain fields (TrustGate)

Upstream requirements

For rules to match reliably, products must emit:
RequirementProductWhy
consumer.id populatedBothEntity correlation and cross-product rules
detector_chain with plugin, signal, outcomeTrustGuardDetection normalization
request.directionTrustGuardOutput-leak rules (nt-uc-103/104/113)
url.pathTrustGateRoute-scoped operational rules (nt-uc-205/206)
is_flaggedTrustGuardFlagged-event rules

Use Cases

Custom rule builder and full UI field catalog.

TrustGate telemetry

How TrustGate emits per-request events.

TrustGuard overview

Guardrail detections that populate TrustGuard events.