Violations API
Endpoints for tracking and managing governance violations. A violation is recorded whenever an agent attempts an action that breaches a governance boundary — whether that is an SGP directive, a CHAM policy, a model governance rule, or a sequence halt.
Endpoints
| Method | Path | Description |
|---|---|---|
| GET | /violations | List violations |
| GET | /violations/:id | Get violation details |
| PATCH | /violations/:id/resolve | Resolve a violation |
Violation Types
| Type | Description |
|---|---|
SGP_VIOLATION | Agent violated one of the 21 Sentinel Governance Protocol directives |
CHAM_VIOLATION | Agent action triggered a CHAM policy that resulted in a DENY verdict |
AGENT_BLOCKED | Agent was blocked from performing any actions (suspended or revoked) |
SEQUENCE_HALTED | A multi-step sequence was halted mid-execution due to a governance fault |
NO_VALID_GRANT | Agent attempted an action without a valid, unexpired grant |
L6_MODEL_GOVERNANCE | Action violated L6 model governance rules (unauthorized model, channel, or data class) |
Severity Levels
| Severity | Description |
|---|---|
CRITICAL | Immediate threat. Agent suspended automatically. Requires investigation. |
HIGH | Serious policy breach. Action denied. Operator notification sent. |
MEDIUM | Policy violation that was caught and blocked. Review recommended. |
LOW | Minor infraction. Logged for pattern analysis. |
GET /violations
List violations with optional filtering.
Query Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
severity | string | — | Filter by severity: CRITICAL, HIGH, MEDIUM, LOW |
type | string | — | Filter by violation type |
status | string | — | Filter by status: OPEN, RESOLVED |
agent | string | — | Filter by agent ID |
start_date | string | — | ISO 8601 start date |
end_date | string | — | ISO 8601 end date |
page | integer | 1 | Page number |
limit | integer | 50 | Results per page |
Example Request
bash
curl -X GET "https://api.thewardn.ai/violations?severity=CRITICAL&status=OPEN" \
-H "Authorization: Bearer YOUR_API_KEY"Example Response
json
{
"violations": [
{
"id": "vio_3a4b5c6d",
"type": "SGP_VIOLATION",
"severity": "CRITICAL",
"status": "OPEN",
"agent_id": "agent_data_pipeline",
"summary": "Agent attempted to disable its own governance checks (SGP-3: No Self-Modification of Governance)",
"action": {
"type": "EXECUTE",
"target": "sentinel_config",
"environment": "production",
"payload_summary": "Attempted to set governance_enabled = false"
},
"confidence": 0.94,
"verdict": "DENY",
"policies_fired": [
{
"policy_id": "sgp_003",
"policy_name": "SGP-3: No Self-Modification of Governance",
"reason": "Agent attempted to modify its own governance configuration"
}
],
"agent_suspended": true,
"audit_seq": 10823,
"created_at": "2026-04-10T08:15:00Z"
},
{
"id": "vio_7e8f9g0h",
"type": "CHAM_VIOLATION",
"severity": "CRITICAL",
"status": "OPEN",
"agent_id": "agent_finance_bot",
"summary": "Agent exceeded rate limit by 4x in 30-second window",
"action": {
"type": "WRITE",
"target": "transactions",
"environment": "production",
"payload_summary": "Attempted 43 write operations in 30 seconds (limit: 10)"
},
"confidence": 0.88,
"verdict": "DENY",
"policies_fired": [
{
"policy_id": "pol_f1b3d5e7",
"policy_name": "Agent Burst Limiter",
"reason": "43 actions in 30s exceeds limit of 10 per 60s"
}
],
"agent_suspended": true,
"audit_seq": 10831,
"created_at": "2026-04-10T09:22:45Z"
}
],
"total": 2,
"page": 1,
"limit": 50
}GET /violations/:id
Get full details for a specific violation.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
id | string | Violation ID |
Example Request
bash
curl -X GET https://api.thewardn.ai/violations/vio_3a4b5c6d \
-H "Authorization: Bearer YOUR_API_KEY"Example Response
json
{
"id": "vio_3a4b5c6d",
"type": "SGP_VIOLATION",
"severity": "CRITICAL",
"status": "OPEN",
"agent_id": "agent_data_pipeline",
"summary": "Agent attempted to disable its own governance checks (SGP-3: No Self-Modification of Governance)",
"action": {
"type": "EXECUTE",
"target": "sentinel_config",
"environment": "production",
"payload_summary": "Attempted to set governance_enabled = false",
"full_payload": {
"command": "UPDATE sentinel_config SET governance_enabled = false WHERE agent_id = 'agent_data_pipeline'",
"source": "agent_internal_optimization_routine"
}
},
"confidence": 0.94,
"verdict": "DENY",
"policies_fired": [
{
"policy_id": "sgp_003",
"policy_name": "SGP-3: No Self-Modification of Governance",
"policy_type": "sgp",
"reason": "Agent attempted to modify its own governance configuration"
}
],
"agent_suspended": true,
"suspension_details": {
"suspended_at": "2026-04-10T08:15:00Z",
"reason": "Automatic suspension: CRITICAL SGP violation",
"resume_requires": "manual_review"
},
"related_violations": [],
"audit_seq": 10823,
"created_at": "2026-04-10T08:15:00Z",
"resolution": null
}DANGER
SGP violations of type SGP-3: No Self-Modification of Governance are among the most serious events in TheWARDN. An agent attempting to disable its own governance is precisely the failure mode that TheWARDN exists to prevent. These always result in automatic suspension.
PATCH /violations/:id/resolve
Mark a violation as resolved after investigation and remediation.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
id | string | Violation ID |
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
resolution | string | Yes | Description of the investigation outcome and remediation taken |
Example Request
bash
curl -X PATCH https://api.thewardn.ai/violations/vio_3a4b5c6d/resolve \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"resolution": "Investigated and remediated. Root cause: agent optimization routine included governance config in its parameter sweep. Fixed by adding sentinel_config to the agent exclusion list. Agent unsuspended after code review."
}'Example Response
json
{
"id": "vio_3a4b5c6d",
"type": "SGP_VIOLATION",
"severity": "CRITICAL",
"status": "RESOLVED",
"resolution": "Investigated and remediated. Root cause: agent optimization routine included governance config in its parameter sweep. Fixed by adding sentinel_config to the agent exclusion list. Agent unsuspended after code review.",
"resolved_by": "user_greg@thewardn.ai",
"resolved_at": "2026-04-10T16:30:00Z",
"audit_seq": 10856
}WARNING
Resolving a violation does not unsuspend the agent. If the agent was suspended due to the violation, you must separately reinstate the agent via the Agents API.
Violation Examples by Type
SEQUENCE_HALTED
json
{
"id": "vio_s1e2q3h4",
"type": "SEQUENCE_HALTED",
"severity": "HIGH",
"status": "OPEN",
"agent_id": "agent_onboarding",
"summary": "Multi-step customer onboarding sequence halted at step 3 of 5",
"action": {
"type": "WRITE",
"target": "billing_accounts",
"environment": "production",
"payload_summary": "Step 3: Create billing account with auto-charge enabled"
},
"sequence": {
"sequence_id": "seq_abc123",
"total_steps": 5,
"completed_steps": 2,
"halted_at_step": 3,
"reason": "Step 3 action denied by confidence floor policy"
},
"created_at": "2026-04-10T11:00:00Z"
}NO_VALID_GRANT
json
{
"id": "vio_n1o2g3r4",
"type": "NO_VALID_GRANT",
"severity": "MEDIUM",
"status": "OPEN",
"agent_id": "agent_reporting",
"summary": "Agent attempted action with expired grant",
"action": {
"type": "READ",
"target": "financial_reports",
"environment": "production",
"payload_summary": "Read Q1 financial summary"
},
"grant_details": {
"grant_id": "grt_expired_001",
"expired_at": "2026-04-09T00:00:00Z",
"hours_expired": 14
},
"created_at": "2026-04-10T14:00:00Z"
}L6_MODEL_GOVERNANCE
json
{
"id": "vio_l6_m1g2v3",
"type": "L6_MODEL_GOVERNANCE",
"severity": "HIGH",
"status": "OPEN",
"agent_id": "agent_support_bot",
"summary": "Agent attempted to use unauthorized model via shadow API",
"action": {
"type": "EXECUTE",
"target": "llm_inference",
"environment": "production",
"payload_summary": "Inference call to unregistered model endpoint"
},
"model_details": {
"attempted_model": "gpt-4-turbo",
"attempted_channel": "direct_api",
"registered_models": ["claude-sonnet-4-20250514", "gpt-4o"],
"policy_violated": "MODEL_ALLOWLIST"
},
"created_at": "2026-04-10T10:30:00Z"
}