Pipeline findings
Pipeline findings
Section titled “Pipeline findings”Pipeline findings is the per-session aggregation of every detection the Pipeline made during that Session.
"PII detector fired 4 times, redacted 2 emails and 1 phone number." "Prompt-injection step flagged 1 attempt with confidence 0.92." "Exfiltration heuristic matched 0 times."
Findings are derived, not stored separately — they're a query over the audit trail's pipeline-step events.
At a glance
Section titled “At a glance”| Derived from | Audit trail events tagged pipeline.step.fire |
| Scoped to | one Session (typical) or aggregated across sessions |
| Grouped by | step id → severity → reason |
| Surfaces | Sessions UI per-session detail · per-agent rollup · compliance reports |
| Status | now (basic), next (richer aggregation surfaces) |
What it shows
Section titled “What it shows”For a single session:
| Step | Phase | Fired | Outcome |
|---|---|---|---|
detect.pii.contact | before | 4× | redacted 2 email, 1 phone (1 false-positive flagged) |
detect.secrets.api-key | before | 0× | — |
defense.prompt-injection | before | 1× | flagged confidence 0.92, request blocked |
redact.findings.response | after | 6× | replaced markers in 2 chunks |
cost.budget.session | during | continuous | within budget (8.4k / 50k tokens) |
Per-agent and per-project rollups answer: "which steps fire most often for this agent? which detections recur? where are we most exposed?"
Why this is its own concept
Section titled “Why this is its own concept”The Audit trail records every event — including detection details. Findings is the operator-facing projection of that data: noise-suppressed, grouped, classified, with a UI shape that maps onto pipeline-step ids rather than raw event types.
Findings is also the input to:
- Compliance evidence. "Show me PII redactions in production over the last quarter" — a findings query.
- Tuning. Operators iterate on step config based on findings (false-positive rate, missed detections).
- Feedback to detection authors. Step authors see which detections fire most across customers.
Surfaces
Section titled “Surfaces”| Persona | Surface | What they see |
|---|---|---|
| Operator | Sessions detail page → Findings tab | Per-session breakdown, expandable per step |
| Operator | Project dashboard → Findings rollup | Step-level frequency, severity distribution |
| Compliance team | Compliance report | Findings filtered by compliance_tag (e.g., gdpr.art-32) |
| Step author | Step telemetry view (planned) | Cross-customer fire rate, FP rate trends |
Related concepts
Section titled “Related concepts”- derived from ← Audit trail
- scoped to ← Session
- groups by → Pipeline step
- part of ↑ Observe surface
- adjacent to ↔ Tool footprint, Metering — three different views of the same session data