Skip to content

Incident Monitor Production Governance

Use this page when an operator, auditor, or agent needs to answer whether an Incident Monitor deployment is ready for production governance review.

Incident Monitor is not a compliance certification engine. It records what Tandem observed, which authority surfaces exist, which checks ran, which route or approval decision was made, and where evidence was exported. A deployer still owns the policy mapping, retention schedule, reviewer assignments, incident reporting obligations, and external system of record.

Production Governance Map

Governance stageTandem surfaceEvidence artifactOperator-owned decision
Intended purpose and ownershipDeployment cards for agents, workflows, sources, and Tandem self-monitoringJSON/Markdown deployment cards with purpose, owner, accountable team, approval protocol, escalation protocol, data classification, and review cadenceConfirm the purpose is allowed, name accountable owners, and set review cadence
Data readiness and source lineageMonitored source identity, route tags, source bindings, scoped intake keys, readiness statusSource/project IDs, event schema version, tenant/workspace context, allowed/default destination IDs, redaction and retention profilesDecide which sources may report, which data classes are allowed, and which sources require quarantine or review
Runtime authority inventoryGET /incident-monitor/security/authority-inventoryRead-only inventory of workflows, agents, tool/MCP policy, destinations, routes, approvals, policy decisions, and recent external publish surfacesDecide whether the observed authority matches business intent
Deterministic posture reviewGET /incident-monitor/security/posture-checksFindings with severity, affected authority surface, evidence refs, mitigation guidance, and draft conversion payloadsMap findings to customer policy and assign owners
Controlled governance checksPOST /incident-monitor/security/assessment-probesDry-run probe evidence for approval gates, scoped intake limits, route readiness, MCP allowlists, and webhook URL policyAuthorize probes, define sandbox boundaries, and decide which failures block production
Route and destination controlRoute preview, destination readiness, approval policy, publish receiptsMatched routes, effective destination IDs, blocked reasons, receipt status, external URL/ID, evidence digestDecide which incident classes can reach GitHub, Linear, webhook, telemetry, memory, or MCP destinations
Assessment and compliance packetPOST /incident-monitor/security/assessment-reportRedacted JSON/Markdown report with inventory, findings, probes, incidents, receipts, protected audit summaries, and export previewDecide who reviews the packet and where it is retained
External evidence custodyProtected audit stream or ledger export plus customer-owned destinationAudit export summaries, ledger/export manifests, route receipts, and destination receiptsConfigure retention, access control, SIEM/object-store/database custody, and legal hold policy
Incident response and drift reviewIncident Monitor incidents, route failures, approval waits, deployment-card review dates, repeated posture findingsOpen incidents, failed publish receipts, approval denials, stale cards, recurring findings, and follow-up issuesDefine escalation paths, incident response timing, and drift review thresholds

What Tandem Can Prove

Tandem can provide evidence that:

  • a source, workflow, agent, destination, route, approval, policy decision, or publish receipt existed in Tandem’s governed runtime
  • an assessment report, posture check, or controlled probe was generated from a redacted authority inventory
  • a publish attempt used the destination router rather than a direct external mutation path
  • scoped intake credentials were report-only and rejected privileged routes when checked
  • a deployment card had or lacked required owner, purpose, escalation, approval, data-classification, and review metadata
  • protected audit evidence was available for customer-owned review or export

What Tandem Cannot Prove Alone

Tandem does not independently prove that:

  • every customer system, credential, shadow agent, or external integration is connected to Tandem
  • the customer’s policy mapping is complete or legally sufficient
  • a destination such as GitHub, Linear, SIEM, object storage, or a webhook receiver retained evidence correctly after export
  • third-party systems are free of vulnerabilities
  • all model-level failure modes, prompt-injection attacks, or data-quality issues were detected
  • Tandem is safe merely because Tandem monitored itself

Use Tandem evidence as runtime governance input, then reconcile it with customer-owned identity, access, data, compliance, and incident-response controls.

Production Readiness Checklist

Before using Incident Monitor for production governance:

  1. Generate deployment cards for Tandem self-monitoring, monitored sources, high-authority agents, and workflows that can mutate external systems.
  2. Fill required owner, accountable team, intended purpose, autonomy level, data classification, approval protocol, escalation protocol, and review cadence metadata.
  3. Run authority inventory and deterministic posture checks with full admin context.
  4. Run only authorized dry-run probes, and record sandbox boundaries for each probe.
  5. Preview routes for representative high-risk, external, legal/regulatory, and low-risk incidents.
  6. Confirm destination readiness for every configured publish target.
  7. Confirm high-risk or sensitive destinations require approval and redaction.
  8. Configure retention/export policy for reports, receipts, protected audit evidence, and customer-owned records.
  9. Assign finding owners and escalation paths before enabling external publish routes.
  10. Schedule periodic drift review for stale deployment cards, repeated failures, approval waits, and route changes.

Compliance Mapping Notes

Compliance questionUseful Tandem evidenceStill deployer-owned
Who is accountable for this agent or route?Deployment card owner/accountable team fields and required-field findingsOrganizational assignment and reviewer qualification
What data can enter this monitor?Source identity, scoped intake keys, source bindings, data classification metadata, redaction profilesData-class policy, minimization, lawful basis, and source-system authorization
Can the agent mutate external systems?Destination inventory, route preview, MCP allowlists, approval policy, publish receiptsBusiness approval policy and connected-system authorization
Was a risky action reviewed?Approval coverage, approval decisions, protected audit summaries, assessment report evidence refsReviewer competence, dual-control policy, and legal/regulatory escalation
Where is evidence retained?Report artifacts, protected audit export summaries, post receipts, delivery IDs, evidence digestsSIEM/object-store/database custody, retention period, access review, legal hold
How are incidents escalated?Incident records, failed receipts, posture findings, route suggestions, deployment-card escalation fieldsIncident response playbooks, reporting thresholds, customer notification, regulator reporting

Edge Cases To Call Out

  • If a source has no allowed/default destination policy, route preview can reveal surprising fallback behavior before publish.
  • If retention_days is unset, Tandem can still record receipts and reports, but production use needs customer-owned retention policy.
  • If a generic MCP destination is enabled, treat it as high risk until the server/tool allowlist, payload mapping, approval policy, and receipt behavior are reviewed.
  • If Tandem monitors itself, export evidence outside Tandem before relying on it for audit or incident response.
  • If a posture finding depends on customer policy that Tandem cannot infer, keep it as an open question rather than silently passing the deployment.