Break-Glass

Break-glass is an emergency procedure that temporarily bypasses the shield. Use it only when the LiteLLM proxy is down and your agents need to keep working.

When to Use

• LiteLLM crashed and the watchdog cannot restart it
• A critical business process depends on agent availability
• You are in a client demo and cannot afford downtime

Activation Flow

What Happens When Active

• A red warning banner appears at the top of every panel with a countdown timer
• A CRITICAL alert is generated
• All LLM traffic bypasses the shield entirely
• Traffic is still logged with verdict “BYPASSED”
• The audit trail records the activation with your reason

Deactivation

Break-glass ends in one of two ways:

1. Timer expires — automatically reverts to normal operation
2. Click “Deactivate Now” on the banner — manually ends it early

After deactivation, there is a 15-minute cool-down before you can activate again. This prevents rapid on/off toggling.

Post-Break-Glass Review

After break-glass ends:

1. Note the unscanned traffic count from the deactivation alert
2. Wait for the Session Watcher to process sessions from the bypass window
3. Filter Traffic Monitor by SOURCE = session-watcher for the bypass time range
4. Review any BLOCK or REVIEW verdicts found retroactively
5. Document the incident in your security log

Security Controls