Dashboard Guide
The Rune dashboard provides real-time monitoring, alerting, and management for your AI agents.
Overview
The Overview page shows a high-level summary of your security posture:
- Total Events — Number of security events processed
- Block Rate — Percentage of events that were blocked
- Active Agents — Number of agents currently reporting
- Open Alerts — Unresolved security alerts requiring attention
- Event Trend — 7-day chart of event volume and blocks
- Top Threats — Most common threat types detected
Agents
View and manage all registered agents. Each agent card shows:
- Status — Active, inactive, or quarantined
- Framework — LangChain, OpenAI, Anthropic, CrewAI, or MCP
- Risk Score — Rolling average risk (0-1) based on recent events
- Event Count — Total events processed by this agent
- Block Count — Number of blocked actions
- Last Seen — When the agent last reported an event
Click an agent to see its detailed event history, tool usage breakdown, and baseline profile. Agents can be quarantined (blocked from all actions) from the detail view.
Events
The Events page shows a real-time feed of all security events from your agents. Events include tool calls, scan results, policy evaluations, and blocks.
Filter events by agent, severity, time range, and event type. Events are stored in ClickHouse with retention based on your plan (30 days free, up to 365 on Growth).
Alerts
Alerts are created when security-critical events occur:
- Prompt injection detected — L1/L2/L3 scanner triggered
- Policy violation — Agent attempted a blocked action
- Anomaly detected — Unusual event patterns (rate spikes, new behavior)
- Data exfiltration attempt — PII or secrets in output
Alert statuses: Open, Investigating, Resolved, False Positive.
Marking an alert as False Positive creates an allowlist pattern that feeds back to the SDK. Future similar inputs will not trigger alerts.
Policies
Create and manage security policies from the dashboard:
- YAML Editor — Write policies with syntax highlighting
- Test Panel — Test inputs against a policy before activating
- Active Toggle — Enable or disable policies without deleting
- Versioning — Each edit increments the version number
Policies sync to all connected SDKs within 60 seconds of activation. See the Policies reference for YAML format details.
Settings
The Settings page manages:
- Organization — Name and plan details
- API Keys — Create, revoke, and manage keys with scoped permissions
- Notification Channels — Email, Slack, and webhook alerting
- Team Members — Roles: Admin, Editor, Viewer (via Clerk organizations)
- Danger Zone — Organization deletion
Notification Channels
Configure where alerts are delivered:
- Email — Sends to one or more email addresses via Resend
- Slack — Posts to a Slack channel via incoming webhook URL
- Webhook — HTTP POST to any URL with optional HMAC signing
Each channel has a severity filter — choose which alert levels (critical, high, medium, low) trigger notifications.
Billing
The Billing page shows your current plan, usage meters, and upgrade options. Plans are billed monthly through Stripe:
| Plan | Price | Events/mo | Agents |
|---|---|---|---|
| Community | Free | 10,000 | 5 |
| Starter | $49/mo | 50,000 | 25 |
| Pro | $149/mo | 250,000 | 100 |
| Growth | $499/mo | 1,000,000 | 500 |
Roles & Permissions
Team members have one of three roles:
| Role | Can View | Can Edit | Can Admin |
|---|---|---|---|
| Admin | Everything | Everything | API keys, billing, team, settings |
| Editor | Everything | Policies, alerts, notifications | - |
| Viewer | Everything | - | - |