Back to Home
Behavioral Telemetry

REAL-TIME MONITORING

Sub-100ms telemetry ingestion. ML-powered anomaly detection. Live dashboards. See every action, every decision, every deviation — as it happens.

<100msIngestion Latency
100K+Events/Second
MLAnomaly Detection
Live Platform

See it in action

custodex.vercel.app
REAL-TIME MONITORING — Custodex Dashboard
Telemetry

Every action. Every decision. Every millisecond.

Structured telemetry events capture action type, permission scope, policy decision, latency, metadata, and tracing context. OpenTelemetry-compatible schema with automatic PII redaction. High-volume ingestion at 100K+ events per second.

from custodex import Custodex

custodex = Custodex(api_key="cus_xxx")

# Log action with metadata
await custodex.log_telemetry(
    action="tool.execute",
    scope="database:write",
    decision="allowed",
    latency_ms=42.5,
    metadata={
        "tool_name": "query_customer_db",
        "records_affected": 150
    }
)
Anomaly Detection

Isolation Forest meets real-time scoring.

11 behavioral features extracted per event: temporal patterns (actions/minute, latency), behavioral signals (denial rate, error rate, scope entropy), and pattern analysis (time of day, burst detection, sequence anomaly). Isolation Forest with ensemble scoring produces a 0-1 anomaly score with confidence levels and human-readable contributing factors.

// Anomaly scoring response
{
  "score": 0.87,
  "isAnomaly": true,
  "confidence": 0.92,
  "contributingFactors": [
    "High activity rate (78.3 actions/min)",
    "Sudden burst of activity (85%)",
    "Unusual action sequence"
  ]
}
Live Streaming

Real-time dashboards. Not batch reports.

Convex subscriptions push live updates to dashboards. Server-Sent Events (SSE) and WebSocket support for custom integrations. Multi-agent view streams all activity or filters by agent. Color-coded by decision: green (allowed), red (denied), yellow (pending).

Alerting

Anomaly score spikes. You know instantly.

Configurable alert rules on telemetry patterns: anomaly score thresholds, error rate spikes, high action rates, unusual time patterns, and repeated denials. Multi-channel notifications via Slack, Email, and Webhook. Severity levels with escalation chains and alert grouping.

Full Capabilities

What's included in
real-time monitoring

01

Sub-100ms telemetry ingestion with PII redaction

02

ML-powered anomaly detection (Isolation Forest + ensemble)

03

11 behavioral features per event for scoring

04

Real-time streaming via Convex, SSE, and WebSocket

05

Multi-channel alerting: Slack, Email, Webhook

06

Multi-agent coordination and collusion detection

Get Started with Custodex