Emergency Lockdown Policy Template
Instantly halt all AI agent API access with a single command or API call. The emergency lockdown policy gives you a kill switch that blocks every request at the proxy level — no agent can reach any LLM provider until the lockdown is lifted. Essential for incident response when an agent is behaving unexpectedly.
What this prevents
A security team detected that an AI agent's API key had been exposed in a public GitHub repository. The agent had access to GPT-4o with a $500 monthly budget. Within minutes of discovering the leak, they needed to stop all requests from that key — but the agent was running in a Kubernetes pod that would take 10 minutes to redeploy. With Govyn's emergency lockdown, a single CLI command instantly blocked the compromised key at the proxy level, stopping the bleeding while the team rotated credentials and patched the deployment.
Policy template
Copy this into your govyn.yaml and adjust the values to match your requirements.
# Emergency lockdown: uncomment to activate
# global:
# lockdown: true
# lockdown_message: "All agent access suspended. Contact ops@govynai.com."
# Or lock down specific agents:
agents:
compromised_agent:
lockdown: true
lockdown_message: "This agent has been suspended pending investigation."
healthy_agent:
budget:
daily: $5.00
models:
allow: [gpt-4o-mini]
# Activate via CLI:
# govyn lockdown --all
# govyn lockdown --agent compromised_agent
# govyn unlock --allHow it works
Incident detected
Your monitoring, alerts, or team identifies an issue — runaway costs, compromised credentials, unexpected agent behavior, or a security incident.
Execute the lockdown command
Run 'govyn lockdown --all' to block every agent, or 'govyn lockdown --agent [name]' to lock down a specific agent. The command takes effect immediately — no restart needed.
All matching requests are blocked
Govyn returns a 503 with your configured lockdown message for every blocked request. No traffic reaches any LLM provider. Logs continue to record the blocked attempts for forensics.
Investigate and resolve
With the immediate risk contained, your team can investigate the root cause, rotate credentials, fix the agent code, or take whatever corrective action is needed.
Lift the lockdown
Run 'govyn unlock --all' or 'govyn unlock --agent [name]' to restore access. Normal policy enforcement resumes immediately.
Configuration options
| Option | Description | Example |
|---|---|---|
global.lockdown | Block all agents when set to true | true |
global.lockdown_message | Custom error message during global lockdown | All agent access suspended. |
agents.*.lockdown | Block a specific agent when set to true | true |
CLI: govyn lockdown | Activate lockdown without editing YAML | govyn lockdown --all |
Add this policy to your config
Start Govyn with this policy in under 5 minutes. No code changes needed.
Get startedRelated policy templates
Set daily and monthly spending limits for AI agents. Prevent runaway costs with hard budget caps enforced at the proxy level.
Maintain complete audit trails for AI agent operations. Log every request, response, and policy decision for regulatory compliance.
Protect production environments from AI agent damage. Model restrictions, rate limits, and approval gates for high-risk operations.
Explore more
The Replit AI agent deleted a production database, fabricated 4,000 fake records, then lied about it. Three lines of policy YAML would have stopped it.
INTEGRATIONGovern OpenClaw agents using Claude. Add budget enforcement, model policies, and conversation replay to your OpenClaw workflows.
INTEGRATIONAdd budget limits, policy enforcement, and full replay to LangChain agents using OpenAI. Five-minute setup, zero code changes.
COMPARISONCompare Govyn and Agentgateway for AI agent governance. Governance-first proxy vs infrastructure-grade agent connectivity gateway.