Operations
Service Level Objectives
Availability, latency, throughput, and security SLOs for OGuardAI deployments
| Metric | Target | Measurement |
|---|
| API availability | 99.9% uptime | Health endpoint returns 200 |
| Transform endpoint | 99.9% success rate | Non-5xx responses / total requests |
| Rehydrate endpoint | 99.95% success rate | Higher -- critical path |
| Endpoint | p50 | p95 | p99 | Max |
|---|
| POST /v1/transform | Under 1ms | Under 3ms | Under 5ms | Under 50ms |
| POST /v1/rehydrate | Under 0.1ms | Under 0.5ms | Under 1ms | Under 10ms |
| POST /v1/detect | Under 1ms | Under 3ms | Under 5ms | Under 50ms |
| GET /v1/health | Under 1ms | Under 1ms | Under 2ms | Under 5ms |
| Endpoint | p50 | p95 | p99 | Max |
|---|
| POST /v1/transform | Under 200ms | Under 500ms | Under 1s | Under 5s (NER timeout) |
| POST /v1/rehydrate | Under 0.1ms | Under 0.5ms | Under 1ms | Under 10ms |
| POST /v1/detect | Under 200ms | Under 500ms | Under 1s | Under 5s |
| Mode | Single Instance | Horizontal Scaling |
|---|
| Builtin-only | >1,000 req/s | Linear with instances |
| Builtin + NER | 20-50 req/s | Limited by NER sidecar |
| Limit | Default | Configurable |
|---|
| Max request body | 50 MB | file_upload.max_size_bytes |
| Max batch items | 100 | Hardcoded |
| Max session TTL | 3600s (1 hour) | session.ttl_seconds |
| Max concurrent streams | Unlimited | OS/runtime limits |
| SSE heartbeat interval | 15s | Server-side |
| Error Type | Budget (per 1000 requests) |
|---|
| 5xx errors | Under 1 (0.1%) |
| Detection false negatives | Under 50 (5%) for regex, under 100 (10%) for NER |
| Detection false positives | Under 30 (3%) for regex, under 150 (15%) for NER |
| Token repair failures | Under 10 (1%) |
| Session expiry (expected) | N/A -- by design |
When NER sidecar is unavailable (mode=both):
| Metric | Guarantee |
|---|
| Availability | 100% (graceful fallback to builtin) |
| Latency impact | +5s per request (NER timeout) then normal |
| Entity coverage | 15/18 types (person/company/location unavailable) |
| Data safety | Unaffected -- PII protection maintained |
| Property | Guarantee |
|---|
| Encryption | AES-256-GCM (AEAD) |
| Key strength | 256-bit minimum |
| Nonce uniqueness | Random 12-byte per seal (cryptographically random) |
| Tamper detection | Authentication tag verified on every unseal |
| Replay protection | Request counter + TTL |
| Cross-tenant isolation | Tenant ID validated during unseal |
| Property | Guarantee |
|---|
| Revocation latency | Immediate (in-memory + file/Redis) |
| Revocation persistence | Survives server restart (file or Redis) |
| Revocation consistency | Eventual (file) or strong (Redis) |
| Future restore suppression | 100% -- revoked values always return [DELETED] |
Required monitoring for SLO compliance:
# Prometheus alerts (see deploy/prometheus/alerting-rules.yml)
- guardai_transforms_total # request rate
- guardai_errors_total # error rate
- guardai_transform_duration_seconds # latency
- guardai_rate_limit_rejections_total # capacity
- guardai_prompt_security_triggers_total # security