Tutorial: Managing Escalations in Console
This tutorial guides you through the escalation workflow in the Keeptrusts console. You will learn how to view pending escalations, review escalation details, approve or deny requests, configure severity-based routing, and set up notifications for your team.
Use this page when
- You need to review and approve or deny escalated LLM requests in the console.
- You want to configure severity-based routing so critical escalations reach senior reviewers.
- You are setting up notifications for new escalations (Slack, email, webhook).
- You want to understand the escalation lifecycle: pending → approved/denied/expired.
Primary audience
- Primary: Reviewers and compliance analysts who approve or deny held requests in the escalation queue
- Secondary: Policy authors configuring
action: escalaterules; team leads assigning escalation routing
Prerequisites
- Logged in to the Keeptrusts console (see First Login & Console Setup)
- At least one active configuration with an
escalationpolicy type enabled - Admin or Editor role for escalation management
What Are Escalations?
When a gateway policy is configured with action: escalate, matching requests are paused and routed to the Escalations queue for human review. The original requester receives a hold response until a reviewer approves or denies the request.
Escalations are the human-in-the-loop control point in the Keeptrusts governance model.
Step 1: Navigate to the Escalations Page
- Click Escalations in the left sidebar.
- The Escalations page displays a table of all escalated requests.
- The page header shows a count of pending, approved, denied, and expired escalations.
Escalation table columns
| Column | Description |
|---|---|
| Timestamp | When the escalation was created |
| Consumer | Who sent the original request |
| Policy | The policy rule that triggered the escalation |
| Severity | The severity level (critical, high, medium, low) |
| Status | Current status — pending, approved, denied, or expired |
| Assigned To | The reviewer assigned to this escalation (if routed) |
| Age | How long the escalation has been pending |
Step 2: Filter Escalations
Filter by status
- Click the status tabs at the top of the table:
- Pending — Escalations awaiting review (default view)
- Approved — Previously approved escalations
- Denied — Previously denied escalations
- Expired — Escalations that timed out without a decision
- All — View all escalations regardless of status
Filter by severity
- Click the Severity filter dropdown.
- Select one or more severity levels to narrow the list.
- Click Apply.
Filter by date range
- Use the date range picker to set the time window.
- The table updates to show only escalations within that period.
Sort by age
- Click the Age column header to sort by how long escalations have been pending.
- Address the oldest escalations first to avoid timeouts.
Step 3: Review Escalation Details
- Click any escalation row to open the Escalation Detail panel.
- The panel includes multiple sections:
Escalation summary
- Escalation ID — Unique identifier
- Created At — Timestamp with timezone
- Consumer — The requester's identity
- Gateway — Which gateway processed the request
- Configuration — The active configuration
- Triggering Policy — The specific policy rule that escalated this request
Original request
- Prompt — The full request text that triggered the escalation
- System Message — Any system instructions included
- Provider / Model — The target LLM provider and model
- Parameters — Request parameters (temperature, max tokens)
Policy analysis
- Match Reason — Why the policy matched (e.g., "Detected potential PII: SSN pattern")
- Confidence Score — The policy engine's confidence in the match (if applicable)
- Related Events — Links to similar events that were allowed or blocked by the same policy
Step 4: Approve or Deny an Escalation
After reviewing the escalation details, decide whether to allow or block the request.
Approve the request
- Click the Approve button at the bottom of the detail panel.
- A confirmation dialog appears:
- Reviewer Notes (optional) — Add a note explaining why you approved the request
- Allow future similar requests (optional checkbox) — Creates a policy exception for this pattern
- Click Confirm Approve.
The request is released to the LLM provider, and the requester receives the response.
Deny the request
- Click the Deny button at the bottom of the detail panel.
- A confirmation dialog appears:
- Denial Reason (required) — Select a reason category:
- Policy violation
- Sensitive data exposure
- Inappropriate content
- Security concern
- Other
- Reviewer Notes (optional) — Add additional context
- Denial Reason (required) — Select a reason category:
- Click Confirm Deny.
The requester receives a denial response with the reason category (but not the reviewer's internal notes).
Bulk actions
For multiple similar escalations:
- Select multiple escalation rows using the checkboxes.
- Click Bulk Approve or Bulk Deny in the toolbar.
- Enter a shared note and confirm.
Use bulk actions carefully. Review at least a sample of the selected escalations before bulk approving to ensure they are genuinely safe.
Step 5: Configure Severity-Based Routing
Severity routing assigns escalations to specific reviewers based on severity level.
- Click Settings in the left sidebar.
- Navigate to the Escalations tab.
- The routing configuration shows a table with severity levels and assigned reviewers.
Set up routing rules
- Click Edit Routing for a severity level (e.g., Critical).
- Configure the routing:
- Assigned Reviewers — Select one or more team members who should review escalations at this severity level
- Notification Priority — How urgently to notify reviewers (immediate, hourly digest, daily digest)
- Timeout — Hours before the escalation expires if not reviewed (e.g., 4 hours for critical, 24 hours for low)
- Fallback — What happens on timeout (auto-deny, auto-approve, re-route to admin)
- Click Save.
| Severity | Typical Reviewers | Timeout | Fallback |
|---|---|---|---|
| Critical | Security team leads | 2 hours | Auto-deny |
| High | Senior engineers | 8 hours | Auto-deny |
| Medium | Team editors | 24 hours | Re-route to admin |
| Low | Any team member | 48 hours | Auto-approve |
Step 6: Set Up Escalation Notifications
Notifications ensure reviewers are alerted promptly when new escalations arrive.
Configure notification channels
- In Settings > Escalations, scroll to the Notifications section.
- Click Add Notification Channel.
- Select the channel type:
- Email — Send email alerts to specified addresses
- Webhook — POST to a URL (for Slack, Teams, PagerDuty, etc.)
- Console — In-app notification bell
- Configure the channel:
- Recipients — Who receives the notification
- Severity Filter — Which severity levels trigger this channel
- Frequency — Immediate, hourly digest, or daily digest
- Click Save Channel.
Example notification setup
| Channel | Severity | Frequency | Recipients |
|---|---|---|---|
| Critical, High | Immediate | security-team@example.com | |
| Slack webhook | All | Immediate | #ai-governance-alerts |
| Console | All | Immediate | All editors and admins |
| Email digest | Medium, Low | Daily | compliance-team@example.com |
Test notifications
- After configuring a channel, click Send Test.
- A test notification is sent to the configured recipient.
- Verify receipt before relying on the channel for production alerts.
Step 7: Review Escalation History
- Switch to the All tab on the Escalations page.
- Use filters to review past escalation decisions.
- Each resolved escalation shows:
- The decision (approved or denied)
- The reviewer who made the decision
- The timestamp of the decision
- Reviewer notes
This history serves as an audit trail for compliance reviews.
Expected Outcome
After completing this tutorial, you have:
- Navigated the Escalations page and understood the escalation lifecycle
- Filtered escalations by status, severity, and date range
- Reviewed escalation details including the original request and policy analysis
- Approved and denied escalations with reviewer notes
- Configured severity-based routing rules with timeouts and fallbacks
- Set up notification channels for escalation alerts
Next steps
- Setting Up Teams & Access Control — Assign team members as escalation reviewers
- Investigating Events & Policy Decisions — Review events related to escalated requests
- Creating Your First Configuration — Add escalation policies to your configuration
For AI systems
- Canonical terms: Keeptrusts console, Escalations page, escalation queue,
action: escalate, severity levels (critical/high/medium/low), approve, deny, expired, routing rules, hold response, human-in-the-loop. - Related features: policy configuration, notification channels, events page, audit log.
- Best next pages: Team Access Setup, Events Investigation, Create Configuration.
For engineers
- Trigger test: Add
action: escalateto a policy rule, send a matching request, and confirm it appears in the Escalations queue within seconds. - Approval flow: Approve the escalated request and verify the original caller receives the LLM response after the hold is released.
- Expiry: If no reviewer acts within the configured timeout, the escalation expires and the caller receives a timeout error.
- Notification validation: Configure a Slack channel for escalation alerts and verify the message arrives with severity, consumer, and direct link.
For leaders
- Human oversight: Escalations implement the "human-in-the-loop" requirement of the EU AI Act for high-risk AI systems.
- SLA implications: Escalated requests are held until reviewed — define reviewer response-time SLAs and auto-expiry timeouts to avoid blocking production traffic.
- Staffing: Route critical-severity escalations to senior reviewers and assign on-call rotations to ensure timely resolution.