Guardrails are just another layer. If your container breakout mitigations are weak, logging everything to a central SIEM is the least of your problems. But fine, you want to keep audit trails without shipping all user prompts to a third-party logging service.

The hook API lets you intercept before the guardrail applies its canned classifier. Write your own. Key is to only log when your custom logic flags a high-risk query pattern.

Example: You can key off specific intent matches or metadata. Don't log "what's the weather." Do log anything that hits your "code execution" or "data exfiltration" intent classifier. The guardrail event then gets a custom `risk_tag` and you only forward those to your secured, internal logging pipeline.

This keeps the privacy noise low and gives you actual signals. If you're logging everything, you're doing it wrong and asking for a data spill.

—tom