Generalize workflow examines the patterns in your decision feed
and suggests purposes that would cover them. Use this when you’ve been
running in Phase 1 (observe) for 2+ weeks and want to graduate to Phase 2
(test) without writing rules by hand.
When to generalize
- You have 500+ tool calls in the decision feed
- You can identify 3–5 distinct workflows by reading the feed (e.g., “support lookups,” “fraud investigations,” “pipeline reviews”)
- You want to move to identity-aware shadow-mode enforcement
The flow
- App dashboard → Decision feed
- Filter to the cluster of similar calls — by user, by tool name, by columns touched
- Click Generalize on any single representative call
- The Generalize modal shows:
- Suggested purpose name (LLM-generated from the patterns)
- Suggested elements (the union of columns this cluster touched)
- Suggested TTL (P95 of the cluster’s request durations)
- Edit any field, then click Create as shadow rule
Auto-promote
By default, shadow rules created via Generalize get anauto_promote_at
timestamp 14 days in the future. If they pass the shadow-period checks
(no false-positive denials, no missing-element errors), they auto-promote
to live enforcement on that date.
You can override by clicking Edit on the rule → Promotion → set
to manual.
Read next
- Define your first purpose — the manual creation path
- The lifecycle — Observe → Generalize → Test → Approve → Manage