# HELP sovereign_router_provider_score Health score in [0,1]; degrades on failure.
# TYPE sovereign_router_provider_score gauge
# HELP sovereign_router_provider_successes_total Successful adapter calls.
# TYPE sovereign_router_provider_successes_total counter
# HELP sovereign_router_provider_failures_total Failed adapter calls.
# TYPE sovereign_router_provider_failures_total counter
# HELP sovereign_router_call_latency_p50_ms Provider call latency p50 (ms).
# TYPE sovereign_router_call_latency_p50_ms gauge
# HELP sovereign_router_call_latency_p95_ms Provider call latency p95 (ms).
# TYPE sovereign_router_call_latency_p95_ms gauge
# HELP sovereign_router_tenant_usd_spent Cumulative USD spent per tenant.
# TYPE sovereign_router_tenant_usd_spent counter
# HELP sovereign_router_tenant_usd_cap USD spend cap per tenant.
# TYPE sovereign_router_tenant_usd_cap gauge
# HELP sovereign_router_calls_total Inference calls grouped by policy and status.
# TYPE sovereign_router_calls_total counter
sovereign_router_calls_total{policy="permissive",provider="_none",status="rejected"} 7
# HELP sovereign_router_rekor_size Number of entries on the Merkle log.
# TYPE sovereign_router_rekor_size gauge
sovereign_router_rekor_size 26968
# HELP sf_auth_failures_total Auth rejections by kind and probed scope (monotonic; resets on restart).
# TYPE sf_auth_failures_total counter
# HELP sf_auth_audit_ring_size Current in-memory audit ring depth.
# TYPE sf_auth_audit_ring_size gauge
sf_auth_audit_ring_size 8
# HELP sf_auth_audit_ring_capacity Max in-memory audit ring depth.
# TYPE sf_auth_audit_ring_capacity gauge
sf_auth_audit_ring_capacity 200
# HELP sf_auth_audit_sink_bytes Size of on-disk JSONL audit sink (bytes).
# TYPE sf_auth_audit_sink_bytes gauge
sf_auth_audit_sink_bytes 1285
# HELP sf_anon_rate_capacity_per_min Anonymous request token-bucket capacity per minute.
# TYPE sf_anon_rate_capacity_per_min gauge
sf_anon_rate_capacity_per_min 30
# HELP sf_auth_ip_penalised Number of IPs currently tightened by adaptive anon-rate throttle.
# TYPE sf_auth_ip_penalised gauge
sf_auth_ip_penalised 0
# HELP sf_auth_throttle_threshold Failures-per-window threshold that triggers adaptive throttle.
# TYPE sf_auth_throttle_threshold gauge
sf_auth_throttle_threshold 20
# HELP sf_auth_throttle_factor Divisor applied to anon-rate capacity for penalised IPs.
# TYPE sf_auth_throttle_factor gauge
sf_auth_throttle_factor 4
# HELP sf_auth_throttle_tighten_total Adaptive-throttle tighten events anchored to Rekor.
# TYPE sf_auth_throttle_tighten_total counter
sf_auth_throttle_tighten_total 0
# HELP sf_auth_throttle_release_total Adaptive-throttle release events anchored by the decay cron.
# TYPE sf_auth_throttle_release_total counter
sf_auth_throttle_release_total 0
# HELP sf_auth_throttle_clear_total Operator-initiated throttle clears anchored to Rekor.
# TYPE sf_auth_throttle_clear_total counter
sf_auth_throttle_clear_total 0
# HELP sf_auth_heartbeat_miss_total Stale-heartbeat anchors written when a heartbeat gap > 2× cron interval is detected.
# TYPE sf_auth_heartbeat_miss_total counter
sf_auth_heartbeat_miss_total 1
# HELP sf_auth_heartbeat_age_secs Seconds since the latest auth.audit.heartbeat anchor (-1 when no signal yet).
# TYPE sf_auth_heartbeat_age_secs gauge
sf_auth_heartbeat_age_secs 12601
# HELP sf_auth_audit_rotations_total Audit JSONL sink rotations that actually renamed the file, labelled by trigger source.
# TYPE sf_auth_audit_rotations_total counter
sf_auth_audit_rotations_total{source="cron"} 0
sf_auth_audit_rotations_total{source="manual"} 0
sf_auth_audit_rotations_total{source="unknown"} 0
# HELP sf_auth_audit_rotations_last_age_secs Seconds since the most recent auth.audit.rotate anchor (-1 when none yet).
# TYPE sf_auth_audit_rotations_last_age_secs gauge
sf_auth_audit_rotations_last_age_secs -1
# HELP sf_auth_audit_rotations_last_source Last rotation trigger source; 1 = active source, 0 = inactive.
# TYPE sf_auth_audit_rotations_last_source gauge
sf_auth_audit_rotations_last_source{source="cron"} 0
sf_auth_audit_rotations_last_source{source="manual"} 0
sf_auth_audit_rotations_last_source{source="unknown"} 0
# HELP sf_auth_throttle_tighten_age_seconds_max Maximum seconds-since-anchor across all currently-tightened IPs (0 when none).
# TYPE sf_auth_throttle_tighten_age_seconds_max gauge
sf_auth_throttle_tighten_age_seconds_max 0
# HELP sf_auth_correlation_top_density Auth failures per minute per (ip,scope) — top 10 from in-memory audit ring.
# TYPE sf_auth_correlation_top_density gauge
sf_auth_correlation_top_density{ip="127.0.0.1",scope="restricted.read"} 60.0000
sf_auth_correlation_top_density{ip="127.0.0.1",scope="any:admin|demote|register-witness|register-publisher|register-mirror|emit-checkpoint|restricted.read|restricted.write"} 60.0000
sf_auth_correlation_top_density{ip="127.0.0.1",scope="admin"} 60.0000
sf_auth_correlation_top_density{ip="127.0.0.1",scope="user"} 0.0052
# HELP sf_auth_correlation_top_count Auth-failure events per (ip,scope) — top 10 by density.
# TYPE sf_auth_correlation_top_count gauge
sf_auth_correlation_top_count{ip="127.0.0.1",scope="restricted.read"} 1
sf_auth_correlation_top_count{ip="127.0.0.1",scope="any:admin|demote|register-witness|register-publisher|register-mirror|emit-checkpoint|restricted.read|restricted.write"} 1
sf_auth_correlation_top_count{ip="127.0.0.1",scope="admin"} 1
sf_auth_correlation_top_count{ip="127.0.0.1",scope="user"} 5