ManualOverrideAuditor

risk.manualoverrideauditor

Risk Guardrail planned Planned frozen

ManualOverrideAuditor intercepts every request to bypass or adjust a guardrail, enforces a rate limit on overrides per time window, requires a non-emp

What it does

ManualOverrideAuditor intercepts every request to bypass or adjust a guardrail, enforces a rate limit on overrides per time window, requires a non-empty justification string, and emits an immutable RiskVote audit record for every approved or rejected override attempt. It ensures that manual guardrail bypasses cannot occur silently and that every override is visible to the risk team.

Pipeline placement

runs after: Override request submitted → ManualOverrideAuditor → runs before: Override action applied

Applies to: Every manual override request for any guardrail — requires justification, rate-limits overrides, and emits an immutable

Why it matters

If this fails	Consequence
Silent override of a guardrail	Without audit enforcement, a guardrail can be bypassed without trace, removing the protective layer without any record for post-hoc review.
Override rate limit bypassed	Repeated overrides in a short window can be used to trade in conditions that guardrails are designed to block, effectively disabling the risk controls.

Inputs

Polymarket inputs

Input	Source	Required	Use
None — ManualOverrideAuditor does not read Polymarket APIs	internal	optional	All inputs come from internal override request payloads.

Internal inputs

Input	Source	Required	Use
Override request payload (target guardrail, justification, requestor_id)	internal	required	Validate justification is non-empty, check rate limit for requestor, and record the override attempt.
Override rate limit counter (per requestor per time window)	internal	required	Enforce max_overrides_per_window to prevent override abuse.
KillSwitch active flag	KillSwitch	required	If active, reject all override requests immediately.

Authority

What this bot is permitted to do

Veto

State

Readiness

Planned

Status

planned

Class

Guardrail

Default mode

planned

Developer owner

Polytraders core — Risk pod

Capital impact

Direct

Reason codes emitted

Code	Severity	Meaning	Action
KILL_SWITCH_ACTIVE	HARD_REJECT	Global kill switch active; no overrides allowed.	Immediate HARD_REJECT.
OVERRIDE_AUDITOR_NO_JUSTIFICATION	HARD_REJECT	Override request missing required justification string.	HARD_REJECT; do not emit override counter increment.
OVERRIDE_AUDITOR_RATE_EXCEEDED	HARD_REJECT	Requestor has exceeded the max_overrides_per_window limit.	HARD_REJECT; do not emit override counter increment.
OVERRIDE_AUDITOR_RATE_APPROACHING	WARN	Override count is one below the hard limit.	Attach WARN annotation; APPROVE.
OVERRIDE_AUDITOR_DATA_UNAVAILABLE	HARD_REJECT	Redis override counter unavailable; cannot enforce rate limit or record audit.	HARD_REJECT (fail-closed).

Related bots in Risk Guardrail

risk.blacklistkeeper risk.capitalallocator risk.compliancegate

Used by

Reverse index — strategies that currently reference risk.manualoverrideauditor. If you change this bot's authority or reason codes, these strategies must re-pass shadow.

Strategy	State	Activity
Crypto Q2 — basket rebalance	frozen	last triggered 7m ago

Showing 1 of 1 · demo-wired ≠ production-live

Why this matters

Risk Guardrail bots does NOT propose intents or sign orders; only permits or blocks. Understanding the authority boundary prevents misuse and makes promotion-gate reviews faster and more reliable. View raw spec JSON →

Polytraders Operator UX Mock · INTERNAL · demo-wired ≠ production-live · the plan · reason codes · shadow-mode pipeline