Overview
Rule instances capture:- When a rule was triggered (timestamp)
- Which rule was enforced (rule name and ID)
- What happened (details of the blocked action)
- Where it occurred (blocked URL, session link)
Instances are logged automatically whenever a governance rule blocks an action. Check this page regularly to monitor security enforcement.
Filter by Rule
The filter card at the top lets you show/hide instances by rule type:Available Rules
ContextFort currently tracks instances for these governance rules:Disallow URLs with Query Parameters
Rule ID:disallow_query_params
Prevents the agent from opening URLs with query parameters (e.g., ?param=value).
Instance details show:
- The URL that was blocked
- The session where the block occurred
- Timestamp of the attempt
Disallow Printing Clickable URLs
Rule ID:disallow_clickable_urls
Prevents the agent from printing clickable URLs in the Claude sidechat interface.
Instance details show:
- The URL that was blocked from being printed
- The context where the print was attempted
- Associated session
Instance Table
The main table displays all filtered instances, sorted by timestamp (most recent first).Table Columns
| Column | Description |
|---|---|
| Timestamp | Date and time when the rule was triggered |
| Rule | Name of the governance rule that was enforced |
| Details | Description of what was blocked (includes URL if applicable) |
| Session | Link to view the session where this occurred |
Investigating an Instance
Review the details
The Details column shows:
- What action was blocked
- The URL involved (if applicable)
- Additional context
View the session
Click the link icon in the Session column to jump to the Visibility page and see screenshots from that session.
Session Linking
Instances with an associated session show a link icon. Clicking it navigates to:Not all instances have an associated session. Some rules may block actions before a session is created.
Empty States
No Rule Enforcement Instances
If you see this message:- No rules selected: Use the filter to select rules to view
- No rules triggered: Governance rules haven’t blocked any actions yet
- Rules not enabled: Check the Rules page to enable governance policies
Time Formatting
Timestamps are displayed in your local timezone:- Date:
MMM DD, YYYY(e.g., “Jan 15, 2025”) - Time:
HH:MM:SSin 24-hour format - Combined: “Jan 15, 2025 14:30:45”
Refreshing Data
Click the Refresh button to reload instances from Chrome storage:- Instances are loaded from
chrome.storage.local(key:governanceInstances) - Data is sorted by timestamp (newest first)
- Filter selections are preserved on refresh
Summary Statistics
At the bottom of the page, you’ll see:- X: Number of instances currently visible based on filters
- Y: Number of rules currently selected in the filter
Use Cases
Security Auditing
Review instances to:- Verify that governance rules are working correctly
- Identify patterns of blocked behavior
- Audit agent compliance with security policies
Troubleshooting
If the agent can’t complete a task:- Check if a rule blocked a necessary action
- Review the instance details to understand what was prevented
- Temporarily disable the rule if needed (see Rules page)
Compliance Reporting
Export or review instances for:- Security compliance audits
- Incident reports
- Behavior analysis
Best Practices
Investigate spikes
If you see many instances suddenly, investigate whether:
- A rule is too strict
- The agent is attempting problematic behavior
- There’s a configuration issue
Correlate with sessions
Always click through to sessions to see the full context of blocked actions.
Technical Details
The Instances page:- Loads from
chrome.storage.local(key:governanceInstances) - Instances are created by background scripts when rules are triggered
- Each instance has a unique ID and timestamp
- Instances are never automatically deleted (manual cleanup required)
Next Steps
Configure Rules
Enable or disable governance rules
Review Sessions
See screenshots from sessions where rules were triggered