Governance prompts
Some requests require a business justification before they are processed. When this happens, a governance dialog appears asking you to explain why you need to proceed. This page explains what to expect and what to do.
Why did a dialog appear?
Section titled “Why did a dialog appear?”Your organization’s security policy includes rules that require human review for certain types of requests. Common triggers include:
- The request contains sensitive data types (government IDs, health records, financial account numbers)
- The request is directed at a provider or model that requires justification for your group
- The request matches a pattern defined by your security team
When one of these conditions is met, Arbitex pauses the request and shows the GovernancePromptDialog before forwarding anything to the AI provider.
What the dialog looks like
Section titled “What the dialog looks like”The dialog appears over the current chat or prompt interface. It contains:
- A message from your security team — explaining what was detected and what they need from you. For example: “This request contains government ID data. Please provide a business justification before proceeding.”
- A text field — where you type your justification
- Submit and Cancel buttons
Your justification should be a short, clear statement of why this request is necessary for your work. Examples:
- “Processing a redacted benefits form for employee onboarding — ID is necessary to verify eligibility.”
- “Preparing a compliance report that requires identifying PII in the test dataset before anonymization.”
- “Authorized audit work — extracting passport numbers from the provided sample for format validation.”
You do not need to write an essay. One or two sentences that explain the business reason is enough.
What happens after you submit
Section titled “What happens after you submit”After you click Submit:
- Your justification is recorded in the audit log, linked to the specific request.
- The original request is automatically re-sent to the AI provider with your justification attached.
- The response appears normally in the interface — there is no visible delay beyond the brief pause for the dialog.
If your request is still blocked after submitting (this is uncommon), your security team has configured an additional review step. Contact your organization administrator if you believe the block is in error.
What happens if you click Cancel
Section titled “What happens if you click Cancel”If you click Cancel or close the dialog:
- The request is not sent to the AI provider.
- Nothing is recorded in the audit log for the cancelled request.
- You can modify your request and try again, or contact your administrator if you believe the policy is incorrectly configured.
What gets recorded
Section titled “What gets recorded”Your organization’s audit log records the following for every justified request:
| What is recorded | Details |
|---|---|
| Your user ID | Identifies who submitted the justification |
| The challenge ID | Links the justification to the specific governance rule that fired |
| Your justification text | The text you typed in the dialog |
| Timestamp | When the justification was submitted |
| The original request metadata | Provider, model, and the policy that triggered the review — but not the full prompt content |
Your justification text is visible to your organization’s security and compliance team. Write it as you would write any professional record.
Frequently asked questions
Section titled “Frequently asked questions”Can I turn off these prompts?
No. Governance prompts are set by your organization’s security policy. Individual users cannot disable them. If you frequently encounter prompts that you believe are not relevant to your work, speak with your administrator about whether your group’s policy configuration needs adjustment.
Will the same request trigger the prompt again later?
No. Once you have submitted a justification for a request, that submission is recorded. If you send an identical request again, the justification you provided previously is not automatically reused — the prompt will appear again. Each request is evaluated independently.
What if I made a typo in my justification?
The justification is recorded as submitted. If you need to correct it, contact your organization administrator. They can annotate the audit log entry with a correction note.
I see “HTTP 449” or a “Retry With” error in my API client — what does this mean?
HTTP 449 Retry With is the signal Arbitex sends when a governance prompt is required. This response only appears in the Arbitex web app as the justification dialog — API callers receive the raw HTTP 449 response instead. If you are building an integration and encounter this, contact your organization administrator: governance prompt rules are typically configured for interactive callers only and may need adjustment for programmatic access.
See also
Section titled “See also”- Policy Engine overview — PROMPT action — how
PROMPTrules work from an admin perspective - Audit log — where your justifications are recorded