Grafana Dashboard
Prometheus + Grafana with the PromptShield dashboard provisioned. One command.
cd infra/observability
docker compose up -d| Service | URL | Credentials |
|---|---|---|
| Grafana | http://localhost:3001 | admin / changeme |
Change credentials before exposing Grafana to a network:
GF_ADMIN_USER=youruser GF_ADMIN_PASSWORD=yourpassword docker compose up -dProvisioned automatically
Datasource: Prometheus at http://prometheus:9090.
Dashboard panels:
- Request rate by action (allow / mask / block / error / rate_limited)
- p50 / p95 / p99 end-to-end latency
- Token burn by model and type (prompt / completion / total)
- Block rate and error rate
- PII entity breakdown by type
- Injection detection rate
Alerts
Five alert rules in infra/observability/grafana/alerts.yml:
| Alert | Condition | Severity |
|---|---|---|
HighBlockRate | Block rate > 15% over 5m | warning |
SensitivePIIDetected | Any CREDIT_CARD, US_SSN, or IBAN_CODE in 10m | critical |
HighLatencyP95 | p95 latency > 5s for 3m | warning |
ErrorRateHigh | Error rate > 5% over 5m | critical |
TokenSpikeByModel | Any model > 10,000 tokens/min for 5m | warning |
To route alerts to Slack, PagerDuty, or email, add an Alertmanager config alongside the docker-compose file.
Reaching the proxy from Docker
The compose file uses host.docker.internal so Prometheus can scrape the proxy on your host. Works on Docker Desktop (Mac, Windows) and Linux with Docker Engine 20.10+.
If the proxy is on a different host, edit infra/observability/prometheus.yml:
scrape_configs:
- job_name: promptshield
static_configs:
- targets: ["your-host:8080"]Resetting to defaults
Grafana data (edits, settings) lives in the grafana-data volume:
docker compose down -v
docker compose up -d