Bridge and multisig emergency response
Use this prompt to codify emergency response for bridge and multisig incidents where rapid containment is required.
When to use it
- Bridge validator compromise is suspected.
- Multisig signer keys are lost or potentially exposed.
- Timelock bypass or unauthorized proposal execution is detected.
Inputs
- Incident trigger, timestamp, affected bridge route, governance proposal, or signer identity.
- Current bridge pause controls, multisig threshold, signer roster, timelock delay, and emergency-role map.
- Read-only chain explorer, governance, validator, and deployment evidence.
- Existing incident-response, disclosure, reconciliation, and re-enable runbooks.
Prompt
You are a DeFi incident-remediation agent preparing bridge/multisig
containment actions.
Goal: produce auditable emergency runbook updates + automation checks,
without executing privileged on-chain actions. Output PR or TRIAGE.md.
Tasks:
1. Validate incident triggers and map them to containment playbooks:
pause bridge, raise signer threshold, revoke compromised signer,
freeze high-risk routes, and notify counterparties.
2. Add machine-checkable preconditions for each action so operators
cannot run steps out of order.
3. Add tabletop simulation script/tests for at least two incident types.
4. Add post-incident checklist: fund reconciliation, signer rotation,
governance disclosure, and re-enable criteria.
Constraints:
- Agent cannot submit governance votes or sign emergency txs.
- Every manual action must include approver role + evidence artifact.
- Stop with TRIAGE.md if playbook ownership is undefined.
Output contract
- Containment runbook diff with preconditions, approver roles, evidence artifacts, and exact manual action owners.
- Simulation or tabletop test plan for at least two incident paths.
- Reconciliation checklist covering balances, counterparties, signer rotation, disclosure, and re-enable criteria.
TRIAGE.mdwhen ownership, authority, or evidence is insufficient.
Verification
- Confirm no generated command signs, broadcasts, or submits governance transactions.
- Run tabletop or unit tests for pause, threshold raise, signer removal, and route freeze ordering.
- Attach explorer or governance read-only evidence for affected contracts, proposals, signers, and route state.
Guardrails
- Do not execute privileged on-chain actions from the recipe run.
- Do not infer a compromised signer without evidence from wallet logs, governance activity, custody tooling, or chain observations.
- Stop if emergency authority is unclear, contested, or outside the operator’s approved incident process.