Gu is Datab's protection infrastructure for institutional systems. It protects the Node, DatabStudio, Atlas, Orula, CRM runtime, DDSN sync, databases, files, identities, and sessions — covering service health, security events, backup status, audit trace, resource metrics, and suspicious activity. Disruptive actions require explicit human approval.

What Gu does without approval

• Observes system health, disk pressure, memory pressure, container health.
• Surfaces failed-login summaries and suspicious authentication patterns.
• Writes audit events and recommends actions to admins.

What Gu requires approval to do

• Lock-mode (node-wide).
• App suspension or container shutdown.
• Process termination or network isolation.
• Remote support session approval.
• Credential revocation, firewall changes.

Bounded design

Gu is a conservative immune system, not a destructive auto-remediator. Disruptive actions are recommended, not taken. The reward model explicitly penalises unapproved disruption and alert spam.