update the redflag resopnse

.gitignore

@@ -1,3 +1,4 @@
 venv/
 .env
 .pytest_cache
+/_pycache_/

backend/api/services/agent_orchestrator.py

@@ -89,25 +89,73 @@ class AgentOrchestrator:
                 tool_input={"violations": [m.__dict__ for m in matches]},
                 reason="redflag_triggered"
             )
-            summary = "; ".join(
-                f"{m.description or m.pattern} [severity: {m.severity}]"
-                for m in matches
-            ) or "Policy violation detected"
+            
+            # Build detailed prompt for LLM to generate natural red flag response
+            violations_details = []
+            for i, m in enumerate(matches, 1):
+                rule_name = m.description or m.pattern or "Policy violation"
+                detail = f"{i}. **{rule_name}** (Severity: {m.severity})"
+                if m.matched_text:
+                    detail += f"\n   - Detected phrase: \"{m.matched_text}\""
+                violations_details.append(detail)
+            
+            llm_prompt = f"""A user made the following request: "{req.message}"
+
+However, this request violates company policies. The following policy violations were detected:
+
+{chr(10).join(violations_details)}
+
+Your task: Write a clear, professional, and empathetic response to inform the user that:
+1. Their request cannot be processed due to policy violations
+2. Which specific policy was violated (mention it naturally)
+3. The incident has been logged for security review
+4. They should contact an administrator if they need assistance or believe this is an error
+
+Write a natural, conversational response (2-4 sentences) that feels helpful rather than robotic. Be professional but understanding.
+
+Response:"""
+            
+            # Generate LLM response for red flag
+            try:
+                llm_response = await self.llm.simple_call(llm_prompt, temperature=min(req.temperature + 0.2, 0.7))  # Slightly higher temp for more natural response
+                llm_response = llm_response.strip()
+                # Add warning emoji if not present
+                if not llm_response.startswith("⚠️") and not llm_response.startswith("🚨"):
+                    llm_response = f"⚠️ {llm_response}"
+            except Exception as e:
+                # Fallback to a simple message if LLM fails
+                summary = "; ".join(
+                    f"{m.description or m.pattern}"
+                    for m in matches
+                )
+                llm_response = f"⚠️ I'm unable to process your request because it violates our company policy: {summary}. This incident has been logged. Please contact your administrator if you need assistance."
             
             total_latency_ms = int((time.time() - start_time) * 1000)
+            
+            # Log LLM usage for red flag response
+            estimated_tokens = len(llm_response) // 4 + len(llm_prompt) // 4
+            self.analytics.log_tool_usage(
+                tenant_id=req.tenant_id,
+                tool_name="llm",
+                latency_ms=total_latency_ms,
+                tokens_used=estimated_tokens,
+                success=True,
+                user_id=req.user_id
+            )
+            
             self.analytics.log_agent_query(
                 tenant_id=req.tenant_id,
                 message_preview=req.message[:200],
                 intent="admin",
-                tools_used=["admin"],
-                total_tokens=0,
+                tools_used=["admin", "llm"],
+                total_tokens=estimated_tokens,
                 total_latency_ms=total_latency_ms,
                 success=False,
                 user_id=req.user_id
             )
             
             return AgentResponse(
-                text=f"⚠️ Request blocked by Admin Plan: {summary}. Please review your governance rules or contact an administrator.",
+                text=llm_response,
                 decision=decision,
                 tool_traces=[{"redflags": [m.__dict__ for m in matches]}],
                 reasoning_trace=reasoning_trace

frontend/components/analytics-panel.tsx

@@ -3,10 +3,18 @@
 import { useState } from "react";
 import { useTenant } from "@/contexts/TenantContext";
 
+type ToolUsageStats = {
+  count: number;
+  avg_latency_ms: number;
+  total_tokens: number;
+  success_count: number;
+  error_count: number;
+};
+
 type AnalyticsOverview = {
   overview: {
     total_queries: number;
-    tool_usage: Record<string, number>;
+    tool_usage: Record<string, ToolUsageStats>;
     redflag_count: number;
     active_users: number;
   };
@@ -89,7 +97,7 @@ export function AnalyticsPanel() {
           <p className="mt-2 text-3xl font-semibold">
             {data
               ? Object.entries(data.tool_usage)
-                  .sort((a, b) => b[1] - a[1])[0]?.[0] ?? "—"
+                  .sort((a, b) => b[1].count - a[1].count)[0]?.[0] ?? "—"
               : "—"}
           </p>
         </div>
@@ -101,7 +109,7 @@ export function AnalyticsPanel() {
         </p>
         <div className="mt-4 grid gap-3 sm:grid-cols-3">
           {data
-            ? Object.entries(data.tool_usage).map(([tool, count]) => (
+            ? Object.entries(data.tool_usage).map(([tool, stats]) => (
                 <div
                   key={tool}
                   className="rounded-xl border border-white/10 bg-white/5 px-4 py-3"
@@ -109,7 +117,7 @@ export function AnalyticsPanel() {
                   <p className="text-sm uppercase tracking-widest text-slate-400">
                     {tool}
                   </p>
-                  <p className="text-2xl font-semibold text-white">{count}</p>
+                  <p className="text-2xl font-semibold text-white">{stats.count}</p>
                 </div>
               ))
             : Array.from({ length: 3 }).map((_, idx) => (