Curiosity queue
The curiosity queue is a list of investigations you want Puck to run on a schedule, without you submitting them manually each time.
Why it exists
Some questions are worth asking every week whether or not anything has triggered your attention. “Are there unauthorized AI tools running on developer machines?” is worth asking weekly even if no alert fired. “Are any production credentials visible in environment variables?” is worth asking daily even on a quiet day.
Without scheduled investigations, the answer to these questions depends on an analyst remembering to ask. The curiosity queue makes them automatic.
How it works
Each item in the queue has four fields that control when and how it runs:
Schedule — how often the runner considers the item eligible to run:
once— run once and mark complete; don’t repeat.daily— eligible once per 24-hour period.weekly— eligible once per 7-day period.monthly— eligible once per calendar month.
Priority — low, medium, or high. When multiple items are eligible, the runner picks the highest-priority queued item first. Items at the same priority run in creation order.
Status — tracks where the item is in its lifecycle: queued (eligible, waiting for the runner), running (actively executing an investigation), paused (temporarily suspended by the operator), completed (most recent run finished successfully), or failed (most recent run hit an error).
The runner processes one curiosity item at a time. When it picks up an item, it creates a standard investigation from the item’s query (with any tags the item carries applied), waits for it to complete, then updates the item’s last_run_at and last_result_id before moving to the next eligible item.
Typical use cases:
| Query | Schedule | Priority |
|---|---|---|
| Find unauthorized AI tools installed on developer machines | weekly | medium |
| Check for production credentials in environment variables | daily | high |
| Look for browser extensions with excessive permissions | weekly | low |
| Review installed software changes since last month | monthly | low |
When you’d touch it
You manage the curiosity queue in Console → Settings or via the Curiosity API.
Add items when you have recurring security hygiene questions you’d otherwise have to remember to ask. Pause items during maintenance windows when you know the results will be noisy. Use once for questions you want answered now but don’t need on a recurring basis.
The queue is per-account and shared across your team — if a colleague already scheduled the weekly shadow-IT sweep, you don’t need to add another one.