Skip to content

Policy Engine

Krishna Kishor Tirupati edited this page May 11, 2026 · 1 revision

Policy Engine

The policy engine is deny-by-default. Requests must match an explicit allow rule before model execution, unless a deny or approval rule takes precedence.

Decision Types

  • allow: request may execute.
  • conditional_allow: request may execute after a transform such as redaction.
  • require_approval: request must be sent to an approval workflow.
  • deny: request is blocked.

What Policies Can Inspect

Area Examples
User prompts PII, PHI, secrets, sensitive text
Request context role, tenant, region, risk, domain, task type
Data findings contains PII, contains PHI, contains secrets
Risk tier, score, factors
Tools requested connectors and actions

Policy Example

id: regulated_rag_policy
default: deny

rules:
  - name: deny_secrets
    effect: deny
    when:
      data.contains_secrets: true

  - name: allow_healthcare_rag_in_us
    effect: allow
    when:
      user.role_in: ["clinician", "compliance_officer"]
      request.region: "us"
      request.task_type: "rag_answer"
      risk.tier_in: ["low", "medium"]

  - name: redact_pii_for_standard_users
    effect: transform
    action: redact
    when:
      data.contains_pii: true
      user.role_not_in: ["privacy_admin", "compliance_officer"]

  - name: require_approval_for_critical
    effect: require_approval
    when:
      risk.tier: "critical"

Explain A Decision

policyaware policy explain examples/policies/basic.yaml --prompt "Email jane@example.com"

Typical output includes:

  • decision result
  • matched policy rules
  • reason codes
  • risk tier
  • remediation suggestions

Reason Codes

Reason codes make policy decisions reviewable by developers, security teams, and compliance teams.

Examples:

DATA.PII_DETECTED
DATA.PHI_DETECTED
DATA.SECRET_DETECTED
RISK.MEDIUM
POLICY.ALLOW_MATCHED
POLICY.DENY_MATCHED
POLICY.TRANSFORM_APPLIED
POLICY.APPROVAL_REQUIRED

Clone this wiki locally