Skip to content

Quick Start

Krishna Kishor Tirupati edited this page May 11, 2026 · 1 revision

Quick Start

1. Create A Policy

id: basic_enterprise_policy
default: deny

rules:
  - name: block_secrets
    effect: deny
    when:
      data.contains_secrets: true

  - name: allow_low_medium_risk_enterprise_users
    effect: allow
    when:
      user.role_in: ["support_agent", "claims_adjuster", "developer", "privacy_admin"]
      request.risk_in: ["low", "medium"]
      request.region: "us"

  - name: redact_pii_for_non_privileged_users
    effect: transform
    action: redact
    when:
      data.contains_pii: true
      user.role_not_in: ["privacy_admin", "compliance_officer"]

  - name: require_approval_for_high_risk
    effect: require_approval
    when:
      risk.tier_in: ["high", "critical"]

2. Call The Gateway

from policyaware import Gateway, GatewayRequest

gateway = Gateway.from_policy_file("examples/policies/basic.yaml")

request = GatewayRequest(
    tenant="acme",
    app="support-copilot",
    user={"id": "u_100", "role": "support_agent"},
    context={"region": "us", "risk": "low", "task_type": "support"},
    messages=[{"role": "user", "content": "Email jane@example.com about the open case."}],
)

response = gateway.chat(request)

print("content:", response.content)
print("decision:", response.policy.decision)
print("actions:", response.policy.actions)
print("reason codes:", response.policy.reason_codes)
print("trace:", response.trace_id)

Expected behavior:

  • PII is detected.
  • The request is conditionally allowed.
  • Redaction is applied before the request reaches the model provider.
  • A trace is written for audit review.

3. Deny Secret Leakage

request = GatewayRequest(
    tenant="acme",
    app="code-assistant",
    user={"id": "dev_1", "role": "developer"},
    context={"region": "us", "risk": "low", "task_type": "code_assistant"},
    messages=[{"role": "user", "content": "Use secret_api_key_abcdefghijklmnop in deployment."}],
)

response = gateway.chat(request)

print(response.policy.decision)
print(response.policy.reason_codes)
print(response.content)

Expected behavior:

  • Secret-like content is detected.
  • Policy decision is deny.
  • Model execution is blocked.
  • Response content is empty.

4. Require Approval For High Risk

request = GatewayRequest(
    tenant="acme",
    app="finance-agent",
    user={"id": "u_200", "role": "analyst"},
    context={"region": "us", "risk": "high", "task_type": "external_action"},
    messages=[{"role": "user", "content": "Send the payment adjustment to the vendor."}],
)

response = gateway.chat(request)

print(response.policy.decision)
print(response.metadata.get("approval"))

Expected behavior:

  • High-risk request is classified.
  • Approval is required before model/tool execution.
  • Approval metadata is attached to the response.

Clone this wiki locally