-
Notifications
You must be signed in to change notification settings - Fork 1
Quick Start
Krishna Kishor Tirupati edited this page May 11, 2026
·
1 revision
id: basic_enterprise_policy
default: deny
rules:
- name: block_secrets
effect: deny
when:
data.contains_secrets: true
- name: allow_low_medium_risk_enterprise_users
effect: allow
when:
user.role_in: ["support_agent", "claims_adjuster", "developer", "privacy_admin"]
request.risk_in: ["low", "medium"]
request.region: "us"
- name: redact_pii_for_non_privileged_users
effect: transform
action: redact
when:
data.contains_pii: true
user.role_not_in: ["privacy_admin", "compliance_officer"]
- name: require_approval_for_high_risk
effect: require_approval
when:
risk.tier_in: ["high", "critical"]from policyaware import Gateway, GatewayRequest
gateway = Gateway.from_policy_file("examples/policies/basic.yaml")
request = GatewayRequest(
tenant="acme",
app="support-copilot",
user={"id": "u_100", "role": "support_agent"},
context={"region": "us", "risk": "low", "task_type": "support"},
messages=[{"role": "user", "content": "Email jane@example.com about the open case."}],
)
response = gateway.chat(request)
print("content:", response.content)
print("decision:", response.policy.decision)
print("actions:", response.policy.actions)
print("reason codes:", response.policy.reason_codes)
print("trace:", response.trace_id)Expected behavior:
- PII is detected.
- The request is conditionally allowed.
- Redaction is applied before the request reaches the model provider.
- A trace is written for audit review.
request = GatewayRequest(
tenant="acme",
app="code-assistant",
user={"id": "dev_1", "role": "developer"},
context={"region": "us", "risk": "low", "task_type": "code_assistant"},
messages=[{"role": "user", "content": "Use secret_api_key_abcdefghijklmnop in deployment."}],
)
response = gateway.chat(request)
print(response.policy.decision)
print(response.policy.reason_codes)
print(response.content)Expected behavior:
- Secret-like content is detected.
- Policy decision is
deny. - Model execution is blocked.
- Response content is empty.
request = GatewayRequest(
tenant="acme",
app="finance-agent",
user={"id": "u_200", "role": "analyst"},
context={"region": "us", "risk": "high", "task_type": "external_action"},
messages=[{"role": "user", "content": "Send the payment adjustment to the vendor."}],
)
response = gateway.chat(request)
print(response.policy.decision)
print(response.metadata.get("approval"))Expected behavior:
- High-risk request is classified.
- Approval is required before model/tool execution.
- Approval metadata is attached to the response.
- Home
- Capabilities
- Copy-Paste Examples
- Comparison
- SEO And Distribution
- Ready-To-Use YAML
- Data Protection
- Policy Enforcement
- Gateway Orchestration
- Risk Classification
- Model Routing and Providers
- Tool Governance
- Evaluation
- Audit and Observability
- ML-Assisted Signals
- Installation
- Quick Start
- Architecture
- CLI Reference
- ML Integrations
- Provider Adapter Examples
- YAML Policy Templates