10

Policy Templates

Versioned enforcement templates with a controlled lifecycle. Rules are append-only — changes supersede, never overwrite, so evidence stays reproducible.

LifecycleDraftIn reviewApprovedDeployedSupersededEvery change is dry-run against live traffic before deploy; rollback re-activates the previous version.

Financial Strict

v2.3 · updated 2026-06-24

Deployed

Hard blocks on PCI/PII exposure, constrain on internal identifiers, prompt-injection zero-tolerance.

PIIData leakagePrompt injectionToxicity
46 rules2 tenants assignedpolicy-team

Healthcare PHI

v1.9 · updated 2026-06-18

Deployed

PHI-first template: strict masking of patient identifiers, ingest-side document screening.

PIIData leakageToxicity
38 rules1 tenant assignedpolicy-team

Public Sector

v3.1 · updated 2026-06-12

Deployed

Arabic/English dual-language rules, national-ID masking, records-retention aligned evidence.

PIIData leakagePrompt injection
41 rules1 tenant assignedgov-desk

Baseline

v4.0 · updated 2026-05-30

Deployed

Default protection tier for standard commercial tenants. Allow-first with PII constrain.

PIIToxicity
24 rules2 tenants assignedpolicy-team

Financial Strict

v2.4-rc1 · updated 2026-07-01

In review

Adds jailbreak-chain detection rules and response-side constrain for account numbers.

PIIData leakagePrompt injectionToxicity
49 rules0 tenants assignedpolicy-team

Legacy Baseline

v1.7 · updated 2025-11-02

Superseded

Superseded by Baseline v4.0 — kept for audit reproducibility only.

PII
18 rules0 tenants assignedpolicy-team
Kept for audit reproducibility.

Baseline

v4.1 · updated 2026-06-28

Approved

Adds jailbreak-chain coverage to the default tier. Approved — awaiting deployment window.

PIIToxicityPrompt injection
26 rules0 tenants assignedpolicy-team

Rule semantics

How a template decides — mirrors the gateway's enforcement engine

Risk categorySeverityOutcomeBehaviour at the gateway
PIIhighblockRequest rejected; customer-safe refusal returned; evidence recorded.
PIImediumconstrainDetected spans masked as [pii] before forwarding upstream.
Data leakagehighblockBlocked on both prompt and response sides of the exchange.
Prompt injectionanyblockZero-tolerance in strict templates; fail-closed if the guardrail is unreachable.
ToxicitylowallowForwarded unchanged; detection still logged for trend analysis.