Policy Templates
Versioned enforcement templates with a controlled lifecycle. Rules are append-only — changes supersede, never overwrite, so evidence stays reproducible.
Financial Strict
v2.3 · updated 2026-06-24
Hard blocks on PCI/PII exposure, constrain on internal identifiers, prompt-injection zero-tolerance.
Healthcare PHI
v1.9 · updated 2026-06-18
PHI-first template: strict masking of patient identifiers, ingest-side document screening.
Public Sector
v3.1 · updated 2026-06-12
Arabic/English dual-language rules, national-ID masking, records-retention aligned evidence.
Baseline
v4.0 · updated 2026-05-30
Default protection tier for standard commercial tenants. Allow-first with PII constrain.
Financial Strict
v2.4-rc1 · updated 2026-07-01
Adds jailbreak-chain detection rules and response-side constrain for account numbers.
Legacy Baseline
v1.7 · updated 2025-11-02
Superseded by Baseline v4.0 — kept for audit reproducibility only.
Baseline
v4.1 · updated 2026-06-28
Adds jailbreak-chain coverage to the default tier. Approved — awaiting deployment window.
Rule semantics
How a template decides — mirrors the gateway's enforcement engine
| Risk category | Severity | Outcome | Behaviour at the gateway |
|---|---|---|---|
| PII | high | block | Request rejected; customer-safe refusal returned; evidence recorded. |
| PII | medium | constrain | Detected spans masked as [pii] before forwarding upstream. |
| Data leakage | high | block | Blocked on both prompt and response sides of the exchange. |
| Prompt injection | any | block | Zero-tolerance in strict templates; fail-closed if the guardrail is unreachable. |
| Toxicity | low | allow | Forwarded unchanged; detection still logged for trend analysis. |