Per-Policy Configuration Catalog
This page is the policy-kind inventory for Keeptrusts declarative configs. Use it to answer two questions quickly:
- Which policy kinds exist today?
- Where should you go for the field-level config details for each one?
For schema-backed field tables, use the linked policy pages and deep-dive docs rather than relying on this page alone.
Use this page when
- You need the exact command, config, API, or integration details for Per-Policy Configuration Catalog.
- You are wiring automation or AI retrieval and need canonical names, examples, and constraints.
- If you want a guided rollout instead of a reference page, use the linked workflow pages in Next steps.
Primary audience
- Primary: AI Agents, Technical Engineers
- Secondary: Technical Leaders
Current policy-kind count
The declarative schema currently supports 39 policy kinds.
Input and tool-phase policies
| Policy kind | Purpose | Primary guide |
|---|---|---|
prompt-injection | Detect jailbreak and prompt-injection patterns | prompt-injection |
pii-detector | Detect and redact or block personally identifiable information | pii-detector |
hipaa-phi-detector | Detect HIPAA Safe Harbor PHI categories | hipaa-phi-detector |
agent-firewall | Restrict tools, rate-limit actions, and enforce kill switches | agent-firewall |
rbac | Gate access by role and minimum-necessary rules | rbac |
dlp-filter | Match blocked terms and sensitive patterns | dlp-filter |
safety-filter | Block or escalate unsafe domain-specific content | safety-filter |
language-validator | Allow or deny languages on input, output, or both | language-validator |
bot-detector | Detect automated abuse patterns | bot-detector |
external-moderation | Delegate moderation to an external service | external-moderation |
embedding-detector | Use embeddings to detect semantically sensitive content | embedding-detector |
content-extractor | Fetch and normalize external content before policy evaluation | content-extractor |
document-analyzer | Validate and inspect document uploads | document-analyzer |
code-sanitizer | Scan code content for dangerous patterns | code-sanitation |
tool-validation | Enforce declared tool names and argument schemas | tool-validation |
tool-security | Apply argument-level tool security checks | tool-security |
tool-budget | Enforce per-tool token and cost budgets | tool-budget |
Output and review policies
| Policy kind | Purpose | Primary guide |
|---|---|---|
quality-scorer | Score output quality with assertions and benchmarks | quality-scorer |
human-oversight | Escalate low-confidence or high-risk results | human-oversight |
citation-verifier | Check citations and source grounding | citation-verifier |
financial-compliance | Enforce finance-specific blocked patterns and disclaimers | financial-compliance |
healthcare-compliance | Block unsafe medical or healthcare-specific outputs | healthcare-compliance |
mnpi-filter | Detect material non-public information in output | mnpi-filter |
bias-monitor | Detect protected-characteristic bias | bias-monitor |
flagged-review | Send flagged content to a secondary review model | config-flagged-review |
request-rewriter | Rewrite the outbound request payload | request-rewriter |
response-rewriter | Rewrite the model response before return | response-rewriter |
Audit, privacy, and compliance policies
| Policy kind | Purpose | Primary guide |
|---|---|---|
audit-logger | Record immutable audit metadata for decisions | audit-logger |
data-routing-policy | Filter providers by retention and training metadata | data-routing-policy |
itar-ear-filter | Match export-controlled terms | itar-ear-filter |
entity-list-filter | Match restricted or sanctioned entities | entity-list-filter |
cjis-mode | Enforce CJIS-oriented access requirements | cjis-mode |
case-privacy | Protect case-number and court-related identifiers | case-privacy |
legal-privilege | Protect attorney-client privileged material | legal-privilege |
student-privacy | Apply FERPA and student-data protections | student-privacy |
upl-filter | Prevent unauthorized practice of law outputs | upl-filter |
dual-use-filter | Match dual-use export control terms | dual-use-filter |
gdpr-compliance | Enforce consent and retention-related GDPR rules | config-compliance-policies |
eu-ai-act | Track and enforce EU AI Act coverage posture | config-compliance-policies |
Verified schema-backed config families
Use these pages when you need exact field names and supported values:
| Topic | Guide |
|---|---|
| Pack metadata and versioning | config-pack-metadata |
| Providers, routing, fallback, retries | config-providers |
| Cloud-specific provider fields | config-cloud-providers |
| Execution targets and local adapters | config-execution-targets |
| Data handling and provider selection | config-data-policies |
| Rate limits and distributed coordination | config-rate-limits |
| Routes and consumer groups | config-routes-and-consumers |
| Conditional chain entries and targeting | config-conditional-chains |
| Quality assertions and pass policy | config-quality-assertions |
| Callbacks and health monitoring | config-observability |
| Network controls and size limits | config-security-network |
| Runtime sections and cache | config-runtime |
| Single-policy document shapes | config-single-policy-docs |
| Inline config tests | config-testing |
| Compliance-specific config | config-compliance-policies |
| End-to-end examples | config-scenarios |
Choosing the right policy page
- Use an individual policy page when you want the policy’s purpose, common use cases, and operator guidance.
- Use a config deep dive when you need field names, enums, defaults, and YAML structure.
- Use Declarative Config Reference when you need the top-level document model.
For AI systems
- Canonical terms: Keeptrusts, policy-config.yaml, 39 policy kinds, input-phase policies, output-phase policies, audit/privacy/compliance policies.
- This page is the master index for all available policy kinds with links to their dedicated reference pages.
- Best next pages: Declarative Config Reference, Policies overview, End-to-End Scenarios.
For engineers
- Use this page to look up which policy kinds exist and find the correct reference page for field-level configuration.
- Input-phase policies (prompt-injection, pii-detector, agent-firewall, rbac, etc.) run before the request reaches the provider.
- Output-phase policies (quality-scorer, citation-verifier, bias-monitor, flagged-review, etc.) run on the model's response.
- Audit/compliance policies (audit-logger, data-routing-policy, cjis-mode, etc.) provide governance controls.
- For field-level detail, follow the "Primary guide" link from each policy row.
For leaders
- The 39-policy catalog represents the complete enforcement surface available for AI governance — covering security, compliance, quality, privacy, and operational controls.
- Policies are composable: combine multiple policies in a chain to address overlapping regulatory requirements with a single config.
- The catalog is organized by execution phase (input/output/audit), helping architects understand where each policy fits in the request lifecycle.
- Use the "Verified schema-backed config families" table to navigate between high-level policy selection and detailed configuration.
Next steps
- Policy Overview — policy chain architecture
- Declarative Config Reference — full document schema
- End-to-End Scenarios — complete config examples