End-to-End Configuration Scenarios
These scenarios are schema-backed examples you can adapt directly into policy-config.yaml.
Replace every your-...-model placeholder with a model ID enabled for that
provider account before running a scenario.
Runnable examples omit an explicit providers.fallback block. The gateway
already considers later eligible targets using its default trigger list. Its
runtime override key is trigger_on; fallback.enabled and
max_fallback_attempts do not currently control dispatch. Use
providers.routing.allow_fallbacks: false when a scenario must restrict a
request to the first eligible target. See
Multi-Provider Fallback.
1. Finance assistant with DLP and compliance disclaimers
pack:
name: finance-assistant
version: 1.0.0
enabled: true
providers:
targets:
- id: openai-prod
provider: openai
provider_type: openai
format: openai
model: your-openai-model
secret_key_ref:
env: KEEPTRUSTS_OPENAI_API_KEY
- id: openai-mini
provider: openai
provider_type: openai
format: openai
model: your-openai-model
secret_key_ref:
env: KEEPTRUSTS_OPENAI_API_KEY
routing:
strategy: ordered
global_rate_limit:
max_requests: 500
window_seconds: 60
user_rate_limit:
max_requests: 50
window_seconds: 60
header_names:
- X-User-Id
policies:
chain:
- prompt-injection
- pii-detector
- dlp-filter
- financial-compliance
- audit-logger
policy:
pii-detector:
action: redact
pci_mode: true
dlp-filter:
blocked_terms:
- "wire transfer instructions"
- "raw customer export"
action: block
sensitivity_level: restricted
financial-compliance:
blocked_patterns:
- "guaranteed return"
- "buy this stock now"
required_disclaimers:
- "This content is not financial advice."
audit-logger: {}
audit-logger marks the policy chain and emits an allow result; configure immutable storage and retention in their owning platform controls.
2. HIPAA-aware healthcare assistant
pack:
name: healthcare-hipaa
version: 1.0.0
enabled: true
providers:
targets:
- id: azure-health
provider: azure-openai
provider_type: azure-openai
format: openai
model: your-openai-model
base_url: https://health-resource.openai.azure.com
secret_key_ref:
env: KEEPTRUSTS_AZURE_OPENAI_API_KEY
azure_deployment: your-azure-deployment
azure_api_version: your-supported-api-version
policies:
chain:
- prompt-injection
- hipaa-phi-detector
- pii-detector
- healthcare-compliance
- audit-logger
policy:
hipaa-phi-detector:
mode: hipaa_18
action: redact
safe_harbor_method: true
pii-detector:
action: redact
healthcare_mode: true
healthcare-compliance:
blocked_patterns:
- diagnose this patient
- prescribe a dosage
required_disclaimers:
- This content is not medical advice.
fda_class: II
audit-logger: {}
3. Defense and export-control gateway
pack:
name: defense-controls
version: 1.0.0
enabled: true
providers:
targets:
- id: openai-gov
provider: openai
provider_type: openai
format: openai
model: your-openai-model
secret_key_ref:
env: KEEPTRUSTS_OPENAI_API_KEY
ip_allowlist:
cidrs:
- 10.100.0.0/16
- 10.101.0.0/16
policies:
chain:
- prompt-injection
- itar-ear-filter
- entity-list-filter
- dual-use-filter
- audit-logger
policy:
itar-ear-filter:
blocked_terms:
- ITAR
- EAR99
- controlled technical data
action: block
entity-list-filter:
blocked_entities:
- Restricted Aerospace GmbH
- Acme Ballistics
action: block
dual-use-filter:
blocked_terms:
- missile guidance
- centrifuge design
action: block
audit-logger: {}
4. EU AI Act recruitment workflow
pack:
name: eu-ai-act-recruitment
version: 1.0.0
enabled: true
providers:
targets:
- id: openai-eu
provider: openai
provider_type: openai
format: openai
model: your-openai-model
secret_key_ref:
env: KEEPTRUSTS_OPENAI_API_KEY
policies:
chain:
- prompt-injection
- pii-detector
- bias-monitor
- eu-ai-act
- audit-logger
policy:
pii-detector:
action: redact
bias-monitor:
threshold: 0.85
eu-ai-act:
risk_class: high
articles:
- 9
- 10
- 13
- 14
- 15
action: warn
audit-logger: {}
The current bias monitor uses a narrow HR-context heuristic and escalates matching outputs; its accepted action and protected_characteristics fields do not change that heuristic. eu-ai-act contributes compliance-report metadata but its action field does not gate inline traffic. Add human-oversight only when every response reaching that chain entry should be escalated.
5. Zero-data-retention routing
pack:
name: zero-retention-routing
version: 1.0.0
enabled: true
providers:
targets:
- id: openai-zdr
provider: openai
provider_type: openai
format: openai
model: your-openai-model
secret_key_ref:
env: KEEPTRUSTS_OPENAI_API_KEY
data_policy:
zero_data_retention: true
training_opt_out: true
retention_days: 0
- id: azure-zdr
provider: azure
provider_type: azure-openai
format: openai
model: your-azure-openai-model
base_url: https://replace-with-resource-name.openai.azure.com
secret_key_ref:
env: KEEPTRUSTS_AZURE_OPENAI_API_KEY
azure_api_version: your-supported-api-version
azure_deployment: your-azure-deployment
data_policy:
zero_data_retention: true
training_opt_out: true
retention_days: 0
- id: openai-standard
provider: openai
provider_type: openai
format: openai
model: your-openai-model
secret_key_ref:
env: KEEPTRUSTS_OPENAI_API_KEY
data_policy:
zero_data_retention: false
training_opt_out: true
retention_days: 30
routing:
strategy: ordered
logging:
redact_message_bodies: true
policies:
chain:
- data-routing-policy
- audit-logger
policy:
data-routing-policy:
require_zero_data_retention: true
require_no_training: true
on_no_compliant_provider: block
log_provider_selection: true
audit-logger: {}
6. Route-specific policy chains and consumer request budgets
pack:
name: multi-tenant-gateway
version: 1.0.0
enabled: true
providers:
targets:
- id: primary
provider: openai
provider_type: openai
format: openai
model: your-openai-model
secret_key_ref:
env: KEEPTRUSTS_OPENAI_API_KEY
routes:
- name: chat-route
path: /v1/chat/completions
chain:
- prompt-injection
- pii-detector
- audit-logger
- name: responses-route
path: /v1/responses
chain:
- prompt-injection
- audit-logger
consumer_groups:
key_header: Authorization
groups:
- name: enterprise
api_keys:
- 2cc1df694fd36b77cce455e8444733925101d967911cc58e52a426bc7a2ba7df
rate_limit:
max_requests: 1000
window_seconds: 3600
- name: starter
api_keys:
- 99413e437250b08389a70ed27ea55032a0355c75a0cc9c55641736cf68f32615
rate_limit:
max_requests: 50
window_seconds: 3600
global_rate_limit:
max_requests: 2000
window_seconds: 60
policies:
chain:
- prompt-injection
- pii-detector
- audit-logger
policy:
prompt-injection: {}
pii-detector:
action: redact
audit-logger: {}
Current runtime boundary: route and consumer-group resolution applies to Chat
Completions and Responses requests. A matched route selects its chain; parsed
route fields such as upstream and strip_path do not change dispatch. A
matched consumer group enforces rate_limit.max_requests and window_seconds;
its parsed upstream and rate_limit.max_tokens fields are not enforced.
Provider selection continues through providers.routing.
7. Execution-target agent workflow
This scenario is for a standalone or local gateway. Connected gateways mark execution targets inactive and do not launch the runner.
pack:
name: claude-agent-gateway
version: 1.0.0
enabled: true
providers:
targets:
- id: claude-agent
provider: claude-agent-sdk
model: your-anthropic-model
secret_key_ref:
env: KEEPTRUSTS_ANTHROPIC_API_KEY
policies:
chain:
- agent-firewall
- prompt-injection
- tool-validation
- tool-budget
- audit-logger
policy:
agent-firewall:
allowed_tools:
- Read
- Write
blocked_tools:
- WebFetch
max_actions_per_session: 100
tool-validation:
declared_tools:
- Read
- Write
allow_undeclared: false
tool-budget:
budgets:
Read:
max_tokens: 5000
max_cost_usd: 0.5
Write:
max_tokens: 10000
max_cost_usd: 1.0
8. Quality benchmarking with always-on post-quality review
pack:
name: quality-benchmarking
version: 1.0.0
enabled: true
providers:
targets:
- id: openai-prod
provider: openai
provider_type: openai
format: openai
model: your-openai-model
secret_key_ref:
env: KEEPTRUSTS_OPENAI_API_KEY
policies:
chain:
- citation-verifier
- quality-scorer
- flagged-review
- audit-logger
policy:
citation-verifier:
require_sources: true
min_confidence: 0.8
quality-scorer:
benchmarks:
ragas_faithfulness: true
ragas_relevancy: true
bleu_score: true
assertions:
- type: contains
config:
value: source
- type: llm-rubric
config:
rubric: The answer should be grounded and easy to verify.
threshold: 0.8
thresholds:
min_aggregate: 0.8
min_faithfulness: 0.8
failure_action:
action: block
flagged-review:
mode: review_and_return
provider:
name: review-llm
endpoint: https://api.openai.com/v1/chat/completions
model: your-openai-model
secret_key_ref:
env: KEEPTRUSTS_OPENAI_API_KEY
timeout_ms: 5000
This chain does not use flagged-review as a quality-failure fallback. A
quality failure with action: block returns immediately, before the later
policy runs. A response that passes quality-scorer proceeds to
flagged-review, so the review provider runs on every response that reaches
that point in the chain.
Next steps
- Declarative Config Reference — Schema details for each section
- Policy Controls Catalog — All available policies
- Config Testing — Add test suites to validate scenarios
- Providers Configuration — Provider target setup