Document Analyzer
The document-analyzer policy inspects documents embedded in the request JSON under keys such as documents, attachments, input_documents, and files. It can block oversized or disallowed MIME types and optionally sanitize extracted document text for a fixed set of risky code patterns.
Configuration
pack:
name: document-analyzer-example
version: 1.0.0
enabled: true
policies:
chain:
- document-analyzer
- prompt-injection
- pii-detector
policy:
document-analyzer:
enabled: true
sanitize_code: true
max_document_bytes: 524288
allowed_mime_types:
- application/pdf
- text/plain
- application/vnd.openxmlformats-officedocument.wordprocessingml.document
Fields
| Field | Type | Description | Default |
|---|---|---|---|
enabled | boolean | Disable the analyzer without removing it from the chain. | true |
sanitize_code | boolean | Apply the built-in code-sanitization rules to extracted document text. | true |
max_document_bytes | integer | Block a document when its raw payload exceeds this byte size. | 524288 |
allowed_mime_types | string[] | Optional MIME allowlist. Empty means all MIME types are accepted. | [] |
Supported request shapes
The analyzer looks for arrays under these request keys:
documentsattachmentsinput_documentsfiles
For each item it reads:
name(optional, defaults toinline-document)mime_typeorcontent_typetextfor inline text documents, orcontent_base64/datafor encoded bytes
Extraction behavior
application/pdf→ heuristic PDF text extraction- DOCX MIME types containing
wordprocessingml.document→ text fromword/document.xml - Everything else → lossy UTF-8 text conversion of the raw bytes
Code sanitization behavior
When sanitize_code is true, extracted text is scanned for the built-in patterns from the gateway code-sanitizer helper:
rm -rfdrop table169.254.169.254curl http://localhost/curl https://localhostchmod 777- recursive
aws s3 cp
Matches are replaced with [redacted code pattern] in the extracted text fragments that downstream policies see.
Use Cases
MIME and size guardrail
pack:
name: upload-screening
version: 1.0.0
enabled: true
policies:
chain:
- document-analyzer
- audit-logger
policy:
document-analyzer:
max_document_bytes: 1048576
allowed_mime_types:
- application/pdf
- text/plain
- image/png
- image/jpeg
Document text into downstream privacy checks
pack:
name: doc-plus-pii
version: 1.0.0
enabled: true
policies:
chain:
- document-analyzer
- pii-detector
- dlp-filter
policy:
document-analyzer:
sanitize_code: true
pii-detector:
action: redact
dlp-filter:
blocked_terms:
- Project Titan
action: block
How It Works
- The analyzer reads document entries from the structured request payload.
- It blocks immediately if any document exceeds
max_document_bytes. - It blocks immediately if
allowed_mime_typesis non-empty and a document MIME type is missing from the allowlist. - It extracts text from each accepted document and records findings such as source name, MIME type, extracted character count, and detected code-block count.
- It adds the extracted text fragments to the policy details so later policies can inspect them.
Best Practices
- Keep the MIME allowlist small and explicit in production.
- Leave
sanitize_codeenabled unless you have a strong reason to preserve raw risky code text. - Pair this policy with
prompt-injection,pii-detector, ordlp-filterwhen document text should be governed the same way as message text. - Do not assume this policy fetches remote URLs or parses multipart uploads outside the JSON body shapes listed above.
Next steps
- PII Detector — Personal-data detection on extracted text
- DLP Filter — Custom term and regex controls
- Prompt Injection Detection — Injection detection on document text
- Content Extractor — URL content extraction