Entity List Filter
The entity-list-filter policy screens content against your configured blocked_entities list. If the list is empty, the policy is effectively a no-op and returns an allow result with a warning in the policy details.
Configuration
pack:
name: entity-list-filter-example
version: 1.0.0
enabled: true
policies:
chain:
- entity-list-filter
policy:
entity-list-filter:
blocked_entities:
- Huawei Technologies
- Hikvision
- Russian Direct Investment Fund
fuzzy_matching: true
max_distance: 2
Fields
| Field | Type | Description | Default |
|---|---|---|---|
blocked_entities | string[] | Entity names to screen. Required for meaningful enforcement. | [] |
action | block | The only accepted and effective action. | block |
fuzzy_matching | boolean | Enable near-match detection for spelling variations and transliterations. | false |
max_distance | integer | Maximum edit distance used with fuzzy matching. | 1 |
The policy always blocks when a match is found; block is the only accepted action value.
How It Works
- Keeptrusts joins the message content into a single text buffer.
- It checks each configured entity with case-insensitive matching.
- When
fuzzy_matchingis enabled, it also evaluates token windows against the configured entity strings. - On any match, the policy blocks the request with
reason_code: entity_list.triggered.
Best Practices
- Do not rely on this policy without populating
blocked_entities. - Prefer full names over short fragments to reduce false positives.
- Use fuzzy matching only for names that are commonly transliterated or misspelled.
- Use Trail and Audit Evidence when you need persisted screening evidence.
audit-loggeronly marks audit logging as active in the decision stream.
Combining With Other Policies
| Combination | Effect |
|---|---|
entity-list-filter + itar-ear-filter | Screens named parties and export-controlled subject matter together. |
entity-list-filter + dual-use-filter | Adds topic-based blocking for dual-use terms alongside entity screening. |
entity-list-filter + audit-logger | Adds the audit-logging active marker to the decision stream; evidence persistence is configured elsewhere. |
entity-list-filter + data-routing-policy | Combines content screening with provider-side routing constraints. |
Next steps
- Dual-Use Filter — Dual-use term controls
- ITAR/EAR Filter — Export-control blocking
- DLP Filter — Custom regex and term matching
- Audit Logger — Decision logging