Skip to main content

Entity List Filter

The entity-list-filter policy screens content against your configured blocked_entities list. If the list is empty, the policy is effectively a no-op and returns an allow result with a warning in the policy details.

Configuration

pack:
name: entity-list-filter-example
version: 1.0.0
enabled: true

policies:
chain:
- entity-list-filter

policy:
entity-list-filter:
blocked_entities:
- Huawei Technologies
- Hikvision
- Russian Direct Investment Fund
fuzzy_matching: true
max_distance: 2

Fields

FieldTypeDescriptionDefault
blocked_entitiesstring[]Entity names to screen. Required for meaningful enforcement.[]
actionblockThe only accepted and effective action.block
fuzzy_matchingbooleanEnable near-match detection for spelling variations and transliterations.false
max_distanceintegerMaximum edit distance used with fuzzy matching.1

The policy always blocks when a match is found; block is the only accepted action value.

How It Works

  1. Keeptrusts joins the message content into a single text buffer.
  2. It checks each configured entity with case-insensitive matching.
  3. When fuzzy_matching is enabled, it also evaluates token windows against the configured entity strings.
  4. On any match, the policy blocks the request with reason_code: entity_list.triggered.

Best Practices

  • Do not rely on this policy without populating blocked_entities.
  • Prefer full names over short fragments to reduce false positives.
  • Use fuzzy matching only for names that are commonly transliterated or misspelled.
  • Use Trail and Audit Evidence when you need persisted screening evidence. audit-logger only marks audit logging as active in the decision stream.

Combining With Other Policies

CombinationEffect
entity-list-filter + itar-ear-filterScreens named parties and export-controlled subject matter together.
entity-list-filter + dual-use-filterAdds topic-based blocking for dual-use terms alongside entity screening.
entity-list-filter + audit-loggerAdds the audit-logging active marker to the decision stream; evidence persistence is configured elsewhere.
entity-list-filter + data-routing-policyCombines content screening with provider-side routing constraints.

Next steps