ITAR/EAR Filter
The itar-ear-filter policy blocks export-control reference terms associated with ITAR and EAR. It evaluates request text and also performs buffered output checks. Request-side evaluation supports optional fuzzy matching; buffered output checks use exact word-boundary matching.
Configuration
pack:
name: itar-ear-filter
version: "1.0.0"
enabled: true
policies:
chain:
- itar-ear-filter
policy:
itar-ear-filter:
blocked_terms:
- "missile guidance"
- "night vision"
- "export controlled"
fuzzy_matching: true
max_distance: 1
Fields
| Field | Type | Description | Default |
|---|---|---|---|
blocked_terms | string[] | Terms used for matching. If empty, the gateway falls back to a built-in reference list including terms such as itar, ear, usml, eccn, missile guidance, night vision, nuclear technology, and classified information. | built-in list |
action | block | The only accepted and effective action. | block |
fuzzy_matching | boolean | Enables Levenshtein-distance matching in the request-phase check. Buffered output checks do not use fuzzy matching. | false |
max_distance | integer | Maximum request-side edit distance used when fuzzy_matching is enabled. | 1 |
How it works
- Request phase: the gateway lowercases the joined request text and looks for configured or built-in blocked terms.
- Optional fuzzy matching: if
fuzzy_matchingis enabled, request evaluation uses edit-distance matching withmax_distance. - Buffered output checks: the server also scans buffered output text for the same terms using exact word-boundary matching.
- Verdict: any match blocks the request or output.
itar-ear-filterdoes not provide redact or warn behavior.
Important notes
- The built-in list is a reference list of export-control markers. It is not an exhaustive legal representation of every USML or CCL category.
- Output checks currently use exact matching even when request-side
fuzzy_matchingis enabled. - This policy is a technical guardrail, not a substitute for export-control review.
Valid examples
Strict built-in defaults
pack:
name: defense-defaults
version: "1.0.0"
enabled: true
policies:
chain:
- itar-ear-filter
policy:
itar-ear-filter: {}
Add program-specific terms
pack:
name: defense-program-terms
version: "1.0.0"
enabled: true
policies:
chain:
- itar-ear-filter
policy:
itar-ear-filter:
blocked_terms:
- "radar cross section"
- "thermal imaging"
- "satellite technology"
fuzzy_matching: true
max_distance: 2
Best practices
- Start with built-in terms, then add organization-specific terms for programs, platforms, and components.
- Use fuzzy matching only where typo or obfuscation risk outweighs false-positive cost.
- Pair this filter with
entity-list-filteranddual-use-filterfor broader export-control coverage.
Next steps
- Dual-Use Filter — Additional capability-focused screening
- Entity List Filter — Restricted-entity matching
- DLP Filter — General sensitive-pattern blocking
- Data Routing Policy — Provider-level routing restrictions