Skip to main content

Language Validator

The language-validator policy checks request input text against configured language allow or deny lists. Use apply_to: input; output-side language enforcement is not a supported customer-facing behavior in this release.

Supported detected languages

The detector currently recognizes these ISO-like codes:

  • en
  • es
  • fr
  • de
  • zh
  • ja
  • ko
  • ar
  • pt
  • ru

Configuration

pack:
name: language-validator
version: "1.0.0"
enabled: true

policies:
chain:
- language-validator

policy:
language-validator:
allowed_languages:
- en
- fr
denied_languages: []
min_confidence: 0.5
action: block
apply_to: input

Fields

FieldTypeDescriptionDefault
allowed_languagesstring[]Allowlist of detected language codes. When non-empty, any detected language not on the list is treated as a violation.[]
denied_languagesstring[]Denylist of detected language codes. Used only when allowed_languages is empty.[]
min_confidencenumberMinimum confidence required before the gateway acts on a detection. Below this threshold the gateway allows the input through.0.5
action"block" | "warn"block returns a block verdict. warn allows the request and records a warning-style reason code."block"
apply_to"input" | "output" | "both"Use input for enforcement. both performs the input check but has no output check; output skips the input check and does not enforce output."both"

How it works

  1. Text selection: the gateway joins user and system input messages.
  2. Detection: the gateway uses local Unicode-block and trigram rules to detect the language.
  3. Confidence gate: detections below min_confidence are allowed.
  4. Policy check: the detected language is compared against allowed_languages or denied_languages.
  5. Verdict: block returns a block verdict; warn returns allow with a warning-style reason code.

Valid examples

English-only input gate

pack:
name: english-only
version: "1.0.0"
enabled: true

policies:
chain:
- language-validator

policy:
language-validator:
allowed_languages:
- en
min_confidence: 0.6
action: block
apply_to: input

Warn on denied languages without blocking

pack:
name: routing-observability
version: "1.0.0"
enabled: true

policies:
chain:
- language-validator

policy:
language-validator:
denied_languages:
- ja
- ar
min_confidence: 0.4
action: warn
apply_to: input

Important limitations

  • Output language enforcement is not supported. Configure apply_to: input; output skips enforcement and both enforces only the input side.
  • The detector only recognizes the supported language set listed above.
  • Mixed-language or very short text may fall below min_confidence and therefore pass through.

Best practices

  • Prefer allowed_languages for strict input control.
  • Start with action: warn if you need to measure traffic before enforcing blocks.
  • Pair the validator with prompt-injection or pii-detector when you need language-aware security boundaries on input text.

Next steps