Language Validator
The language-validator policy checks request input text against configured language allow or deny lists. Use apply_to: input; output-side language enforcement is not a supported customer-facing behavior in this release.
Supported detected languages
The detector currently recognizes these ISO-like codes:
enesfrdezhjakoarptru
Configuration
pack:
name: language-validator
version: "1.0.0"
enabled: true
policies:
chain:
- language-validator
policy:
language-validator:
allowed_languages:
- en
- fr
denied_languages: []
min_confidence: 0.5
action: block
apply_to: input
Fields
| Field | Type | Description | Default |
|---|---|---|---|
allowed_languages | string[] | Allowlist of detected language codes. When non-empty, any detected language not on the list is treated as a violation. | [] |
denied_languages | string[] | Denylist of detected language codes. Used only when allowed_languages is empty. | [] |
min_confidence | number | Minimum confidence required before the gateway acts on a detection. Below this threshold the gateway allows the input through. | 0.5 |
action | "block" | "warn" | block returns a block verdict. warn allows the request and records a warning-style reason code. | "block" |
apply_to | "input" | "output" | "both" | Use input for enforcement. both performs the input check but has no output check; output skips the input check and does not enforce output. | "both" |
How it works
- Text selection: the gateway joins
userandsysteminput messages. - Detection: the gateway uses local Unicode-block and trigram rules to detect the language.
- Confidence gate: detections below
min_confidenceare allowed. - Policy check: the detected language is compared against
allowed_languagesordenied_languages. - Verdict:
blockreturns a block verdict;warnreturns allow with a warning-style reason code.
Valid examples
English-only input gate
pack:
name: english-only
version: "1.0.0"
enabled: true
policies:
chain:
- language-validator
policy:
language-validator:
allowed_languages:
- en
min_confidence: 0.6
action: block
apply_to: input
Warn on denied languages without blocking
pack:
name: routing-observability
version: "1.0.0"
enabled: true
policies:
chain:
- language-validator
policy:
language-validator:
denied_languages:
- ja
- ar
min_confidence: 0.4
action: warn
apply_to: input
Important limitations
- Output language enforcement is not supported. Configure
apply_to: input;outputskips enforcement andbothenforces only the input side. - The detector only recognizes the supported language set listed above.
- Mixed-language or very short text may fall below
min_confidenceand therefore pass through.
Best practices
- Prefer
allowed_languagesfor strict input control. - Start with
action: warnif you need to measure traffic before enforcing blocks. - Pair the validator with
prompt-injectionorpii-detectorwhen you need language-aware security boundaries on input text.
Next steps
- Prompt Injection Detection — Protect the input boundary first
- PII Detector — Sanitize sensitive data after language checks
- Human Oversight — Escalate sensitive outputs separately
- Safety Filter — Response safety controls