Legal Privilege
The legal-privilege policy is an output-phase blocker for privileged legal phrases. It scans generated output text for configured markers, or a small built-in default list, and blocks the response when a marker is found.
Configuration
pack:
name: legal-privilege
version: "1.0.0"
enabled: true
policies:
chain:
- legal-privilege
policy:
legal-privilege:
privilege_markers:
- "attorney-client privilege"
- "privileged and confidential"
- "work product"
- "for legal review only"
Fields
| Field | Type | Description | Default |
|---|---|---|---|
privilege_markers | string[] | Case-insensitive markers that trigger blocking when they appear in output text. If omitted, the gateway uses the built-in defaults shown above. | built-in list |
action | block | The only accepted action; a matching output is always blocked. | block |
How it works
- Output extraction: the server extracts response text from the buffered model output.
- Marker scan: the gateway lowercases the text and checks whether any configured or built-in marker appears as a substring.
- Verdict: a match returns
Verdict::Blockwithreason_code = "legal.privilege_detected". - Audit details: the decision event records whether a hit occurred and how many markers were active.
Important limitations
- The current policy evaluates output text only. It does not scan inbound prompts.
- There is no redact or escalate mode for this policy.
actionis optional because blocking is the only supported runtime behavior.
Valid examples
Use built-in defaults
pack:
name: legal-defaults
version: "1.0.0"
enabled: true
policies:
chain:
- legal-privilege
policy:
legal-privilege: {}
Add organization-specific privilege markers
pack:
name: litigation-review
version: "1.0.0"
enabled: true
policies:
chain:
- legal-privilege
policy:
legal-privilege:
privilege_markers:
- "attorney-client privilege"
- "work product"
- "for legal review only"
- "settlement draft"
- "outside counsel only"
Best practices
- Put the policy in output chains that produce legal analysis, summaries, or draft memoranda.
- Extend
privilege_markerswith your jurisdictional or organization-specific labels. - Pair with
case-privacy,upl-filter, andpii-detectorfor broader legal-data controls.
Next steps
- UPL Filter — Additional legal-output constraints
- Case Privacy — Case-sensitive data controls
- PII Detector — Shared redaction pipeline
- Human Oversight — Escalate sensitive outputs elsewhere in the chain