Configuration & Policy Overview
This section explains how Keeptrusts declarative config turns policy controls into a working gateway contract. Use it to decide which policy kinds you need, how they fit into policies.chain, and how the resulting config behaves at runtime.
Start here
| If you need to... | Start with |
|---|---|
| Understand the supported top-level schema | Declarative Config Reference |
| Browse supported controls before choosing one | Policy Controls Catalog |
| Define provider targets, routing, or fallback | Providers Configuration and data-routing-policy |
| Add tests before rollout | Config Testing and kt policy test |
| Protect sensitive or regulated data | pii-detector and dlp-filter |
| Defend the input boundary | prompt-injection |
Follow this order
- Start with the Declarative Config Reference so the document shape is correct.
- Pick the policy kinds you need from the Policy Controls Catalog.
- Add them to
policies.chainand tune each block underpolicy.<kind>. - Validate the config with linting and tests before rollout.
- Add the audit marker and verify request outcomes with
kt eventsor the Events API. Add History only when capture is enabled and retained session context is needed.
How policies work
Major policy groups
Request and routing controls
| Policy Kind | Purpose |
|---|---|
prompt-injection | Block prompt-injection and jailbreak signals before upstream calls |
pii-detector | Detect sensitive identifiers and redact or block request content |
dlp-filter | Apply broader pattern-based filtering for sensitive or proprietary data |
rbac | Apply role, identity, and sensitivity-based access rules |
agent-firewall | Restrict agent tool use and unsafe action classes |
data-routing-policy | Filter provider targets by retention or training metadata |
Output controls
| Policy Kind | Purpose |
|---|---|
quality-scorer | Score output quality and block or escalate on thresholds |
human-oversight | Return an escalated result instead of delivering output |
citation-verifier | Verify groundedness against context |
Audit and evidence
| Policy Kind | Purpose |
|---|---|
audit-logger | Emit an allow-only audit marker; retention and storage are configured separately |
Example configuration
pack:
name: "my-project"
version: "0.1.0"
enabled: true
policies:
chain:
- prompt-injection
- pii-detector
- quality-scorer
- audit-logger
policy:
prompt-injection:
attack_patterns:
- "ignore.*previous.*instructions"
- "forget.*system.*prompt"
encoding:
decode_base64: true
normalize_unicode: true
detect_homoglyphs: true
boundaries:
enforce_delimiters: true
reject_fake_boundaries: true
response:
action: block
pii-detector:
action: redact
pci_mode: true
quality-scorer:
assertions:
- type: word-count
config:
min: 20
thresholds:
min_aggregate: 0.7
audit-logger: {}
Key rules
- Chain order matters — policies execute in the order listed in
policies.chain. - First blocking verdict wins — once the gateway blocks a turn, later policies do not run for that stage.
- Redaction and output buffering are runtime behaviors — some policies redact request text, some buffer and inspect output, and some do both.
- Some controls are phase-limited today — for example,
human-oversightis output-only andlanguage-validatorcurrently enforces input checks only.
See the Declarative Config Reference for the complete schema and the Policy Controls Catalog for the inventory of supported controls.
Next steps
- Declarative Config Reference — Full config schema
- Policy Controls Catalog — Browse policy kinds and starter snippets
- Config-First Workflow — Operating model for policy deployment
- Config Testing — validate the exact chain before rollout