Policy Controls Catalog
Keeptrusts supports a broad set of policy controls across request, tool, output, routing, and audit paths. This catalog gives customers a practical view of what major controls are for and how to start composing them.
Request, tool, and routing controls
data-routing-policy: filter which configured providers may receive traffic.prompt-injection: detect jailbreak and prompt-injection signals before upstream calls.pii-detector: redact or block sensitive identifiers and power buffered response redaction.hipaa-phi-detector: add HIPAA-style PHI heuristics on top of the shared redaction pipeline.rbac: enforce role, identity, and sensitivity-based access rules.agent-firewall: allow or deny tool use and enforce per-request action or transaction limits.cjis-mode: enforce CJIS-style request constraints.dlp-filter: apply broader data-loss-prevention pattern controls.safety-filter: block or escalate unsafe content patterns.student-privacy: protect student-data scenarios.case-privacy: protect case-sensitive justice and legal data.itar-ear-filter: block export-control reference terms.entity-list-filter: match restricted or watch-listed entities.dual-use-filter: detect dual-use and sensitive capability signals.embedding-detector: semantic detector that can be declared directly in config.
Output controls
quality-scorer: compute and act on quality thresholds.human-oversight: return an escalated result instead of delivering assistant content.citation-verifier: evaluate groundedness against provided context.mnpi-filter: block generated output containing configured MNPI phrases.financial-compliance: add finance-oriented compliance behavior.legal-privilege: block generated output containing privilege markers.upl-filter: apply unauthorized-practice-of-law controls.bias-monitor: escalate the built-in HR-oriented bias signal when it reaches the configured threshold.response-rewriter: apply deterministic response transformations after the upstream model returns.healthcare-compliance: enforce medical blocked patterns and disclaimers.
Audit and evidence
audit-logger: emit an allow-only marker showing that audit logging is part of the active chain; storage and retention are configured separately.
Starter configurations
Below are valid starter YAML snippets for common combinations.
PII redaction with audit logging
policies:
chain:
- pii-detector
- audit-logger
policy:
pii-detector:
action: redact
redaction:
marker_format: label
include_metadata: true
audit-logger: {}
Prompt-injection protection
policies:
chain:
- prompt-injection
- audit-logger
policy:
prompt-injection:
attack_patterns:
- "ignore.*previous.*instructions"
- "forget.*system.*prompt"
encoding:
decode_base64: true
normalize_unicode: true
detect_homoglyphs: true
boundaries:
enforce_delimiters: true
reject_fake_boundaries: true
Agent firewall with role-based tool access
policies:
chain:
- agent-firewall
- rbac
- audit-logger
policy:
agent-firewall:
tools:
roles:
analyst:
allowed:
- search
- summarize
denied:
- execute_code
- shell_command
rbac:
require_auth: true
deny_if_missing:
- X-User-ID
- X-User-Role
roles:
analyst:
allowed_tools:
- search
- summarize
denied_tools:
- execute_code
- shell_command
Healthcare redaction stack
policies:
chain:
- data-routing-policy
- pii-detector
- hipaa-phi-detector
- healthcare-compliance
- audit-logger
policy:
data-routing-policy:
require_zero_data_retention: true
on_no_compliant_provider: block
pii-detector:
action: redact
healthcare_mode: true
pci_mode: false
redaction:
marker_format: label
include_metadata: true
hipaa-phi-detector:
action: redact
mode: hipaa_18
safe_harbor_method: true
healthcare-compliance: {}
audit-logger: {}
Finance output controls
policies:
chain:
- mnpi-filter
- financial-compliance
- quality-scorer
- audit-logger
policy:
mnpi-filter:
detect_patterns:
- "earnings before announcement"
- "merger not public"
financial-compliance: {}
quality-scorer:
min_output_chars: 100
min_sentences: 2
audit-logger: {}
Testing a policy config
After authoring, validate with the CLI and send a test request.
kt policy lint --file policy-config.yaml
- cURL
- Python
- Node.js
curl http://localhost:41002/v1/chat/completions \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $REQUEST_TOKEN" \
-d '{
"model": "gpt-5.4-mini",
"messages": [
{"role": "user", "content": "My SSN is 123-45-6789. Summarize the report."}
]
}'
import os
from openai import OpenAI
client = OpenAI(
base_url="http://localhost:41002/v1",
api_key=os.environ["KEEPTRUSTS_REQUEST_TOKEN"],
)
response = client.chat.completions.create(
model="gpt-5.4-mini",
messages=[{"role": "user", "content": "My SSN is 123-45-6789. Summarize the report."}],
)
print(response.choices[0].message.content)
import OpenAI from "openai";
const requestToken = process.env.KEEPTRUSTS_REQUEST_TOKEN;
if (!requestToken) {
throw new Error("KEEPTRUSTS_REQUEST_TOKEN is required");
}
const client = new OpenAI({
baseURL: "http://localhost:41002/v1",
apiKey: requestToken,
});
const response = await client.chat.completions.create({
model: "gpt-5.4-mini",
messages: [{ role: "user", content: "My SSN is 123-45-6789. Summarize the report." }],
});
console.log(response.choices[0].message.content);
Important limitations
- The catalog describes major controls, but some behaviors are runtime-managed. For example,
human-oversightcurrently acts only onaction: escalate, andlanguage-validatorcurrently enforces input checks only. - Some controls are building blocks rather than complete compliance guarantees. Customers still own legal review, operating process, and provider governance.
- Use the declarative config reference as the source of truth for exact accepted shapes.
Next steps
- Declarative Config Reference — Full config schema for each policy
- Config Testing — validate chosen controls before rollout
- Overview — How policies execute in the gateway