Skip to main content
Policies are rules enforced in the gateway request path — they run after auth and budget checks, before the request is forwarded to a provider. A blocked request never reaches the provider.

Policy types

Model allowlist

Restricts which models a key can use. Requests for unlisted models return a 403.
type: model_allowlist
config:
  models:
    - claude-opus-4-8
    - claude-sonnet-4-6
    - gpt-4o

PII redaction

Scans the outbound request body and replaces detected PII before forwarding. The original prompt is never sent to the provider.
type: pii_redaction
config:
  patterns:
    - email
    - phone
    - ssn
    - credit_card
  custom_patterns:
    - name: internal_id
      regex: 'EMP-\d{6}'
      replacement: '[EMPLOYEE_ID]'
Redacted values are replaced with [EMAIL], [PHONE], etc. The ClickHouse audit log records what was redacted (not the original value).

Prompt injection detection

Detects adversarial instruction injection attempts in the user turn. Can be set to block or flag (log but allow).
type: prompt_injection
config:
  action: block
  sensitivity: medium   # low | medium | high
On block, the response is:
{
  "error": {
    "type": "policy_violation",
    "policy": "prompt_injection",
    "message": "Request blocked: potential prompt injection detected.",
    "code": 403
  }
}

Guardrail (ML classifier)

Runs the request body through an ML classifier for jailbreak attempts, toxicity, or custom categories. Requires a classifier endpoint to be configured on the gateway by your Wardin administrator (a deployment-level setting, not per-tenant).
type: guardrail
config:
  categories:
    - jailbreak
    - toxicity
  action: block
  threshold: 0.8

Policy scope

Policies attach to keys or to the tenant (org-wide). A key inherits tenant-level policies plus its own.
ScopeApplies to
TenantAll keys in the org
KeyOne specific key

Enforcement audit trail

Every policy decision is logged to ClickHouse:
{
  "event_type": "policy_block",
  "policy_type": "model_allowlist",
  "key_id": "key_01j...",
  "user_id": "user_abc",
  "model_requested": "gpt-4-turbo",
  "timestamp": "2025-01-15T10:05:00Z"
}
The POLICY stage in the dashboard shows real per-policy hit counts sourced from ClickHouse — not placeholder data — alongside the live enforcement feed.

Creating a policy

Dashboard

POLICY → Create policy — choose a type, fill the structured form, or switch to raw YAML for advanced config. The editor validates YAML on save and blocks invalid schemas.

REST API

curl -X POST https://api.wardin.ai/v1/policies \
  -H "Authorization: Bearer wardin_sk_ADMIN_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "engineering-allowlist",
    "type": "model_allowlist",
    "config": {
      "models": ["claude-opus-4-8", "claude-sonnet-4-6"]
    },
    "keyIds": ["key_01j..."]
  }'