Policy types
Model allowlist
Restricts which models a key can use. Requests for unlisted models return a403.
PII redaction
Scans the outbound request body and replaces detected PII before forwarding. The original prompt is never sent to the provider.[EMAIL], [PHONE], etc. The ClickHouse audit log records what was redacted (not the original value).
Prompt injection detection
Detects adversarial instruction injection attempts in the user turn. Can be set toblock or flag (log but allow).
block, the response is:
Guardrail (ML classifier)
Runs the request body through an ML classifier for jailbreak attempts, toxicity, or custom categories. Requires a classifier endpoint to be configured on the gateway by your Wardin administrator (a deployment-level setting, not per-tenant).Policy scope
Policies attach to keys or to the tenant (org-wide). A key inherits tenant-level policies plus its own.| Scope | Applies to |
|---|---|
| Tenant | All keys in the org |
| Key | One specific key |