Where
Which surface and filters this policy applies to. Defines the traffic the policy can see.
When
Which signals must match before the policy fires. Defines the subset of traffic that triggers it.
Then
Which action to take —
Log, Mask, or Block. Defines what enforcement does on the wire.Authoring policies from the UI
Policies are authored from Runtime → Policies → Create Policy. The modal has four blocks.1. Name
A human-readable identifier — for example,Block PII in customer support. The name appears in lists, logs, alerts, and audit trails, so keep it descriptive and specific.
2. Where
Where has two parts: Surface — exactly one of:| Surface | Traffic it covers |
|---|---|
| Gateway | A gateway integration created in the platform. Routes can target LLM providers directly (embedded AI Gateway) or sit on top of a third-party AI gateway or custom backend. |
| Browser | Prompts in web-based LLMs via the browser extension. |
| API | An API engine (Serverless or Dedicated) your backends call directly, per-engine API keys. |
| Endpoint | AI traffic from managed devices routed through a transparent MITM proxy via an MDM-pushed PAC file (no software on the device). |
+ Add filter. Each surface exposes a different catalog:
| Surface | Available filters |
|---|---|
| Gateway | Gateways · Routes · Tags · Use Cases |
| Browser | Applications |
| API | Engines · Tags · Use Cases |
| Endpoint | Endpoints · Applications · Tags |
3. When
When expresses conditions on the detections TrustGate produces. Each condition has three parts:| Part | What it is |
|---|---|
| Field | Where on the traffic the condition evaluates — for example Input (what the user typed or sent). The set of fields depends on the surface. |
| Operator | Triggers or Does not trigger. |
| Value | One or more detections picked from a catalog, grouped by category. |
Detections catalog (Browser surface)
For the Browser surface, theValue picker shows two categories:
| Category | Detections |
|---|---|
| PII & Confidential | Email Address · Phone Number · Social Security Number · Credit Card · API Key / Secret |
| File Security | File Upload · PII in Files |
Field · Triggers / Does not trigger · Detections — is the same everywhere.
Combining conditions
Add more rows with+ Add Condition. Conditions always combine with AND — every row must match for the policy to fire. There is no OR operator.
For OR semantics, create multiple policies that share the same Then action.
Leaving When empty means the policy fires on every request in the Where scope — useful for blanket Log rules while you tune more specific policies.
4. Then
Then is the action when the conditions match:| Action | Effect |
|---|---|
| Log | Request passes through; the event is recorded for audit, review, and alerting. |
| Mask | Sensitive fragments (PII, secrets, custom entities) are redacted or tokenized before the request continues. |
| Block | Request is rejected before the upstream call; the caller receives an error and the upstream is never reached. |
Mask and Block translate on Browser and Endpoint.
Allow is the implicit default. A request that doesn’t match any policy’s conditions is allowed.
Precedence when multiple policies match
A single request usually matches more than one policy — a narrow team policy and a broad org-wide policy, for example. TrustGate resolves all matches to a single outcome:- Most restrictive action wins —
block ▶ mask ▶ log ▶ allow. - Masks compose — if two policies mask different fields, both masks are applied before the request continues.
- Order in the list is authoring-only — it does not change the precedence rules above.
Log policy without loosening existing Block rules.
Example policies
Three patterns you’ll see in most deployments. Block PII pastes into ChatGPT- Where —
Browser+ filterApps = ChatGPT - When —
Input·Triggers·Email Address, Phone Number, Credit Card, Social Security Number, API Key / Secret - Then —
Block
- Where —
Browser+ filterApps = ChatGPT, Claude, Gemini - When —
Input·Triggers·PII in Files - Then —
Log(plus alert via SIEM)
- Where —
Gateway+ filterRoutes = /openai/*, /anthropic/* - When —
Input·Triggers·API Key / Secret - Then —
Mask
Lifecycle
Policies live under Runtime → Policies alongside Logs and the Playground.| Stage | What you do |
|---|---|
| Draft | Author the policy in Log mode to observe impact without affecting traffic. |
| Review | Inspect hits in Logs, replay traffic in Playground, confirm false-positive rate. |
| Enforce | Flip the action to Mask or Block. |
Best practices
- Start in Log. Every new policy should be born as
Log, reviewed against real traffic, and only then promoted toMaskorBlock. - Write one concern per policy. “Block PII on
/openai/*” and “Log PII on/anthropic/*” are two policies, not one with conditional logic. Easier to version, review, and audit. - Prefer filters over conditions for routing. Use Where → filters to scope by app or route; reserve When for signal-driven logic. Keeps policies readable.
- Layer across surfaces. The same policy intent (for example, “block credentials”) is cheap to replicate on Gateway, Browser, and Endpoint — write it once per surface, not as one giant policy.
- Name for audit.
[Compliance] Block PII — EU providersreads better in a SIEM thanpolicy-42.