Enforcement mode — Report vs Enforce
A single switch controls whether the policy can act:| Mode | Effect |
|---|---|
| Report | Every gate and detector action is downgraded to a non-blocking record. Nothing is blocked or transformed. Use it to measure signal and false positives before turning on enforcement. |
| Enforce | Actions apply as configured — gates can block, detector rules can block or transform. |
report_only flag. A typical rollout runs a new
policy in Report first, reviews findings, then flips to Enforce.
Gates — match before you detect
Gates are evaluated before any detector runs. A gate matches on request attributes (not content) and takes an action. Because they run first, gates are how you cheaply allow, block, or waive traffic without spending detection. Each gate is a set of conditions joined by And/Or, and a Then action:| Gate action | Effect |
|---|---|
| Block | Block the request immediately; detectors are skipped. (In Report mode this is recorded, not enforced.) |
| Report | Record a finding and continue to detection. |
| Skip | Stop gate evaluation and proceed to detectors — no finding. Use it to waive specific traffic. |
Condition attributes
Conditions target these request attributes:| Group | Attributes |
|---|---|
| Consumer | consumer.id, consumer.name, consumer.tag, consumer.type |
| Model | model.name, model.provider |
| Collector | collector.id, collector.type |
| Session | session.id |
| Protocol | protocol |
eq), Not equals (neq), Greater than (gt), Less than
(lt), Contains (contains), Does not contain (not_contains), In (in — a
comma‑separated list), Matches (match — a regular expression).
The consumer.*, model.* and collector.type values come from the guard
request’s attributes; collector.id, session.id and protocol are resolved
by TrustGuard.
Detectors — run detectors and decide the action
The policy’s Detectors tab holds its detector rules, split by evaluation phase:- Input — evaluate the prompt/request.
- Output — evaluate the completion/response.
| Action | Console label | Effect | Rewrites payload |
|---|---|---|---|
report | Monitor | Record a finding only. | — |
block | Block | Flag the request for blocking; stops the remaining detector chain. | — |
transform | Transform | Mask/rewrite the payload. Only valid for a mutable detector (data_loss_prevention). | ✅ |
Verdict precedence
TrustGuard reduces everything that fired into one top‑levelstatus, from most
to least restrictive:
allow means nothing fired (or everything was waived). The caller enforces the
verdict — see the Guard API.
Test and History
- Test runs a sample input or output through the last saved version of the policy and shows the decision (Blocked / Transformed / Reported / Allowed) and every finding — without touching production or emitting telemetry.
- History is the policy’s change log: created/updated/deleted events for the policy, its gates, its detector rules, and collector routing.
Routing: attaching policies to collectors
A policy runs when a collector routes traffic to it. On the policy’s Collectors tab you attach collectors with a routing mode:- Default — the collector’s fallback policy for all its traffic.
- Consumer ID — the policy only applies to requests from a specific consumer, letting one collector send different consumers to different policies.