Guardrails

PII redaction, prompt injection detection, geo-blocking, and spend limits.

Guardrails are configured per workspace in Dashboard → Guardrails and enforced at the gateway before upstream calls.

  • PII redaction — detect and mask emails, phone numbers, and custom patterns.
  • Prompt injection — block or flag suspicious system/user content.
  • Geo restrictions — allow or deny requests by country code.
  • Spend limits — daily workspace and per-key caps with 402 insufficient_balance.
  • Model allowlist — reject models not on the key or workspace list.
policy_violation error
HTTP 403
{
  "error": {
    "code": "policy_violation",
    "message": "Request blocked by guardrail",
    "blocked_by": "geo_block",
    "action": "reject"
  }
}