1. Home
  2. Documentation
  3. AI Gateway
  4. Policies

Policies

Apply guardrails, prompt enrichment, and rate limiting to a route.

The Policies module defines what AI Gateway does with each request that reaches a route before forwarding it to the LLM Provider, and what it does with the returned response. Each policy is linked to a single route and combines three optional blocks: Prompt Guard (filtering by moderation or regex), Prompt Enrichment (messages injected before the prompt), and Rate Limit (quotas by requests or tokens).

IMPORTANT

You must configure at least one section to save the policy. The form lets you combine Prompt Guard (Request), Prompt Guard (Response), Prompt Enrichment, and Rate Limit in any arrangement, but at least one must be filled in.

Learn how to:

Listing

The Policies page lists registered policies with pagination. You can filter by:

  • Route (optional): route associated with the policy.

Use Search to apply the filter and Clear to reset it.

Columns shown in the table:

  • Policy ID: internal policy identifier.
  • Route: associated route.
  • Configured sections: indicates which sections are configured (Prompt Guard / Prompt Enrichment / Rate Limit).
  • Created At: creation date and time.
  • Actions: Edit and Delete icons for each row.

Create Policy

Step 1

On the Policies page, click Create Policy.

Step 2

Select the target Route. This field is a searchable select. Type part of the endpoint to filter.

Step 3

Fill in at least one of the four optional sections: Prompt Guard (Request), Prompt Guard (Response), Prompt Enrichment, or Rate Limit. Each section has its own required-field rules. See the subsections below.

Step 4

Click Save to confirm the registration. To discard the operation, click Cancel.

Edit Policy

In the Actions column of the row you want, click the Edit icon. The Update Policy form opens with the current data. Change the required fields and click Save.

Delete Policy

In the Actions column of the row you want, click the Delete icon. Confirm the operation in the "Do you want to delete policy [policyId]?" dialog.

IMPORTANT

Deletion is permanent and cannot be undone. Deleting a policy makes the associated route accept requests without guardrails, prompt enrichment, or rate limiting.

Required field

Field
Type
Required
Rules
RouteSearchable selectYesLists registered routes.

Prompt Guard (Request)

This optional block validates the request before it reaches the LLM provider. It combines three subfeatures: moderation, regex, and custom response.

MUTUAL EXCLUSION

Moderation and regex cannot coexist in the same Prompt Guard Request. Choose one path. When you fill in any moderation field, the regex fields become disabled, and vice versa.

Fields: Moderation subblock

Field
Type
Required
Rules
Moderation modelSelectConditional: required when Moderation API Key is providedOnly value currently available: omni-moderation-latest (OpenAI moderation model).
Moderation API KeySelectConditional: required when Moderation model is providedLists registered API Keys, displayed as <apiKeyId> (<provider>).

Fields: Regex subblock

Field
Type
Required
Rules
Regex actionSelectConditional: required when Regex patterns have at least one patternValues: Reject, Mask.
Regex patternsList of tagsConditional: required when Regex action is providedList of regular expressions.

Fields: Custom response subblock

Custom response returned when the request is rejected by moderation or regex.

Field
Type
Required
Rules
Custom response messageTextConditional: required when Custom response status code is providedMinimum 1 character.
Custom response status codeIntegerConditional: required when Custom response message is providedBetween 200 and 599.

Prompt Guard (Response)

This optional block validates the response returned by the provider before returning it to the requester. There is no moderation here, only regex and custom response, with the same pairing logic as the request.

STREAMING RESPONSES

For now, only responses returned without streaming are masked by the expressions configured in this section.

Fields: Regex subblock (response)

Field
Type
Required
Rules
Response regex actionSelectConditional: required when Response regex patterns has at least one patternValues: Reject, Mask.
Response regex patternsList of tagsConditional: required when Response regex action is providedList of regular expressions applied to the returned content.

Fields: Custom response subblock (response)

Field
Type
Required
Rules
Response custom messageTextConditional: required when Response custom status code is providedMinimum 1 character.
Response custom status codeIntegerConditional: required when Response custom message is providedBetween 200 and 599.

Prompt Enrichment

This block is optional as a section, but has required internal rules when enabled. When you add at least one message, you must provide at least one complete entry (role + content). Messages are prepended to the original prompt in the order they appear in the list.

Use Add message to add a new Message entry and the delete icon to remove entries.

Fields by message

Field
Type
Required
Rules
RoleSelectYes (per message)Values: system, assistant, user, function, tool, developer.
ContentLong text (textarea)Yes (per message)Minimum 1 character.

Rate Limit

This optional block limits consumption by time window. When enabled, it requires you to choose exactly one limit type: requests or tokens.

MUTUAL EXCLUSION

The policy cannot include requestCount and tokenCount at the same time. Choose one of them.

The screen shows a Count by selector with Token and Request buttons that determine which format is used.

Fields

Field
Type
Required
Rules
Rate limit type (Count by)Toggle (Token / Request buttons)Conditional: required when Rate Limit is enabledChoose Token or Request. Mutually exclusive.
Rate limit valueIntegerConditional: required when a Rate limit type is selectedPositive integer.
Time unitSelectConditional: required when Rate Limit is enabledValues: Seconds, Minutes, Hours.

How happy are you with this page?

We use cookies to enhance your experience on our site. By continuing to browse, you agree to our use of cookies.Learn more