Governance Policies
Policies are the core governance primitive in Rivano. They let you define rules that evaluate every AI request and response in real-time, enforcing compliance, safety, and cost controls across your entire AI infrastructure.
Creating a Policy
Policies are defined in YAML and can be created via the dashboard or the API. Here’s a basic policy that blocks requests containing Social Security numbers:
name: block-ssn-in-prompts
description: Prevent SSNs from being sent to AI providers
status: active
priority: 10
conditions:
direction: inbound
pii_types:
- ssn
action: block
message: "Request blocked: Social Security number detected in prompt."Via the Dashboard
Navigate to Policies → New Policy, paste your YAML, and click Save. The policy takes effect immediately.
Via the API
curl -X POST https://api.rivano.ai/v1/policies \
-H "Authorization: Bearer rv_live_abc123" \
-H "Content-Type: application/json" \
-d '{
"name": "block-ssn-in-prompts",
"status": "active",
"priority": 10,
"conditions": {
"direction": "inbound",
"pii_types": ["ssn"]
},
"action": "block",
"message": "Request blocked: SSN detected."
}'Policy Actions
Each policy specifies an action to take when its conditions match:
| Action | Behavior | Use Case |
|---|---|---|
allow | Explicitly allow the request (skips lower-priority policies) | Whitelist known-safe patterns |
block | Reject the request with an error message | Prevent PII leakage, enforce content rules |
rate-limit | Throttle requests matching the condition | Cost control, abuse prevention |
redact | Replace matched content with placeholder text before forwarding | Remove PII while preserving request flow |
log | Allow the request but flag it for review | Audit and monitoring |
Conditions
Policies can match on a variety of conditions:
conditions:
# Request direction
direction: inbound | outbound | both
# Match specific agents
agents:
- agent_abc123
- agent_def456
# Match by model
models:
- gpt-4o
- claude-sonnet-4-20250514
# PII detection types
pii_types:
- ssn
- credit_card
- email
# Content patterns (regex)
patterns:
- "(?i)password\\s*[:=]\\s*\\S+"
- "(?i)api[_-]?key\\s*[:=]\\s*\\S+"
# Token/cost thresholds
max_input_tokens: 10000
max_cost_per_request: 0.50Evaluation Order
Policies are evaluated in priority order (lowest number = highest priority). Evaluation stops at the first matching policy that takes a terminal action (allow, block, or rate-limit).
- Priority 1-10: Critical — security and compliance rules
- Priority 11-50: Standard — operational policies
- Priority 51-100: Monitoring — logging and alerting
If no policy matches, the request is allowed by default. To change this behavior, create a catch-all policy at the lowest priority:
name: default-deny
description: Block any request not explicitly allowed
status: active
priority: 100
conditions:
direction: both
action: block
message: "Request blocked by default-deny policy."Advanced Example
A policy that rate-limits expensive models during business hours and redacts credit card numbers:
name: cost-and-pii-governance
description: Rate-limit GPT-4o and redact credit cards
status: active
priority: 15
conditions:
direction: both
models:
- gpt-4o
- gpt-4o-mini
pii_types:
- credit_card
action: redact
rate_limit:
max_requests: 100
window: 60s
scope: per_agent
message: "Credit card numbers redacted. Rate limit: 100 req/min."Testing Policies
Use the Policy Simulator in the dashboard to test policies against sample requests before activating them. Navigate to Policies → Simulator, paste a sample prompt, and see which policies would fire and what actions would be taken.
You can also use the API’s dry-run mode:
curl -X POST https://api.rivano.ai/v1/policies/evaluate \
-H "Authorization: Bearer rv_live_abc123" \
-d '{
"dry_run": true,
"agent_id": "agent_abc123",
"content": "My SSN is 123-45-6789"
}'