SDK — Policies
The rivano.policies resource lets you manage declarative governance rules programmatically. Policies fire on every proxied request or response and take one of three actions: block, redact, or warn.
List policies
import Rivano from '@rivano/sdk';
const rivano = new Rivano({ apiKey: 'rv_...' });
const { data, total } = await rivano.policies.list();
for (const policy of data) {
console.log(`${policy.name} [${policy.onPhase}] → ${policy.action} (${policy.enabled ? 'on' : 'off'})`);
}Create a policy
import Rivano from '@rivano/sdk';
const rivano = new Rivano({ apiKey: 'rv_...' });
const policy = await rivano.policies.create({
name: 'block-prompt-injection',
description: 'Block requests with injection score >= 0.7',
onPhase: 'request',
conditionType: 'injection_score',
conditionConfig: { threshold: 0.7 },
action: 'block',
enabled: true,
});
console.log('Policy created:', policy.id);Create parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Unique policy name |
description | string | No | Human-readable description |
onPhase | 'request' | 'response' | Yes | When to evaluate: before or after the LLM call |
conditionType | string | Yes | See condition types below |
conditionConfig | object | Yes | Configuration for the condition |
action | 'block' | 'redact' | 'warn' | Yes | What to do when the condition is met |
enabled | boolean | No | Whether the policy is active (default: true) |
teamId | string | No | Scope policy to a specific team |
Condition types
| conditionType | Phase | conditionConfig fields | Description |
|---|---|---|---|
injection_score | request | threshold: number (0–1) | Block/warn if injection risk score ≥ threshold |
pii_detected | request or response | types?: string[] | Fire if PII is detected (email, phone, SSN, etc.) |
token_count | request | maxTokens: number | Fire if estimated token count exceeds limit |
model_name | request | allowlist?: string[], denylist?: string[] | Fire if model is not in allowlist or is in denylist |
Update a policy
import Rivano from '@rivano/sdk';
const rivano = new Rivano({ apiKey: 'rv_...' });
const updated = await rivano.policies.update('policy_abc123', {
enabled: false,
conditionConfig: { threshold: 0.6 },
});Delete a policy
await rivano.policies.delete('policy_abc123');Policy templates
Rivano ships a set of curated policy templates. List them or apply a full template pack:
List available templates
import Rivano from '@rivano/sdk';
const rivano = new Rivano({ apiKey: 'rv_...' });
const templates = await rivano.policies.templates();
for (const t of templates) {
console.log(t.pack, t.name, t.action);
}Apply the foundational pack
import Rivano from '@rivano/sdk';
const rivano = new Rivano({ apiKey: 'rv_...' });
// Applies 4 policies at once:
// - block-injection (request, block)
// - redact-pii-response (response, redact)
// - warn-large-prompt (request, warn, >4000 tokens)
// - block-ssn (request, block)
const policies = await rivano.policies.applyTemplate('foundational');
console.log(`Applied ${policies.length} policies`); 💡
The foundational pack is the fastest way to get meaningful governance in place. You can customize any of the applied policies afterward via policies.update().
Error handling
| Error | When it occurs |
|---|---|
SdkAuthError | Invalid API key |
SdkNotFoundError | Policy ID does not exist |
SdkError | Invalid condition type or action combination |
Related
- CLI Policies — Apply templates and manage policies from the terminal
- SDK Governance — Posture scores and compliance tracking
- Core Concepts — Policies — How policies work
- Gateway Middleware — How policies are evaluated in the pipeline