Skip to main content

Policy Examples

This guide provides practical policy examples for common use cases. Each example includes the policy definition via the REST API, an SDK code snippet, and the expected matching behavior.

PII Protection Policies

Block SSN in Prompts

Detect and block Social Security Numbers in user prompts:

{
  "name": "Block SSN in Input",
  "description": "Prevent SSN from being sent to LLMs",
  "category": "sensitive-data",
  "pattern": "\\b(\\d{3})[- ]?(\\d{2})[- ]?(\\d{4})\\b",
  "action": "block",
  "severity": "critical",
  "enabled": true,
  "message": "Social Security Numbers cannot be processed. Please remove the SSN and try again."
}

Create via SDK:

const policy = await client.createStaticPolicy({
  name: 'Block SSN in Input',
  description: 'Prevent SSN from being sent to LLMs',
  category: 'sensitive-data',
  pattern: '\\b(\\d{3})[- ]?(\\d{2})[- ]?(\\d{4})\\b',
  action: 'block',
  severity: 'critical',
  enabled: true,
});

Matches:

  • 123-45-6789
  • 123 45 6789
  • 123456789

Does not match:

  • 12-345-6789 (wrong grouping)
  • 1234-56-789 (wrong format)

Block Credit Card Numbers

Detect and block credit card numbers (Visa pattern shown):

{
  "name": "Block Credit Card Numbers",
  "description": "Detect credit card numbers in queries",
  "category": "sensitive-data",
  "pattern": "\\b4[0-9]{12}(?:[0-9]{3})?\\b",
  "action": "block",
  "severity": "critical",
  "enabled": true,
  "message": "Credit card numbers cannot be processed."
}
Multiple Card Types

Create separate policies for each card network (Visa, Mastercard, Amex, Discover) so you can manage them independently. AxonFlow ships with sys_pii_credit_card which covers all major formats.

Email Address Logging

Log but don't block email addresses:

{
  "name": "Log Email Addresses",
  "description": "Log when email addresses are processed for GDPR/CCPA audit trails",
  "category": "sensitive-data",
  "pattern": "\\b[a-zA-Z0-9._%+\\-]+@[a-zA-Z0-9.\\-]+\\.[a-zA-Z]{2,}\\b",
  "action": "log",
  "severity": "medium",
  "enabled": true,
  "message": "Email address detected in query."
}

Indian PII Detection

Block PAN and Aadhaar numbers. These ship as system policies (sys_pii_pan, sys_pii_aadhaar), but you can create additional tenant-level policies with custom patterns:

PAN Number:

{
  "name": "Block Indian PAN",
  "description": "Block Permanent Account Numbers (DPDP Act 2023)",
  "category": "sensitive-data",
  "pattern": "\\b[A-Z]{3}[PCHABGJLFT][A-Z][0-9]{4}[A-Z]\\b",
  "action": "block",
  "severity": "critical",
  "enabled": true,
  "message": "PAN number detected. Please remove before submitting."
}

Aadhaar Number:

{
  "name": "Block Aadhaar Number",
  "description": "Block Aadhaar unique IDs (DPDP Act 2023)",
  "category": "sensitive-data",
  "pattern": "\\b[2-9][0-9]{3}\\s?[0-9]{4}\\s?[0-9]{4}\\b",
  "action": "block",
  "severity": "critical",
  "enabled": true,
  "message": "Aadhaar number detected. Please remove before submitting."
}

SQL Injection Prevention

Defense in Depth

These policies protect against SQL injection in user inputs (prompts). For protection against SQLi payloads in MCP connector responses (data returned from databases), see SQL Injection Response Scanning.

Block SQL Injection Patterns

Prevent SQL injection attempts in prompts. AxonFlow ships with 37 system SQL injection policies, but you can add custom patterns:

{
  "name": "Block UNION SQL Injection",
  "description": "Detect UNION-based SQL injection in prompts",
  "category": "security",
  "pattern": "(?i)union\\s+select",
  "action": "block",
  "severity": "critical",
  "enabled": true,
  "message": "Potential SQL injection detected. Request blocked for security."
}
{
  "name": "Block Always-True Conditions",
  "description": "Detect tautology-based SQL injection",
  "category": "security",
  "pattern": "1\\s*=\\s*1|''\\s*=\\s*''",
  "action": "block",
  "severity": "critical",
  "enabled": true,
  "message": "Suspicious always-true condition detected."
}

Block Dangerous SQL Commands

Prevent destructive SQL operations:

{
  "name": "Block DROP TABLE",
  "description": "Prevent destructive DROP TABLE commands",
  "category": "security",
  "pattern": "(?i)drop\\s+table",
  "action": "block",
  "severity": "critical",
  "enabled": true,
  "message": "DROP TABLE commands are not permitted."
}
{
  "name": "Block DELETE without WHERE",
  "description": "Prevent unqualified DELETE statements",
  "category": "security",
  "pattern": "(?i)delete\\s+from\\s+\\w+\\s*(?:;|$)",
  "action": "block",
  "severity": "high",
  "enabled": true,
  "message": "DELETE without WHERE clause is not permitted."
}

Create via SDK (Go):

policy, err := client.CreateStaticPolicy(&axonflow.CreateStaticPolicyRequest{
    Name:        "Block DROP TABLE",
    Description: "Prevent destructive DROP TABLE commands",
    Category:    "security",
    Pattern:     `(?i)drop\s+table`,
    Action:      axonflow.ActionBlock,
    Severity:    axonflow.SeverityCritical,
    Enabled:     true,
})

Human-in-the-Loop (HITL) Policies

Enterprise Feature

While require_approval policies can be created in Community Edition, actual human review workflows require an Enterprise license. In Community Edition, require_approval auto-approves immediately.

Warn on High-Value Transactions

Flag high-value financial queries for review:

{
  "name": "High-Value Transaction Warning",
  "description": "Warn when queries reference large monetary amounts",
  "category": "compliance",
  "pattern": "(amount|value|total).*(\\$|EUR|INR)\\s*[1-9][0-9]{6,}",
  "action": "warn",
  "severity": "high",
  "enabled": true,
  "message": "High-value transaction detected. Review recommended."
}

Block Admin Access Patterns

Block queries that reference admin-level operations:

{
  "name": "Block Admin Access Patterns",
  "description": "Block queries referencing admin/root/superuser access",
  "category": "security",
  "pattern": "(?i)\\b(admin|root|superuser|sudo)\\b",
  "action": "block",
  "severity": "critical",
  "enabled": true,
  "message": "Admin access patterns are not permitted in queries."
}

Log AI Decision Keywords

Log queries involving AI-generated decisions for compliance audit trails:

{
  "name": "Log AI Decision Keywords",
  "description": "Log queries containing approval/denial language for EU AI Act audit",
  "category": "compliance",
  "pattern": "(?i)(approved|denied|rejected|accepted)\\s+(the\\s+)?application",
  "action": "log",
  "severity": "high",
  "enabled": true,
  "message": "AI decision language detected. Logged for compliance audit."
}

Access Control Policies

Block Access to Sensitive Tables

Block queries that reference sensitive database tables. These ship as system policies (sys_admin_users_table, sys_admin_audit_log), but you can add custom ones:

{
  "name": "Block Config Table Access",
  "description": "Prevent queries referencing the configuration table",
  "category": "security",
  "pattern": "(?i)\\bsystem_config\\b",
  "action": "block",
  "severity": "high",
  "enabled": true,
  "message": "Access to system configuration table is not permitted."
}

Warn on Financial Data Keywords

Log a warning when queries reference financial data:

{
  "name": "Warn on Financial Data Access",
  "description": "Flag queries containing revenue/salary/compensation keywords",
  "category": "compliance",
  "pattern": "(?i)\\b(revenue|profit|salary|compensation)\\b",
  "action": "warn",
  "severity": "medium",
  "enabled": true,
  "message": "Financial data keyword detected in query."
}

Content Moderation Policies

Block Harmful Instructions

Block queries requesting dangerous or harmful instructions:

{
  "name": "Block Harmful Instructions",
  "description": "Block queries requesting instructions for harmful activities",
  "category": "security",
  "pattern": "(?i)how to (make|create|build).*(bomb|weapon|explosive)",
  "action": "block",
  "severity": "critical",
  "enabled": true,
  "message": "This query has been blocked due to content policy violation."
}

Log Competitor Mentions

Log queries that mention competitor names for awareness (non-blocking):

{
  "name": "Log Competitor Mentions",
  "description": "Track queries mentioning competitor products",
  "category": "custom",
  "pattern": "(?i)\\b(competitor_a|competitor_b|competitor_c)\\b",
  "action": "log",
  "severity": "low",
  "enabled": true,
  "message": "Competitor mention detected."
}

Compliance Policies

GDPR Data Minimization

Block queries containing personal data keywords not needed for the use case:

{
  "name": "Block Personal Data Keywords",
  "description": "Block queries requesting date of birth, passport, or license data (GDPR Art 5(1)(c))",
  "category": "compliance",
  "pattern": "(?i)(date of birth|\\bDOB\\b|birth date|passport number|passport no|driver.?s? license)",
  "action": "block",
  "severity": "medium",
  "enabled": true,
  "message": "Query requests unnecessary personal data. Please minimize data in your request."
}

Financial Data Warning

Warn when queries involve financial advice keywords:

{
  "name": "Financial Advice Warning",
  "description": "Warn on queries requesting investment/financial advice",
  "category": "compliance",
  "pattern": "(?i)\\b(invest|stock|financial advice|buy shares|sell shares)\\b",
  "action": "warn",
  "severity": "medium",
  "enabled": true,
  "message": "Financial advice query detected. Ensure proper disclaimers are applied."
}

Custom Category Policies

Internal IP Address Detection

Block exposure of internal network addresses:

{
  "name": "Block Internal IP Addresses",
  "description": "Prevent queries containing RFC 1918 private IP ranges",
  "category": "custom",
  "pattern": "\\b(10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|172\\.(1[6-9]|2\\d|3[01])\\.\\d{1,3}\\.\\d{1,3}|192\\.168\\.\\d{1,3}\\.\\d{1,3})\\b",
  "action": "block",
  "severity": "medium",
  "enabled": true,
  "message": "Internal IP address detected. Please remove before submitting."
}

API Key / Secret Detection

Block queries containing potential API keys or secrets:

{
  "name": "Block API Key Patterns",
  "description": "Detect API keys, tokens, and secrets in queries",
  "category": "custom",
  "pattern": "(?i)(api[_-]?key|secret[_-]?key|access[_-]?token|bearer)\\s*[:=]\\s*['\"]?[a-zA-Z0-9_\\-]{20,}",
  "action": "block",
  "severity": "critical",
  "enabled": true,
  "message": "Potential API key or secret detected. Please remove credentials before submitting."
}

Create via SDK (Python):

policy = await client.create_static_policy(
    name="Block API Key Patterns",
    description="Detect API keys, tokens, and secrets in queries",
    category="custom",
    pattern=r"(?i)(api[_-]?key|secret[_-]?key|access[_-]?token|bearer)\s*[:=]\s*['\"]?[a-zA-Z0-9_\-]{20,}",
    action="block",
    severity="critical",
    enabled=True,
)

Best Practices

Policy Naming

Use clear, descriptive names:

  • block-ssn - Good (clear action and target)
  • policy1 - Bad (not descriptive)

Severity Levels

LevelUse Case
criticalSecurity vulnerabilities, highly sensitive PII
highSensitive data, access control
mediumPrivacy concerns, compliance
lowInformational, audit

Test Before Enabling

Always test policies with action: warn or action: log before switching to block:

// Create in warn mode first
const policy = await client.createStaticPolicy({
  name: 'Block Internal IPs',
  category: 'custom',
  pattern: '\\b10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b',
  action: 'warn',  // Monitor first
  severity: 'medium',
  enabled: true,
});

// After verifying no false positives, switch to block
await client.updateStaticPolicy(policy.id, {
  action: 'block',
});
Last updated on