Policy Examples
This guide provides practical policy examples for common use cases. Each example includes the policy definition, explanation, and expected behavior.
PII Protection Policies
Block SSN in Prompts
Detect and block Social Security Numbers in user prompts:
policies:
- id: block-ssn
name: Block SSN in Input
description: Prevent SSN from being sent to LLMs
type: pii
trigger: request
pattern: '\b(\d{3})[- ]?(\d{2})[- ]?(\d{4})\b'
action: block
severity: critical
message: "Social Security Numbers cannot be processed. Please remove the SSN and try again."
Matches:
123-45-6789123 45 6789123456789
Does not match:
12-345-6789(wrong grouping)1234-56-789(wrong format)
Redact Credit Card Numbers
Automatically redact credit card numbers in responses:
policies:
- id: redact-credit-card
name: Redact Credit Cards
description: Redact credit card numbers in LLM responses
type: pii
trigger: response
patterns:
- '\b4[0-9]{12}(?:[0-9]{3})?\b' # Visa
- '\b5[1-5][0-9]{14}\b' # Mastercard
- '\b3[47][0-9]{13}\b' # Amex
- '\b6(?:011|5[0-9]{2})[0-9]{12}\b' # Discover
action: redact
replacement: "[CARD-REDACTED]"
severity: critical
Email Address Handling
Log but don't block email addresses:
policies:
- id: log-email
name: Log Email Addresses
description: Log when email addresses are processed
type: pii
trigger: both
pattern: '\b[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}\b'
action: log
severity: medium
metadata:
category: "contact_info"
compliance: ["GDPR", "CCPA"]
Indian PII Detection
Detect PAN and Aadhaar numbers:
policies:
# PAN Number
- id: redact-pan
name: Redact Indian PAN
description: Redact Permanent Account Numbers
type: pii
trigger: both
pattern: '\b[A-Z]{3}[PCHABGJLFT][A-Z][0-9]{4}[A-Z]\b'
action: redact
replacement: "[PAN-REDACTED]"
severity: critical
# Aadhaar Number
- id: redact-aadhaar
name: Redact Aadhaar
description: Redact Aadhaar unique IDs
type: pii
trigger: both
pattern: '\b[2-9][0-9]{3}\s?[0-9]{4}\s?[0-9]{4}\b'
action: redact
replacement: "[AADHAAR-REDACTED]"
severity: critical
SQL Injection Prevention
Block SQL Injection Patterns
Prevent SQL injection attempts in prompts:
policies:
- id: sql-injection-union
name: Block UNION SQL Injection
type: security
trigger: request
pattern: 'union\s+select'
action: block
severity: critical
message: "Potential SQL injection detected. Request blocked for security."
- id: sql-injection-comment
name: Block SQL Comment Injection
type: security
trigger: request
pattern: '--|\*\/|\/\*'
action: block
severity: critical
- id: sql-injection-always-true
name: Block Always-True Conditions
type: security
trigger: request
pattern: "1\\s*=\\s*1|''\\s*=\\s*''|\"\"\\s*=\\s*\"\""
action: block
severity: critical
Block Dangerous SQL Commands
Prevent destructive SQL operations:
policies:
- id: block-drop-table
name: Block DROP TABLE
type: security
trigger: request
pattern: 'drop\s+table'
action: block
severity: critical
message: "DROP TABLE commands are not permitted."
- id: block-truncate
name: Block TRUNCATE
type: security
trigger: request
pattern: 'truncate\s+table'
action: block
severity: critical
- id: block-delete-all
name: Block DELETE without WHERE
type: security
trigger: request
pattern: 'delete\s+from\s+\w+\s*(?:;|$)'
action: block
severity: high
message: "DELETE without WHERE clause is not permitted."
Access Control Policies
Admin-Only Resources
Restrict access to admin tables:
policies:
- id: admin-users-table
name: Restrict Users Table Access
type: access_control
trigger: request
pattern: '\busers\b'
action: check_permission
required_permission: admin
deny_message: "Access to users table requires admin privileges."
severity: high
- id: admin-audit-logs
name: Restrict Audit Log Access
type: access_control
trigger: request
pattern: 'audit_log'
action: check_permission
required_permission: audit_read
severity: high
Role-Based Content Filtering
Filter content based on user role:
policies:
- id: financial-data-access
name: Financial Data Access Control
type: access_control
trigger: response
conditions:
- user_role: not_in ["finance", "executive", "admin"]
patterns:
- 'revenue|profit|salary|compensation'
action: redact
replacement: "[FINANCIAL-DATA-RESTRICTED]"
severity: medium
Content Moderation Policies
Block Inappropriate Content
Prevent inappropriate content in responses:
policies:
- id: block-profanity
name: Block Profanity
type: content
trigger: response
pattern_file: /etc/axonflow/profanity-list.txt
action: redact
replacement: "[CONTENT-FILTERED]"
severity: medium
- id: block-harmful-instructions
name: Block Harmful Instructions
type: content
trigger: response
patterns:
- 'how to (make|create|build).*(bomb|weapon|explosive)'
- 'instructions for (illegal|harmful)'
action: block
severity: critical
message: "This response has been blocked due to content policy violation."
Competitor Mention Policy
Handle competitor mentions appropriately:
policies:
- id: competitor-mentions
name: Flag Competitor Mentions
type: content
trigger: response
patterns:
- 'competitor_a|competitor_b|competitor_c'
action: flag
severity: low
metadata:
review_required: true
category: "competitive_intelligence"
Rate Limiting Policies
Token Limit per Request
Limit tokens per individual request:
policies:
- id: request-token-limit
name: Request Token Limit
type: rate_limit
trigger: request
limit:
type: tokens
max: 4000
action: block
message: "Request exceeds maximum token limit of 4000."
User Rate Limiting
Limit requests per user:
policies:
- id: user-rate-limit
name: User Rate Limit
type: rate_limit
trigger: request
limit:
type: requests
max: 100
window: 1h
key: user_id
action: block
message: "Rate limit exceeded. Please try again later."
Organization Token Budget
Enforce organization-wide token budgets:
policies:
- id: org-daily-budget
name: Organization Daily Token Budget
type: rate_limit
trigger: request
limit:
type: tokens
max: 1000000
window: 24h
key: organization_id
action: block
severity: high
message: "Daily token budget exceeded for your organization."
Compliance Policies
GDPR Data Minimization
Ensure responses don't include unnecessary personal data:
policies:
- id: gdpr-data-minimization
name: GDPR Data Minimization
type: compliance
trigger: response
conditions:
- request_type: not_in ["kyc", "identity_verification"]
patterns:
- 'date of birth|DOB|birth date'
- 'passport number|passport no'
- 'driver.?s? license'
action: redact
replacement: "[DATA-MINIMIZED]"
severity: medium
metadata:
regulation: "GDPR"
article: "5(1)(c)"
Financial Disclaimer
Add disclaimer to financial advice:
policies:
- id: financial-disclaimer
name: Financial Advice Disclaimer
type: compliance
trigger: response
conditions:
- response_contains: ["invest", "stock", "financial advice", "buy", "sell"]
action: append
append_text: "\n\n---\n*Disclaimer: This is not financial advice. Please consult a licensed financial advisor before making investment decisions.*"
severity: medium
Audit Logging Policy
Ensure all requests are logged:
policies:
- id: audit-all-requests
name: Audit All Requests
type: audit
trigger: both
action: log
log_fields:
- timestamp
- user_id
- organization_id
- request_type
- model_used
- token_count
- response_time_ms
- policy_violations
retention_days: 365
Conditional Policies
Time-Based Policy
Apply different policies based on time:
policies:
- id: after-hours-restriction
name: After Hours Restriction
type: conditional
trigger: request
conditions:
- time_of_day: outside ["09:00", "18:00"]
- day_of_week: in ["Monday", "Tuesday", "Wednesday", "Thursday", "Friday"]
action: log
severity: low
metadata:
alert: "After-hours request"
- id: weekend-restriction
name: Weekend Access Restriction
type: conditional
trigger: request
conditions:
- day_of_week: in ["Saturday", "Sunday"]
- user_role: not_in ["admin", "on-call"]
action: block
message: "System access is restricted on weekends."
Model-Specific Policy
Apply policies based on model selection:
policies:
- id: gpt4-only-for-premium
name: GPT-4 Premium Only
type: conditional
trigger: request
conditions:
- model: starts_with "gpt-4"
- user_tier: not_in ["premium", "enterprise"]
action: block
message: "GPT-4 models are only available for premium users."
Combining Policies
Policy Groups
Group related policies:
policy_groups:
- id: pii-protection
name: PII Protection Suite
policies:
- block-ssn
- redact-credit-card
- redact-pan
- redact-aadhaar
- log-email
- id: security-hardening
name: Security Hardening
policies:
- sql-injection-union
- sql-injection-comment
- sql-injection-always-true
- block-drop-table
- block-truncate
Policy Inheritance
Extend base policies:
policies:
- id: base-pii-policy
name: Base PII Policy
type: pii
action: redact
severity: high
abstract: true # Can't be used directly
- id: healthcare-pii
name: Healthcare PII Policy
extends: base-pii-policy
patterns:
- medical_record_number
- diagnosis_code
- prescription_id
severity: critical # Override
Best Practices
Policy Naming
Use clear, descriptive names:
block-ssn- Good (clear action and target)policy1- Bad (not descriptive)
Severity Levels
| Level | Use Case |
|---|---|
critical | Security vulnerabilities, highly sensitive PII |
high | Sensitive data, access control |
medium | Privacy concerns, compliance |
low | Informational, audit |
Testing Policies
Always test policies before production:
# Test a specific policy
axonctl policy test --policy block-ssn --input "My SSN is 123-45-6789"
# Expected output:
# Policy: block-ssn
# Match: true
# Action: block
# Matched text: "123-45-6789"