Policy-as-Code

AxonFlow provides a comprehensive policy-as-code system for AI governance. Policies are evaluated in real-time to protect against security threats, ensure compliance, and enforce business rules.

Policy Hierarchy

AxonFlow uses a three-tier policy hierarchy that provides security out-of-the-box while allowing customization:

┌─────────────────────────────────────────────────────────────┐
│                    SYSTEM POLICIES                          │
│            (Immutable security & compliance base)           │
│                  53 static + 10 dynamic                     │
├─────────────────────────────────────────────────────────────┤
│                 ORGANIZATION POLICIES                       │
│              (Company-wide customization)                   │
│                   Enterprise only                           │
├─────────────────────────────────────────────────────────────┤
│                    TENANT POLICIES                          │
│               (Team-specific rules)                         │
│                 Community + Enterprise                      │
└─────────────────────────────────────────────────────────────┘

Tier	Description	Modifiable	Available In
System	AxonFlow-managed security policies	Pattern: No, Action: Override only	All editions
Organization	Company-wide policies	Full CRUD	Enterprise
Tenant	Team-specific policies	Full CRUD	All editions

Policy Types

System Policies (Pattern-Based)

Pattern-based rules evaluated by the Agent with sub-5ms latency. These are the 63 built-in security policies that ship with AxonFlow:

Category	Count	Description
security-sqli	37	SQL injection detection patterns
security-admin	4	Admin access control
pii-global	7	Universal PII (email, phone, credit card)
pii-us	2	US-specific (SSN, bank accounts)
pii-eu	1	EU-specific (IBAN)
pii-india	2	India-specific (PAN, Aadhaar)

Tenant Policies (Condition-Based)

Condition-based rules evaluated by the Orchestrator with context awareness. These are configurable policies you create:

Category	Count	Description
dynamic-risk	2	Risk-based blocking and alerts
dynamic-compliance	3	HIPAA, GDPR, financial data
dynamic-security	2	Tenant isolation, debug restrictions
dynamic-cost	2	Query cost limits, LLM optimization
dynamic-access	1	Sensitive data access control

Policy Actions

Action	Description	Effect
block	Immediately block the request	Request rejected
require_approval	Pause for human approval (HITL)	Request queued for approval
redact	Remove or mask sensitive content	Content filtered
warn	Log warning but allow request	Continues with warning
log	Audit log only	Continues with log entry

EU AI Act Compliance

The require_approval action enables Human-in-the-Loop (HITL) workflows required by EU AI Act Article 14 for high-risk AI decisions.

Policy Evaluation Flow

Request → Agent (System Policies) → Orchestrator (Tenant Policies) → LLM
              ↓                           ↓
        [Block/HITL]              [Block/HITL/Redact/Warn]
           < 5ms                      Context-aware

Policies are evaluated by priority (higher = first). System policies evaluate before organization policies, which evaluate before tenant policies.

Quick Start

List Policies (SDK)

TypeScript

import { AxonFlow } from '@axonflow/sdk';

const client = new AxonFlow({
  endpoint: 'http://localhost:8080',
  clientId: 'my-tenant',
  clientSecret: 'your-client-secret',
});

// List all effective policies for your tenant
const policies = await client.listStaticPolicies();
console.log(`Found ${policies.length} policies`);

// Filter by category
const piiPolicies = await client.listStaticPolicies({
  category: 'pii-global',
});

Python

from axonflow import AxonFlow

client = AxonFlow(
    endpoint="http://localhost:8080",
    client_id="my-tenant",
    client_secret="your-client-secret",
)

# List all effective policies for your tenant
policies = client.list_static_policies()
print(f"Found {len(policies)} policies")

# Filter by category
pii_policies = client.list_static_policies(category="pii-global")

Go

package main

import (
    "fmt"
    axonflow "github.com/getaxonflow/axonflow-sdk-go/v3"
)

func main() {
    client := axonflow.NewClient(axonflow.AxonFlowConfig{
        Endpoint:     "http://localhost:8080",
        ClientID:     "my-tenant",
        ClientSecret: "your-client-secret",
    })

    // List all effective policies for your tenant
    policies, err := client.ListStaticPolicies(nil)
    if err != nil {
        panic(err)
    }
    fmt.Printf("Found %d policies\n", len(policies))

    // Filter by category
    piiPolicies, err := client.ListStaticPolicies(&axonflow.ListStaticPoliciesOptions{
        Category: "pii-global",
    })
}

Java

import com.getaxonflow.sdk.AxonFlowClient;
import com.getaxonflow.sdk.policy.StaticPolicy;

AxonFlowClient client = AxonFlowClient.builder()
    .endpoint("http://localhost:8080")
    .clientId("my-tenant")
    .clientSecret("your-client-secret")
    .build();

// List all effective policies for your tenant
List<StaticPolicy> policies = client.listStaticPolicies();
System.out.printf("Found %d policies%n", policies.size());

// Filter by category
List<StaticPolicy> piiPolicies = client.listStaticPolicies(
    ListStaticPoliciesOptions.builder()
        .category("pii-global")
        .build()
);

Create Custom Policy (SDK)

TypeScript

// Create a tenant-level policy
const policy = await client.createStaticPolicy({
  name: 'Block Internal IPs',
  description: 'Prevent queries containing internal IP ranges',
  category: 'security-admin',
  pattern: '\\b10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b',
  action: 'block',
  severity: 'medium',
  enabled: true,
});

Python

# Create a tenant-level policy
policy = client.create_static_policy(
    name="Block Internal IPs",
    description="Prevent queries containing internal IP ranges",
    category="security-admin",
    pattern=r"\b10\.\d{1,3}\.\d{1,3}\.\d{1,3}\b",
    action="block",
    severity="medium",
    enabled=True,
)

Go

// Create a tenant-level policy
policy, err := client.CreateStaticPolicy(&axonflow.CreateStaticPolicyInput{
    Name:        "Block Internal IPs",
    Description: "Prevent queries containing internal IP ranges",
    Category:    "security-admin",
    Pattern:     `\b10\.\d{1,3}\.\d{1,3}\.\d{1,3}\b`,
    Action:      "block",
    Severity:    "medium",
    Enabled:     true,
})

Java

// Create a tenant-level policy
StaticPolicy policy = client.createStaticPolicy(
    CreateStaticPolicyRequest.builder()
        .name("Block Internal IPs")
        .description("Prevent queries containing internal IP ranges")
        .category("security-admin")
        .pattern("\\b10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b")
        .action("block")
        .severity("medium")
        .enabled(true)
        .build()
);

REST API

# List static policies
curl -X GET http://localhost:8080/api/v1/static-policies \
  -H "X-Client-Id: my-tenant" \
  -H "X-Client-Secret: your-client-secret"

# Create a tenant policy
curl -X POST http://localhost:8080/api/v1/static-policies \
  -H "Content-Type: application/json" \
  -H "X-Client-Id: my-tenant" \
  -H "X-Client-Secret: your-client-secret" \
  -d '{
    "name": "Block Internal IPs",
    "category": "security-admin",
    "pattern": "\\b10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b",
    "action": "block",
    "severity": "medium",
    "enabled": true
  }'

Policy Pre-Check

You can see policy enforcement in action on every query. The policy_info field in the response shows exactly which policies were evaluated:

# Send a query and observe policy enforcement
curl -X POST http://localhost:8080/api/v1/query/execute \
  -H "Content-Type: application/json" \
  -H "X-Client-Id: my-tenant" \
  -H "X-Client-Secret: your-client-secret" \
  -d '{
    "query": "SELECT * FROM users WHERE id = 1 OR 1=1",
    "provider": "openai",
    "model": "gpt-4o"
  }'

Response (blocked by SQL injection policy):

{
  "error": "Request blocked by policy",
  "policy_info": {
    "allowed": false,
    "applied_policies": ["security-sqli-or-tautology"],
    "blocked_by": "security-sqli-or-tautology",
    "risk_score": 0.95,
    "evaluation_time_ms": 2
  }
}

Policies are Server-Side

All policies are defined and evaluated on the AxonFlow server. You do not send policy definitions with your requests. The server automatically evaluates all applicable system, organization, and tenant policies against every request.

Mode Support

Feature	Proxy Mode	Gateway Mode
System Policies (Pattern-Based)	✅ Full	✅ Full
Tenant Policies (Condition-Based)	✅ Full	❌ Not enforced
Custom Policies	✅ Full	✅ System-style only
Policy Overrides	✅ Full	✅ System-style only

Recommendation

Use Proxy Mode for full policy coverage including tenant policies and context-aware evaluation.

Workflow Policy Enforcement

AxonFlow extends policy evaluation to workflow orchestration through two features:

Multi-Agent Planning (MAP) Policy Enforcement

When executing plans via MAP, policies are evaluated before execution begins:

ExecutePlan Request → Policy Evaluation → Execute or Block (403)

Response includes PolicyInfo:

{
  "success": true,
  "result": "...",
  "policy_info": {
    "allowed": true,
    "applied_policies": ["cost-limit", "model-restriction"],
    "risk_score": 0.2
  }
}

See Multi-Agent Planning Policy Enforcement for details.

Workflow Control Plane (WCP) Policy Enforcement

For external orchestrators (LangChain, LangGraph, CrewAI), WCP provides step-level policy gates:

Step Gate Check → Policy Evaluation → Allow, Block, or Require Approval

StepGateResponse includes policy details:

{
  "decision": "allow",
  "policies_evaluated": ["block-gpt4-production", "pii-detection"],
  "policies_matched": []
}

WCP policies use scope: workflow and can match on:

• step_type - Type of step (llm_call, tool_call, connector_call)
• step_name - Name of the step
• model - LLM model being used
• provider - LLM provider
• step_input.* - Any field in step input

Example WCP Policy:

{
  "name": "block-gpt4-in-workflows",
  "scope": "workflow",
  "conditions": {
    "step_type": "llm_call",
    "model": "gpt-4"
  },
  "action": "block",
  "reason": "GPT-4 not allowed in production workflows"
}

See Workflow Control Plane for full documentation.

Documentation

Guide	Description
Policy Hierarchy	Three-tier architecture deep dive
System Policies	Complete list of 63 system policies
SDK Methods	Policy CRUD with TypeScript, Python, Go, Java
Policy Syntax	YAML syntax reference
Examples	Ready-to-use policy templates
Testing	Test and validate policies

Community vs Enterprise

Feature	Community	Enterprise
63 System policies (view)	✅	✅
System policy CRUD API (/api/v1/static-policies)	✅	✅
Tenant policy CRUD API (/api/v1/dynamic-policies)	✅	✅
Tenant-tier policies	✅ 30 limit	✅ Unlimited
Organization-tier policies	❌	✅ Full CRUD
Custom dynamic policies (Proxy Mode)	❌	✅
System policy overrides	❌	✅
HITL policy overrides (human approval gates)	❌	✅
Policy version history	✅ Last 5	✅ Full audit trail
Pattern testing API	✅	✅
Customer Portal UI	❌	✅

Enterprise Policy Features

Enterprise unlocks organization-tier policies for company-wide rules, custom dynamic policies with full context-aware evaluation in Proxy Mode, HITL policy overrides for human approval gates on high-risk decisions, and system policy overrides to customize built-in security rules. Compare Editions | Request Demo | AWS Marketplace

See Enterprise Policy Management for details.