Policy-as-Code

AxonFlow provides a comprehensive policy-as-code system for AI governance. Policies are evaluated in real-time to protect against security threats, ensure compliance, and enforce business rules.

Policy Hierarchy

AxonFlow uses a three-tier policy hierarchy that provides security out-of-the-box while allowing customization:

┌─────────────────────────────────────────────────────────────┐
│                    SYSTEM POLICIES                          │
│            (Immutable security & compliance base)           │
│                      83 system policies                      │
├─────────────────────────────────────────────────────────────┤
│                 ORGANIZATION POLICIES                       │
│              (Company-wide customization)                   │
│                   Enterprise only                           │
├─────────────────────────────────────────────────────────────┤
│                    TENANT POLICIES                          │
│               (Team-specific rules)                         │
│                 Community + Enterprise                      │
└─────────────────────────────────────────────────────────────┘

Tier	Description	Modifiable	Available In
System	AxonFlow-managed security policies	Pattern: No, Action: Override only	All editions
Organization	Company-wide policies	Full CRUD	Enterprise
Tenant	Team-specific policies	Full CRUD	All editions

Policy Types

Pattern-Based System Policies

Pattern-based rules evaluated by the Agent with sub-5ms latency. AxonFlow ships with 73 pattern-based system policies across these categories:

Category	Count	Description
security-sqli	37	SQL injection detection patterns
security-admin	4	Admin access control
pii-global	7	Universal PII (email, phone, credit card)
pii-us	2	US-specific (SSN, bank accounts)
pii-eu	1	EU-specific (IBAN)
pii-india	2	India-specific (PAN, Aadhaar)
pii-singapore	5	Singapore-specific (NRIC, FIN, UEN, phone, postal)
code-secrets	8	Secret/credential patterns in code
code-unsafe	7	Unsafe code patterns

Condition-Based System Policies

Context-aware rules evaluated by the Orchestrator. AxonFlow ships with 10 condition-based system policies in these categories:

Category	Count	Description
dynamic-risk	2	Risk-based blocking and alerts
dynamic-compliance	3	HIPAA, GDPR, financial data
dynamic-security	2	Tenant isolation, debug restrictions
dynamic-cost	2	Query cost limits, LLM optimization
dynamic-access	1	Sensitive data access control

Together, the pattern-based and condition-based system layers make up the 83 built-in system policies available across AxonFlow editions.

Organization And Tenant Policies

Organization and tenant policies are the rules you add on top of the built-in system baseline:

• Tenant policies are available in Community and Enterprise for team-specific controls.
• Organization policies are Enterprise-only and let platform teams define shared standards across tenants.
• Pattern-based custom policies use /api/v1/static-policies for regex-style rules.
• Context-aware custom policies use /api/v1/dynamic-policies for rules based on user attributes, risk, cost, workflow metadata, and runtime context.

Policy Actions

Action	Description	Effect
block	Immediately block the request	Request rejected
require_approval	Pause for human approval (HITL)	Request queued for approval
redact	Remove or mask sensitive content	Content filtered
warn	Log warning but allow request	Continues with warning
log	Audit log only	Continues with log entry

EU AI Act Compliance

The require_approval action enables Human-in-the-Loop (HITL) workflows required by EU AI Act Article 14 for high-risk AI decisions.

Policy Evaluation Flow

Request → Agent (Static System + Static Custom Policies) → Orchestrator (Dynamic Policies) → LLM
              ↓                           ↓
        [Block/HITL]              [Block/HITL/Redact/Warn]
           < 5ms                      Context-aware

Policies are evaluated by priority (higher = first). System policies evaluate before organization policies, which evaluate before tenant policies.

Quick Start

List Policies (SDK)

TypeScript

import { AxonFlow } from '@axonflow/sdk';

const client = new AxonFlow({
  endpoint: 'http://localhost:8080',
  clientId: 'my-tenant',
  clientSecret: 'your-client-secret',
});

// List all effective policies for your tenant
const policies = await client.listStaticPolicies();
console.log(`Found ${policies.length} policies`);

// Filter by category
const piiPolicies = await client.listStaticPolicies({
  category: 'pii-global',
});

Python

from axonflow import AxonFlow

client = AxonFlow(
    endpoint="http://localhost:8080",
    client_id="my-tenant",
    client_secret="your-client-secret",
)

# List all effective policies for your tenant
policies = client.list_static_policies()
print(f"Found {len(policies)} policies")

# Filter by category
pii_policies = client.list_static_policies(category="pii-global")

Go

package main

import (
    "fmt"
    axonflow "github.com/getaxonflow/axonflow-sdk-go/v8"
)

func main() {
    client := axonflow.NewClient(axonflow.AxonFlowConfig{
        Endpoint:     "http://localhost:8080",
        ClientID:     "my-tenant",
        ClientSecret: "your-client-secret",
    })

    // List all effective policies for your tenant
    policies, err := client.ListStaticPolicies(nil)
    if err != nil {
        panic(err)
    }
    fmt.Printf("Found %d policies\n", len(policies))

    // Filter by category
    piiPolicies, err := client.ListStaticPolicies(&axonflow.ListStaticPoliciesOptions{
        Category: "pii-global",
    })
}

Java

import com.getaxonflow.sdk.AxonFlow;
import com.getaxonflow.sdk.AxonFlowConfig;
import com.getaxonflow.sdk.policy.StaticPolicy;

AxonFlow client = AxonFlow.create(AxonFlowConfig.builder()
    .endpoint("http://localhost:8080")
    .clientId("my-tenant")
    .clientSecret("your-client-secret")
    .build());

// List all effective policies for your tenant
List<StaticPolicy> policies = client.listStaticPolicies();
System.out.printf("Found %d policies%n", policies.size());

// Filter by category
List<StaticPolicy> piiPolicies = client.listStaticPolicies(
    ListStaticPoliciesOptions.builder()
        .category("pii-global")
        .build()
);

Create Custom Policy (SDK)

TypeScript

// Create a tenant-level policy
const policy = await client.createStaticPolicy({
  name: 'Block Internal IPs',
  description: 'Prevent queries containing internal IP ranges',
  category: 'security-admin',
  pattern: '\\b10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b',
  action: 'block',
  severity: 'medium',
  enabled: true,
});

Python

# Create a tenant-level policy
policy = client.create_static_policy(
    name="Block Internal IPs",
    description="Prevent queries containing internal IP ranges",
    category="security-admin",
    pattern=r"\b10\.\d{1,3}\.\d{1,3}\.\d{1,3}\b",
    action="block",
    severity="medium",
    enabled=True,
)

Go

// Create a tenant-level policy
policy, err := client.CreateStaticPolicy(&axonflow.CreateStaticPolicyRequest{
    Name:        "Block Internal IPs",
    Description: "Prevent queries containing internal IP ranges",
    Category:    "security-admin",
    Pattern:     `\b10\.\d{1,3}\.\d{1,3}\.\d{1,3}\b`,
    Action:      "block",
    Severity:    "medium",
    Enabled:     true,
})

Java

// Create a tenant-level policy
StaticPolicy policy = client.createStaticPolicy(
    CreateStaticPolicyRequest.builder()
        .name("Block Internal IPs")
        .description("Prevent queries containing internal IP ranges")
        .category("security-admin")
        .pattern("\\b10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b")
        .action("block")
        .severity("medium")
        .enabled(true)
        .build()
);

REST API

# List system and tenant pattern-based policies
curl -X GET http://localhost:8080/api/v1/static-policies \
  -H "Authorization: Basic $(echo -n 'my-tenant:your-client-secret' | base64)"

# Create a tenant policy
curl -X POST http://localhost:8080/api/v1/static-policies \
  -H "Content-Type: application/json" \
  -H "Authorization: Basic $(echo -n 'my-tenant:your-client-secret' | base64)" \
  -d '{
    "name": "Block Internal IPs",
    "category": "security-admin",
    "pattern": "\\b10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b",
    "action": "block",
    "severity": "medium",
    "enabled": true
  }'

Policy Pre-Check

You can see policy enforcement in action on every query. The policy_info field in the response shows exactly which policies were evaluated:

# Send a query and observe policy enforcement
curl -X POST http://localhost:8080/api/v1/query/execute \
  -H "Content-Type: application/json" \
  -H "Authorization: Basic $(echo -n 'my-tenant:your-client-secret' | base64)" \
  -d '{
    "query": "SELECT * FROM users WHERE id = 1 OR 1=1",
    "provider": "openai",
    "model": "gpt-4o"
  }'

Response (blocked by SQL injection policy):

{
  "error": "Request blocked by policy",
  "policy_info": {
    "allowed": false,
    "applied_policies": ["sys_sqli_or_true"],
    "blocked_by": "sys_sqli_or_true",
    "risk_score": 0.95,
    "evaluation_time_ms": 2
  }
}

Policies are Server-Side

All policies are defined and evaluated on the AxonFlow server. You do not send policy definitions with your requests. The server automatically evaluates all applicable system, organization, and tenant policies against every request.

Mode Support

Feature	Proxy Mode	Gateway Mode
System Policies (Pattern-Based)	✅ Full	✅ Full
Tenant Policies (Condition-Based)	✅ Full	❌ Not enforced
Custom Policies	✅ Full	✅ System-style only
Policy Overrides	✅ Full	✅ System-style only

Recommendation

Use Proxy Mode for full policy coverage including context-aware tenant policy evaluation.

Workflow Policy Enforcement

AxonFlow extends policy evaluation to workflow orchestration through two features:

Multi-Agent Planning (MAP) Policy Enforcement

When executing plans via MAP, policies are evaluated before execution begins:

ExecutePlan Request → Policy Evaluation → Execute or Block (403)

Response includes PolicyInfo:

{
  "success": true,
  "result": "...",
  "policy_info": {
    "allowed": true,
    "applied_policies": ["cost-limit", "model-restriction"],
    "risk_score": 0.2
  }
}

See Workflow Control Plane Policy Configuration for step-level orchestration policy details.

Workflow Control Plane (WCP) Policy Enforcement

For external orchestrators (LangChain, LangGraph, CrewAI), WCP provides step-level policy gates:

Step Gate Check → Policy Evaluation → Allow, Block, or Require Approval

StepGateResponse includes policy details:

{
  "decision": "allow",
  "policies_evaluated": [
    {
      "policy_id": "sys_dyn_llm_cost",
      "policy_name": "LLM Cost Optimization",
      "action": "alert"
    }
  ],
  "policies_matched": []
}

WCP policies are evaluated by the dynamic policy engine. Fields available on a workflow step gate:

• context.step_type — type of step (llm_call, tool_call, connector_call, human_task)
• context.step_name — name of the step
• context.model — LLM model being used
• context.provider — LLM provider
• step_input.* — any field in step input (direct prefix, no context. wrapping)
• context.tool_name, context.tool_type — per-tool governance
• tool_input.* — tool argument fields (direct prefix)
• step.* — retry_context fields (step.gate_count, step.prior_completion_status, etc. — Evaluation tier and above)

Example WCP Policy:

{
  "name": "block-gpt4-in-workflows",
  "description": "Block GPT-4 in production workflow LLM calls",
  "type": "context_aware",
  "category": "dynamic-security",
  "priority": 900,
  "enabled": true,
  "conditions": [
    {"field": "context.step_type", "operator": "equals", "value": "llm_call"},
    {"field": "context.model", "operator": "equals", "value": "gpt-4"}
  ],
  "actions": [
    {"type": "block", "config": {"reason": "GPT-4 not allowed in production workflows"}}
  ]
}

Post this body to POST /api/v1/policies. See WCP Policy Configuration for the full field reference and Dynamic Policy API for the endpoint contract.

See Workflow Control Plane for full documentation.

Documentation

Guide	Description
Policy Hierarchy	Three-tier architecture deep dive
System Policies	Complete list of 83 system policies
SDK Methods	Policy CRUD with TypeScript, Python, Go, Java
Policy Syntax	YAML syntax reference
Examples	Ready-to-use policy templates
Testing	Test and validate policies

Community vs Enterprise

Feature	Community	Enterprise
83 System policies (view)	✅	✅
System policy CRUD API (/api/v1/static-policies)	✅	✅
Tenant policy CRUD API (/api/v1/dynamic-policies)	✅	✅
Tenant-tier policies	✅ 20 limit	✅ Unlimited
Organization-tier policies	❌	✅ Full CRUD
Custom tenant policies (Proxy Mode)	❌	✅
System policy overrides	❌	✅
HITL policy overrides (human approval gates)	❌	✅
Policy version history	✅ Last 5	✅ Full audit trail
Pattern testing API	✅	✅
Customer Portal UI	❌	✅

Enterprise Policy Features

Enterprise unlocks organization-tier policies for company-wide rules, custom tenant policies with full context-aware evaluation in Proxy Mode, HITL policy overrides for human approval gates on high-risk decisions, and system policy overrides to customize built-in security rules. Compare Editions | Request Demo | AWS Marketplace

See Enterprise Policy Management for details.