Media Governance

AxonFlow provides governance for images sent to multimodal LLMs (GPT-4o, Claude, Gemini). Images are validated, scanned for PII via OCR, and evaluated against media policies before reaching the LLM provider.

Supported Formats

Format	MIME Type
JPEG	image/jpeg
PNG	image/png
GIF	image/gif
WebP	image/webp

Limits: Max 20MB per image, max 8192px dimension, max 10 images per request.

How It Works

1. Client sends images (base64 or URL) alongside the query
2. AxonFlow validates format, size, and dimensions
3. Local OCR extracts text; PII pipeline scans extracted text
4. Results are evaluated against media policies
5. Request proceeds or is blocked based on system media policies and custom rules

What's Included

• Image type, size, and dimension validation
• Local OCR via Tesseract for text extraction
• PII detection on extracted text (reuses the existing PII pipeline)
• SHA-256 hash stored in audit trail
• Aggregate cost estimation
• System media policies (NSFW blocking, violence warning, biometric audit, PII blocking, sensitive document detection)

Enterprise Features

Enterprise tier adds cloud analyzers (AWS Rekognition, Google Vision, Azure Vision), face/biometric detection, NSFW scoring, document classification, per-tenant media governance configuration, and custom analyzer plugins. Learn more.

System Media Policies

AxonFlow ships with 5 system media policies that are active whenever media governance is enabled. These provide baseline protection for common media risks without requiring any manual configuration.

Policy ID	Name	Condition	Default Action	Category
sys_media_nsfw_block	Block NSFW content	media.nsfw_score > 0.8	Block	media-safety
sys_media_violence_warn	Warn on violent content	media.violence_score > 0.7	Alert + Log	media-safety
sys_media_biometric_log	Log biometric data	media.has_biometric_data == true	Log	media-biometric
sys_media_pii_block	Block PII in images	media.has_pii == true	Block	media-pii
sys_media_sensitive_doc_warn	Warn on sensitive documents	media.is_sensitive_document == true	Alert + Log	media-document

System media policies follow the same hierarchy as the existing 63 system text policies. All tiers can toggle system media policies on or off via the Dynamic Policy API (/api/v1/dynamic-policies), which is the same API used for all dynamic policies. Enterprise tier can also modify the default action and priority of system media policies through the same API. No tier can modify the condition, name, description, or type of system policies.

note

Toggling system media policies is done through the Dynamic Policy API, not through the Media Governance Configuration API. The configuration API manages per-tenant settings (enable/disable media governance, restrict analyzers) and is available only to the Enterprise tier.

Media Policy Categories

System and custom media policies are organized into categories:

• media-safety -- Content safety signals such as NSFW and violence scoring
• media-biometric -- Biometric data detection (faces, fingerprints)
• media-pii -- Personally identifiable information detected in images
• media-document -- Sensitive document classification (contracts, IDs, medical records)

Enable/Disable Media Governance

Media governance availability depends on your AxonFlow tier.

Community Tier

Media governance is disabled by default on Community. To opt in, set the environment variable on your AxonFlow server:

export MEDIA_GOVERNANCE_ENABLED=true

Then restart AxonFlow. System media policies and media analysis will be active for all subsequent requests that include images.

Evaluation Tier

Media governance is enabled by default. No configuration is required. System media policies are active out of the box.

Enterprise Tier

Media governance is enabled by default with full per-tenant control via the configuration API. Administrators can enable or disable media governance per tenant and restrict which analyzers are available. See Per-Tenant Configuration below.

Per-Tenant Configuration

Enterprise Only

Per-tenant media governance configuration requires an Enterprise license. Community and Evaluation tiers use the platform-wide default.

Enterprise deployments can manage media governance settings per tenant using the SDK or the Media Governance Configuration API.

Check Feature Status

status, err := client.GetMediaGovernanceStatus()
// status.Available: true
// status.EnabledByDefault: true
// status.PerTenantControl: true
// status.Tier: "enterprise"

Get Current Configuration

config, err := client.GetMediaGovernanceConfig()
// config.TenantID: "my-tenant"
// config.Enabled: true
// config.AllowedAnalyzers: []string{}

Update Configuration

config, err := client.UpdateMediaGovernanceConfig(axonflow.MediaGovernanceConfig{
    Enabled:          false,
    AllowedAnalyzers: []string{"local-ocr", "aws-rekognition"},
})

Setting Enabled to false disables media governance for the tenant. Setting AllowedAnalyzers to an empty list (the default) allows all registered analyzers. Specifying analyzer names restricts the tenant to only those analyzers.

SDK Usage

Python

resp = await client.proxy_llm_call_with_media(
    query="What's in this image?",
    user_token="user-123",
    request_type="chat",
    media=[MediaContent(
        source="base64",
        mime_type="image/jpeg",
        base64_data=encoded_image,
    )],
)

if resp.media_analysis:
    for result in resp.media_analysis.results:
        print(f"Image {result.media_index}: safe={result.content_safe}, pii={result.has_pii}")

TypeScript

const resp = await axonflow.proxyLLMCall({
  query: "What's in this image?",
  userToken: "user-123",
  requestType: "chat",
  media: [{
    source: "base64",
    mimeType: "image/jpeg",
    base64Data: encodedImage,
  }],
});

if (resp.mediaAnalysis) {
  for (const result of resp.mediaAnalysis.results) {
    console.log(`Image ${result.mediaIndex}: safe=${result.contentSafe}, pii=${result.hasPII}`);
  }
}

Go

resp, err := client.ProxyLLMCallWithMedia(
    "user-123",
    "What's in this image?",
    "chat",
    []axonflow.MediaContent{{
        Source:     "base64",
        MIMEType:   "image/jpeg",
        Base64Data: encodedImage,
    }},
    nil,
)

if resp.MediaAnalysis != nil {
    for _, result := range resp.MediaAnalysis.Results {
        fmt.Printf("Image %d: safe=%v, hasPII=%v\n",
            result.MediaIndex, result.ContentSafe, result.HasPII)
    }
}

Java

ClientRequest request = ClientRequest.builder()
    .query("What's in this image?")
    .userToken("user-123")
    .requestType(RequestType.CHAT)
    .media(List.of(MediaContent.builder()
        .source("base64")
        .mimeType("image/jpeg")
        .base64Data(encodedImage)
        .build()))
    .build();

ClientResponse resp = client.proxyLLMCall(request);

if (resp.getMediaAnalysis() != null) {
    for (MediaAnalysisResult result : resp.getMediaAnalysis().getResults()) {
        System.out.printf("Image %d: safe=%b, pii=%b%n",
            result.getMediaIndex(), result.isContentSafe(), result.isHasPII());
    }
}

Media Policy Conditions

Use these fields in dynamic policies to create media governance rules:

Field	Type	Description	Example
media.content_safe	bool	All images pass content safety	media.content_safe == false
media.has_pii	bool	PII detected via OCR	media.has_pii == true
media.pii_types	[]string	Types of PII found	media.pii_types contains "SSN"
media.has_extracted_text	bool	OCR extracted text from the image	media.has_extracted_text == true
media.extracted_text_length	int	Length of OCR-extracted text in characters	media.extracted_text_length > 100
media.has_faces	bool	Face detection (Enterprise)	media.has_faces == true
media.nsfw_score	float	Content safety score 0.0-1.0 (Enterprise)	media.nsfw_score > 0.5
media.has_biometric_data	bool	Biometric data detected (faces, fingerprints)	media.has_biometric_data == true
media.violence_score	float	Violence content score 0.0-1.0 (Enterprise)	media.violence_score > 0.7
media.is_sensitive_document	bool	Image classified as sensitive document	media.is_sensitive_document == true
media.face_count	int	Number of faces detected in the image	media.face_count > 0
media.document_type	string	Classified document type (e.g., "id_card", "contract")	media.document_type == "id_card"

Example: Warn on PII in Images

{
  "name": "warn-pii-in-images",
  "description": "Warn when PII is detected in image text",
  "conditions": {
    "media.has_pii": true
  },
  "action": "warn",
  "message": "PII detected in image content"
}

Audit Trail

All media analysis results are recorded in the audit trail:

• SHA-256 hash of each image
• MIME type and file size
• PII detection flags and types
• Content safety status
• Warnings generated
• Estimated cost per image

See Also

• Media Governance Configuration API
• PII Detection & Redaction
• Security Best Practices
• Policy Syntax
• Audit Logging
• Community vs Enterprise