> ## Documentation Index
> Fetch the complete documentation index at: https://docs.abliteration.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Onboarding

> Set up your first policy, project, and scoped key on Policy Gateway in six steps.

Get Policy Gateway evaluating your traffic in six steps.

## 1. Create a project

In the [console](https://abliteration.ai/console), create a project. Each project holds:

| Field                 | Purpose                                                                                      |
| --------------------- | -------------------------------------------------------------------------------------------- |
| `name`, `description` | Display metadata                                                                             |
| `status`              | `active` or `disabled`                                                                       |
| `budget`              | `requests` / `tokens` / `window` (daily, weekly, monthly) — project-wide quota               |
| `user_quota`          | Per-user quota, keyed on the `X-Policy-User` header                                          |
| `web_tools`           | `enabled` + `allowed_domains` + `blocked_domains` — restricts web\_search / web\_fetch reach |
| `policy_id`           | The policy this project evaluates against (set in step 3)                                    |

Projects hold exactly **one** policy. API keys are scoped to exactly **one** project.

## 2. Write a policy

Policies have three sections: metadata, rules, deployment.

```json theme={"system"}
{
  "name": "support-bot",
  "description": "Policy for customer-facing support agent",
  "classification": "internal",
  "config": {
    "rules": {
      "allowlist": [],
      "denylist": ["competitor-x", "internal project codename"],
      "flagged_categories": ["hate", "harassment", "sexual"],
      "enforcement_action": "block",
      "escalation_path": "policy-oncall@acme.com",
      "redact_pii": true
    },
    "deployment": {
      "enabled": false,
      "percentage": 0,
      "auto_rollback": {
        "enabled": true,
        "threshold_pct": 20,
        "min_requests": 100,
        "window_minutes": 15,
        "cooldown_minutes": 60,
        "rollback_decisions": ["refuse", "escalate"]
      }
    }
  }
}
```

Start with `deployment.enabled: false` — shadow mode.

## 3. Link policy to project

Attach the policy via the console, or via API:

```sh theme={"system"}
curl -X PATCH https://api.abliteration.ai/api/policy-gateway/projects/proj_support_bot \
  -H "Authorization: Bearer $ABLIT_KEY" \
  -H "Content-Type: application/json" \
  -d '{"policy_id": "support-bot"}'
```

## 4. Issue a scoped API key

In the console, create an API key under the project. That key is bound to the project — every request made with it is evaluated against the linked policy.

## 5. Send traffic through the policy surface

Point your client at `/policy/*` (not `/v1/*`) so policy evaluation and metadata injection happen:

```sh theme={"system"}
curl https://api.abliteration.ai/policy/chat/completions \
  -H "Authorization: Bearer $ABLIT_KEY" \
  -H "X-Policy-User: user_42" \
  -d '{"model": "abliterated-model", "messages": [...]}'
```

See [policy endpoints](/api/policy-endpoints) for header semantics.

## 6. Observe, then enforce

Let shadow mode run. Review decisions in the console or via your configured [connector](/policy-gateway/connectors). When the allow/refuse rate looks right, flip `deployment.enabled: true` and ramp `percentage` from 10 → 100 using canary mode.
