Policy Gateway is a paid add-on. Every feature described here and in the subsections requires an active Policy Gateway plan. See pricing.
Plans
Three plans scale by usage volume, not by feature. Every plan gets the full Policy Gateway surface — projects, policies, all rollout modes, every connector, streaming metadata, policy events:
See the pricing page for current prices.
What a policy decides
Each request resolves to exactly one policy. The policy returns one of five decisions:
The policy-level
enforcement_action is one of rewrite | block | summarize | escalate. When a rule fires, the action maps to the decision (summarize → summary, block → refuse, others pass through). Every decision has a corresponding reason_code in uppercase: ALLOW, REWRITE, SUMMARY, ESCALATE, REFUSE.
What a rule looks at
Rules are flat — there’s no nestedmatch: DSL.
Rollout modes
Rollout is per policy, not per rule.Auto-rollback
Every policy can auto-demote itself if the rate of negative decisions spikes:Data classification
Every policy carries aclassification field: public | internal | confidential | restricted. It doesn’t change behavior — it’s metadata for audit and access reviews.
Caveats
- Shadow mode still runs rules. Every allowlist / denylist / category check happens even in shadow — it just doesn’t block. This is what makes dry-run measurement possible.
- No per-rule rollout overrides. Rollout mode is a single knob at the policy level. Adding a rule doesn’t let you ramp that rule independently.
- Allowlist exclusivity. A non-empty allowlist forces
refuseon any message without an allowlist hit, regardless of denylist/category. - Canary is probabilistic. Two identical requests at
percentage=50can have different outcomes.
Next
Onboarding
Create a project, write a policy, attach a key
Policy endpoints
/policy/* surface and headers
Streaming metadata
The
policy field on every SSE frameConnectors
Stream events to your SIEM, log pipeline, or data lake