Skip to main content
Policy Gateway is a paid add-on. Every feature described here and in the subsections requires an active Policy Gateway plan. See pricing.
Policy Gateway is abliteration.ai’s governance layer. It sits between your application and the model, evaluates every request and response, and emits a structured policy event.

Plans

Three plans scale by usage volume, not by feature. Every plan gets the full Policy Gateway surface — projects, policies, all rollout modes, every connector, streaming metadata, policy events: See the pricing page for current prices.

What a policy decides

Each request resolves to exactly one policy. The policy returns one of five decisions: The policy-level enforcement_action is one of rewrite | block | summarize | escalate. When a rule fires, the action maps to the decision (summarizesummary, blockrefuse, others pass through). Every decision has a corresponding reason_code in uppercase: ALLOW, REWRITE, SUMMARY, ESCALATE, REFUSE.

What a rule looks at

Rules are flat — there’s no nested match: DSL.

Rollout modes

Rollout is per policy, not per rule.

Auto-rollback

Every policy can auto-demote itself if the rate of negative decisions spikes:

Data classification

Every policy carries a classification field: public | internal | confidential | restricted. It doesn’t change behavior — it’s metadata for audit and access reviews.

Caveats

  1. Shadow mode still runs rules. Every allowlist / denylist / category check happens even in shadow — it just doesn’t block. This is what makes dry-run measurement possible.
  2. No per-rule rollout overrides. Rollout mode is a single knob at the policy level. Adding a rule doesn’t let you ramp that rule independently.
  3. Allowlist exclusivity. A non-empty allowlist forces refuse on any message without an allowlist hit, regardless of denylist/category.
  4. Canary is probabilistic. Two identical requests at percentage=50 can have different outcomes.

Next

Onboarding

Create a project, write a policy, attach a key

Policy endpoints

/policy/* surface and headers

Streaming metadata

The policy field on every SSE frame

Connectors

Stream events to your SIEM, log pipeline, or data lake
Last modified on April 28, 2026