Policies are the primary mechanism for controlling what flows through the Rivano proxy. A policy defines when to fire (condition) and what to do (action). Policies are declarative, versioned, and evaluated in the data plane with no latency impact on passing requests.

Policy phases

Phase	When it runs	What it can inspect
`request`	Before the request reaches the LLM provider	Full request body, messages, model name, token count, injection score, PII entities
`response`	After the LLM provider responds, before returning to caller	Response body, output tokens, PII entities, content patterns

A block action in the request phase prevents the request from ever reaching the provider. A block in the response phase returns a 403 to the caller and does not surface the LLM’s response.

Condition types

`injection_score`

Fires when the request’s injection risk score meets or exceeds the threshold.

condition:
  type: injection_score
  threshold: 0.7          # float 0.0–1.0

`pii_detected`

Fires when one or more of the specified entity types is found in the content.

condition:
  type: pii_detected
  entities: [ssn, email, phone, credit_card, name, address]
  # Omit 'entities' to match any PII type

`token_count`

Fires when the total token count (input + output) meets or exceeds the threshold.

condition:
  type: token_count
  threshold: 4000         # integer
  count_type: input       # 'input', 'output', or 'total'

`model_name`

Fires when the requested model name matches a pattern.

condition:
  type: model_name
  pattern: "gpt-4.*"      # glob pattern
  # Or an exact list:
  # models: [gpt-4o, gpt-4-turbo]

`content_pattern`

Fires when the content matches a regular expression.

condition:
  type: content_pattern
  pattern: "(?i)(password|secret|api.?key)"   # RE2 regex
  field: messages          # 'messages', 'system', or 'response'

Actions

Action	HTTP effect	Use case
`block`	Returns `403 Forbidden`	Hard stop — injection, forbidden models
`redact`	Modifies content, request proceeds	PII redaction in responses
`warn`	Adds `X-Rivano-Warning` header, request proceeds	Audit without disruption

Block response format

{
  "error": "Request blocked by policy",
  "policy": "block-high-token-requests",
  "details": {
    "token_count": 5200,
    "threshold": 4000
  }
}

Redact strategy (response phase only)

When action: redact, specify how matched values are replaced:

action: redact
redaction_strategy: mask      # mask | partial | tokenize | drop

YAML syntax

Define policies in rivano.yaml alongside your agent configurations:

# rivano.yaml
agents:
  - name: customer-support
    model_provider: openai
    model_name: gpt-4o
    environment: production

policies:
  - name: block-injection
    phase: request
    on: "*"                    # applies to all agents; or a specific agent name
    condition:
      type: injection_score
      threshold: 0.7
    action: block
    enabled: true

  - name: redact-pii-responses
    phase: response
    on: customer-support
    condition:
      type: pii_detected
      entities: [name, email, phone]
    action: redact
    redaction_strategy: mask
    enabled: true

  - name: warn-large-requests
    phase: request
    on: "*"
    condition:
      type: token_count
      threshold: 8000
      count_type: input
    action: warn
    enabled: true

Deploy with rivano deploy to apply the policy configuration.

Policy templates (foundational pack)

The foundational policy pack is a curated set of policies covering the most common security requirements. Apply it from the dashboard (Security → Policies → Apply Foundational Pack) or via the SDK:

import Rivano from '@rivano/sdk';

const rivano = new Rivano({ apiKey: process.env.RIVANO_API_KEY! });

// List available templates
const templates = await rivano.policies.listTemplates();
console.log(templates.data.map(t => t.name));
// ['foundational', 'hipaa-pii', 'financial-pii', 'injection-strict']

// Apply the foundational pack
await rivano.policies.applyTemplate('foundational', {
  agentName: '*',      // apply to all agents
  enabled: true,
});

# List templates
curl https://api.rivano.ai/api/policies/templates \
  -H "Authorization: Bearer rv_api_..."

# Apply foundational template
curl -X POST https://api.rivano.ai/api/policies/templates/apply \
  -H "Authorization: Bearer rv_api_..." \
  -H "Content-Type: application/json" \
  -d '{
    "template": "foundational",
    "agentName": "*",
    "enabled": true
  }'

The foundational pack includes:

Policy	Phase	Condition	Action
`block-injection`	request	`injection_score >= 0.7`	block
`redact-pii-responses`	response	`pii_detected: all types`	redact (mask)
`warn-high-token-requests`	request	`token_count >= 8000`	warn
`block-pii-in-requests`	request	`pii_detected: ssn, credit_card`	block

💡

Apply the foundational pack first, then customize individual policies. It is much faster than building from scratch and covers the most common attack vectors.

Policy evaluation order

Policies are evaluated in the order they are defined. The first policy whose condition matches determines the action for that phase. If no policy matches, the request passes through unchanged.

Exception: multiple warn policies can all fire — each adds a separate X-Rivano-Warning header value.

PII Detection — PII entity types and redaction details
Injection Detection — Injection scoring details
Policies API — REST endpoints for policy management
CLI Policies — Manage policies from the terminal

Policies

Policy phases

Condition types

injection_score

pii_detected

token_count

model_name

content_pattern