Policy Engine
Decision matrix & examples
The full mapping from guardrail actions and policy action to a decision, with worked examples for every combination.
This page expands the rules from Policy engine into a lookup table and worked examples. It assumes no session rule matched first — a matching session rule always takes precedence.
The matrix
Given the guardrail(s) that fired on a turn and the policy's action, the decision is:
| Guardrail(s) that fired | policy = `block` | policy = `flag` |
|---|---|---|
deny or follow | DENY | FLAG |
async (redact) only | MODIFY | MODIFY |
pass only | FLAG | FLAG |
async + deny/follow | DENY (+ redaction) | FLAG (+ redaction) |
| nothing fired | ALLOW | ALLOW |
Two rules make the table easy to remember: **async/redact never blocks (it only ever cleans content), and a flag policy never denies** (it caps at FLAG).
Worked examples
Reading the table as policy.action + guardrail expected ⇒ decision:
| Policy action | Guardrails that fired | Decision | Outcome |
|---|---|---|---|
flag | Redact guardrail only (async) | MODIFY | PII redacted; request proceeds. redacted=true, flagged=false, deny=false. |
block | Redact guardrail only (async) | MODIFY | Content cleaned; request still proceeds — redaction alone never blocks. |
block | Prompt-injection (deny) | DENY | Request rejected. flagged=true, deny=true. |
flag | Prompt-injection (deny) | FLAG | Allowed but marked — flag policy caps at FLAG. flagged=true, deny=false. |
block | Moderation (follow) | DENY | Follows the policy → deny on a block policy. |
flag | Moderation (follow) | FLAG | Follows the policy → flag on a flag policy. |
block | Redact (async) + prompt-injection (deny) | DENY | Denied by the blocking guardrail; redaction is still applied to the content. |
flag | Redact (async) + prompt-injection (deny) | FLAG | Capped at FLAG; redaction still applied as a side-effect. |
block or flag | Flag-only guardrail (pass) | FLAG | Surfaces the signal; never denies regardless of policy. |
block or flag | Nothing fired | ALLOW | Clean pass. All flags false. |
Session rules override the matrix
Before the matrix is consulted, the engine evaluates session rules. A matching rule decides the outcome — for example, enough flagged turns in a session can escalate an otherwise-FLAG turn to DENY on a block policy. See Session risk & rules.