SecurityPolicy is passed to Create() via the WithSecurity option. It composes PII detection, injection defense, toxicity / code-security / invisible-text scanners, network policy, transformation rules, audit logging, and environment variable security into a single struct.
SecurityPolicy
| Field | Type | Description |
|---|---|---|
PII | *PIIConfig | PII detection and redaction |
InjectionDefense | *InjectionDefenseConfig | Prompt injection defense |
Transformations | []TransformationRule | Regex-based request/response transformations |
Network | *NetworkPolicy | Network allowlist/denylist |
Audit | *AuditConfig | Audit logging |
EnvSecurity | *EnvSecurityConfig | Environment variable masking |
Toxicity | *ToxicityConfig | Toxicity scanner |
CodeSecurity | *CodeSecurityConfig | Code security scanner |
InvisibleText | *InvisibleTextConfig | Invisible Unicode scanner |
ContentGate | *ContentGateConfig | content.scan OPA gate (model allowlist) |
CustomPolicy | *CustomPolicyConfig | Customer-supplied OPA/Rego policy |
Methods
| Method | Returns | Description |
|---|---|---|
policy.RequiresTLSInterception() | bool | true if any scanner requires TLS interception |
policy.ToJSON() | map[string]interface{} | Serialize to API-compatible map |
ParseSecurityPolicy(data) | *SecurityPolicy | Deserialize from API response |
PIIConfig
Configure detection and handling of personally identifiable information in outbound HTTP traffic.| Field | Type | Default | Description |
|---|---|---|---|
Enabled | bool | false | Whether PII scanning is active |
Types | []PIIType | all types | PII types to scan for |
Action | RedactionAction | "" | Action on detection: "redact", "block", "log_only" |
Model | string | "" | Scanner model to use |
PIIType constants
RedactionAction constants
InjectionDefenseConfig
Detect and block prompt injection attempts in outbound HTTP request bodies.| Field | Type | Default | Description |
|---|---|---|---|
Enabled | bool | false | Whether injection defense is active |
Sensitivity | InjectionSensitivity | "" | "low", "medium", or "high" |
Action | InjectionAction | "" | "block" or "log_only" |
ToxicityConfig
Scan outbound HTTP request bodies for toxic content.| Field | Type | Default | Description |
|---|---|---|---|
Enabled | bool | false | Whether toxicity scanning is active |
Threshold | float64 | 0 | Confidence threshold (0.0–1.0) |
CodeSecurityConfig
Detect suspicious code in outbound HTTP request bodies.| Field | Type | Default | Description |
|---|---|---|---|
Enabled | bool | false | Whether code-security scanning is active |
DetectSuspiciousImports | bool | false | Flag suspicious import statements |
InvisibleTextConfig
Detect invisible or control Unicode characters in outbound HTTP request bodies.| Field | Type | Default | Description |
|---|---|---|---|
Enabled | bool | false | Whether invisible-text scanning is active |
DetectZeroWidth | bool | false | Detect zero-width characters |
CustomPolicyConfig
Attach OPA/Rego policy — a built-in governance pack viaPolicyRef, or your
own rules via InlineRego/InlineModules. Custom rules are evaluated at the
enforcement layer alongside the platform defaults and can only tighten policy,
never relax it.
| Field | Type | Default | Description |
|---|---|---|---|
Enabled | bool | false | Whether custom policy evaluation is active |
InlineRego | string | "" | A single Rego module string appended to platform defaults |
InlineModules | []string | nil | Independent Rego module strings, each its own package |
PolicyRef | string | "" | Reference a bundle by name@version, sha256:<hex>, or blob:<key> |
DefaultDeny | bool | false | Fail-closed: when true, an evaluator error denies the action |
ContentGateConfig
Run thecontent.scan OPA gate (e.g. an LLM model allowlist / cross-signal
rules) on the listed domains. Opts a sandbox into content-gate enforcement
without requiring an ML scanner to be enabled.
| Field | Type | Default | Description |
|---|---|---|---|
Enabled | bool | false | Whether the content gate is active |
Domains | []string | nil | Opt-in destination hosts to intercept; empty intercepts none |
NetworkPolicy
Network allowlist and denylist for outbound traffic from the sandbox.| Field | Type | Description |
|---|---|---|
AllowOut | []string | Destinations to allow (IPs, CIDRs, domains) |
DenyOut | []string | Destinations to deny (IPs, CIDRs) |
TransformationRule
Regex-based text transformation applied to outbound request bodies, inbound response bodies, or both.| Field | Type | Description |
|---|---|---|
Match | string | Regular expression pattern |
Replace | string | Replacement string |
Direction | TransformDirection | "in", "out", or "both" |