Policy Gateway onboarding: custom moderation rules and audit logs
Set up an AI model gateway with custom moderation rules, scoped keys, quotas, shadow mode, canary rollout, and structured audit logs.
Use this checklist to launch Policy Gateway in production with custom moderation rules, scoped keys, quota enforcement, and auditable logs.
Each step includes a UI reference and a minimal API call so teams can ship quickly.
Requires a Policy Gateway subscription and a signed-in user. Replace https://api.abliteration.ai with your own API base URL for staging or test environments.
Checklist at a glance
Follow these steps in order to go live safely.
Step 1 — Policy rules & quotas
Start by defining allow/deny lists, refusal replacement, and quota windows. These values are enforced by the Policy Gateway.
Customer Support Policy
internalUsed by 2 projects · Updated Jan 13
Add allowlists, denylists, and moderation categories.
Rewrite, block, summarize, or escalate matched requests.
Redact PII before responses leave the gateway.
Use shadow mode, percentages, and rollback guardrails.
Name, classification, and description.
Shadow mode vs production, rollout percentage, and auto-rollback guardrails.
When off, policy runs in shadow mode.
Disable enforcement if rollback decisions spike.
Allowlist, denylist, flagged categories, and enforcement action.
Scrub emails, phone numbers, SSNs, credit cards, and API keys.
Step 2 — Projects & scoped keys
Create a project per app or agent, then generate a scoped key for each environment.
support-bot
Projects isolate policy, budgets, per-user quotas, web tools, and scoped API keys.
Attach the policy every gateway request enforces.
Cap requests, tokens, and usage windows per project.
Apply per-user caps and constrain web tool domains.
Create scoped API keys that inherit project controls.
The policy this project enforces on all Policy Gateway requests.
Enforcement: rewrite · Deployment: production
Total requests and tokens allowed per window for this project.
Optional per-end-user limit within this project's total budget.
Tracked via the X-Policy-User header.
API keys tied to this project inherit its policy and budget.
curl https://api.abliteration.ai/api/policy-gateway/projects \
-H "Authorization: Bearer $ABLIT_JWT" \
-H "Content-Type: application/json" \
-d '{ "name": "Support bot", "monthly_token_limit": 10000000, "monthly_request_limit": 20000 }'
curl https://api.abliteration.ai/api/policy-gateway/projects/support-bot/keys \
-H "Authorization: Bearer $ABLIT_JWT" \
-H "Content-Type: application/json" \
-d '{ "label": "Support bot prod" }'Step 3 — Enforce policy + audit
Send production requests through the policy gateway endpoint with policy_user and project IDs attached.
Logs
Every policy decision across all projects and policies.
Narrow by decision, event type, policy, or project.
See allowed, rewritten, blocked, and total decisions.
Click a row to inspect the full policy event.
Use event metadata as compliance evidence.
curl https://api.abliteration.ai/policy/chat/completions \
-H "Authorization: Bearer $POLICY_KEY" \
-H "Content-Type: application/json" \
-H "X-Policy-User: user-12345" \
-H "X-Policy-Project: support-bot" \
-d '{
"model": "abliterated-model",
"messages": [{ "role": "user", "content": "Summarize our refund policy." }],
"policy_id": "policy-gateway"
}'Go-live guardrails
These operational checks keep launches stable and auditable.