Guides

Policy Gateway onboarding: custom moderation rules and audit logs

Set up an AI model gateway with custom moderation rules, scoped keys, quotas, shadow mode, canary rollout, and structured audit logs.

Updated 2026-01-13

Use this checklist to launch Policy Gateway in production with custom moderation rules, scoped keys, quota enforcement, and auditable logs.

Each step includes a UI reference and a minimal API call so teams can ship quickly.

Requires a Policy Gateway subscription and a signed-in user. Replace https://api.abliteration.ai with your own API base URL for staging or test environments.

Checklist at a glance

Follow these steps in order to go live safely.

Step 1 — Policy rules & quotas

Start by defining allow/deny lists, refusal replacement, and quota windows. These values are enforced by the Policy Gateway.

Abliteration/ console
1,195,242 creditsDocsA
← Policies

Customer Support Policy

internal

Used by 2 projects · Updated Jan 13

Delete
1. Define rules

Add allowlists, denylists, and moderation categories.

2. Pick action

Rewrite, block, summarize, or escalate matched requests.

3. Protect data

Redact PII before responses leave the gateway.

4. Roll out safely

Use shadow mode, percentages, and rollback guardrails.

Identity

Name, classification, and description.

Name
Customer Support Policy
Classification
Internal
Description
Support assistant rules for billing, account, and safety review workflows.
Deployment

Shadow mode vs production, rollout percentage, and auto-rollback guardrails.

Enforce in production
Shadow/prod

When off, policy runs in shadow mode.

Percentage of requests
Set rollout
5
Auto-rollback
Rollback

Disable enforcement if rollback decisions spike.

Rules

Allowlist, denylist, flagged categories, and enforcement action.

Allowlist (one per line)
Allow
product-feature-overview billing-support account-recovery
Denylist (one per line)
Deny
credential-requests customer-pii-export competitor-pricing
Flagged Categories
Select
harassmentillicitself-harmviolence
Enforcement Action
Choose
Rewrite
Redact PII in responses
Redact

Scrub emails, phone numbers, SSNs, credit cards, and API keys.

You have unsaved changes
DiscardSave changes
Set policy rules, reason codes, and quotas in the Policy Gateway studio.

Step 2 — Projects & scoped keys

Create a project per app or agent, then generate a scoped key for each environment.

Abliteration/ console
1,195,242 creditsDocsA

support-bot

Projects isolate policy, budgets, per-user quotas, web tools, and scoped API keys.

Save project
1. Link policy

Attach the policy every gateway request enforces.

2. Set budgets

Cap requests, tokens, and usage windows per project.

3. Limit users/tools

Apply per-user caps and constrain web tool domains.

4. Issue keys

Create scoped API keys that inherit project controls.

Policy

The policy this project enforces on all Policy Gateway requests.

Linked policy
Attach
Customer Support Policy
Customer Support Policyinternal
EditEdit policy →

Enforcement: rewrite · Deployment: production

Budget

Total requests and tokens allowed per window for this project.

Requests
Cap
20,000
Tokens
Cap
10,000,000
Window
Window
Monthly
Current monthly usage
Requests6,482 / 20,000
Tokens3.9M / 10M
User Quota

Optional per-end-user limit within this project's total budget.

Enforce per-user quotas
Per-user

Tracked via the X-Policy-User header.

Requests
Cap
5,000
Tokens
Cap
2,000,000
Window
Window
Daily
Web tools
Constrain
searchfetchdocs.company
API Keys

API keys tied to this project inherit its policy and budget.

Create scoped keyNew Key
LabelPreviewLast used
support-bot-prodak_...2f9a12 min ago
Create projects, set monthly budgets, and issue scoped keys.
curl https://api.abliteration.ai/api/policy-gateway/projects \
  -H "Authorization: Bearer $ABLIT_JWT" \
  -H "Content-Type: application/json" \
  -d '{ "name": "Support bot", "monthly_token_limit": 10000000, "monthly_request_limit": 20000 }'

curl https://api.abliteration.ai/api/policy-gateway/projects/support-bot/keys \
  -H "Authorization: Bearer $ABLIT_JWT" \
  -H "Content-Type: application/json" \
  -d '{ "label": "Support bot prod" }'

Step 3 — Enforce policy + audit

Send production requests through the policy gateway endpoint with policy_user and project IDs attached.

Abliteration/ console
1,195,242 creditsDocsA

Logs

Every policy decision across all projects and policies.

Export
1. Filter events

Narrow by decision, event type, policy, or project.

2. Track outcomes

See allowed, rewritten, blocked, and total decisions.

3. Open detail

Click a row to inspect the full policy event.

4. Audit export

Use event metadata as compliance evidence.

DecisionrewriteFilterEvent typeenforcementFilterPolicySupportFilterProjectsupport-botFilter
Total
12,842
Allowed
9,804
Rewritten
2,438
Blocked
600
Enforcement stream
Click row
TimeEvent typeDecisionPolicyReasonProject
12:44:10enforcementallowSupportallowlist matchsupport-bot
12:43:52enforcementrewriteSupportpii redactionsupport-bot
12:43:20simulationrefuseFinancedenylist termfinance-agent
12:42:59revisionsummarySupportsafe summarysupport-bot
Event detail
Inspect
Event ID
evt_01HX8Q7M2
Decision
rewrite
Policy
Support
Project
support-bot
Deployment
Canary 5%
Reason code
ALLOWLIST_REWRITE
Review enforcement history to validate outcomes and rollback spikes.
curl https://api.abliteration.ai/policy/chat/completions \
  -H "Authorization: Bearer $POLICY_KEY" \
  -H "Content-Type: application/json" \
  -H "X-Policy-User: user-12345" \
  -H "X-Policy-Project: support-bot" \
  -d '{
    "model": "abliterated-model",
    "messages": [{ "role": "user", "content": "Summarize our refund policy." }],
    "policy_id": "policy-gateway"
  }'

Go-live guardrails

These operational checks keep launches stable and auditable.