AI GatewayUpdated 2026-01-13

Policy-as-code for LLM behavior

Define LLM behavior with policy-as-code rules, allowlists, denylists, and reason codes in an AI gateway.

Policy-as-code makes LLM behavior explicit and testable, just like infrastructure-as-code.

Policy Gateway is an AI gateway that turns LLM guardrails into versioned JSON with rollouts and audit logs.

Definition

Policy-as-code for LLM behavior

Policy-as-code for LLM behavior is the practice of defining LLM rules in versioned, reviewable JSON so outcomes are predictable and auditable.

Why it matters

Policies are versioned and can be reviewed like code.
Reason codes make moderation outcomes deterministic.
Rollouts and simulations reduce risk during policy changes.

How it works

01Define allowlist and denylist topics in policy JSON.
02Add flagged categories and response patterns for safe outputs.
03Apply the policy via the AI gateway endpoint with policy_id.

Runnable cURL snippet

curl https://api.abliteration.ai/policy/chat/completions \
  -H "Authorization: Bearer $POLICY_KEY" \
  -H "Content-Type: application/json" \
  -H "X-Policy-User: user-4481" \
  -H "X-Policy-Project: knowledge-bot" \
  -d '{
    "model": "abliterated-model",
    "messages": [{"role":"user","content":"Share our internal incident response steps."}],
    "policy_id": "policy-as-code"
  }'

Example policy JSON

{
  "policy_id": "policy-as-code",
  "name": "Policy as code",
  "owner": "Security team",
  "description": "Explicit allowlist and denylist behavior.",
  "rules": {
    "allowlist": ["public docs", "status page"],
    "denylist": ["internal incident", "credential sharing", "security bypass"],
    "flagged_categories": ["self-harm/intent", "violence/graphic", "sexual/minors"],
    "response_pattern": "refuse",
    "rewrite_instead_of_refuse": false,
    "redact": true,
    "reason_codes": ["ALLOW", "REFUSE", "REDACT"]
  },
  "org_controls": {
    "project_keys": true,
    "user_quotas": true,
    "audit_logs": true,
    "data_classification": "restricted",
    "user_quota": { "requests": 100, "tokens": 10000, "window": "daily" },
    "project_quota": { "requests": 5000, "tokens": 500000, "window": "monthly" }
  },
  "rollout": {
    "shadow": { "enabled": true, "sample_percent": 25, "targets": ["knowledge-bot"] },
    "canary": { "enabled": true, "sample_percent": 10, "targets": ["knowledge-bot"] },
    "rollback_on_spike": true
  },
  "refusal_replacement": { "mode": "refuse", "escalation_path": "security@company.com" }
}

Before and after

Before (no policy-as-code)

Assistant shares internal steps without a clear rule set.

After (policy-as-code)

decision: refuse
reason_code: REFUSE
denylist_hits: ["internal incident"]

Run the Policy Gateway simulator

Validate policy-as-code rules before rolling them into production.

Run a simulation

FAQ

Frequently asked questions.

How do I version policies?

Export policy JSON from the console and store it in Git with your application code.

Can I canary policy changes?

Yes. Use rollout.canary to apply changes to a percentage of traffic first.

Next steps.

Policy Gateway feature page Policy Gateway integration contract Policy Gateway onboarding checklist Rate limits and retries Anthropic Pentagon case explainer API pricing Privacy policy