Guardrails
PII redaction, prompt injection detection, geo-blocking, and spend limits.
Guardrails are configured per workspace in Dashboard → Guardrails and enforced at the gateway before upstream calls.
- PII redaction — detect and mask emails, phone numbers, and custom patterns.
- Prompt injection — block or flag suspicious system/user content.
- Geo restrictions — allow or deny requests by country code.
- Spend limits — daily workspace and per-key caps with 402 insufficient_balance.
- Model allowlist — reject models not on the key or workspace list.