Guard Policy

Where policies live
Policy types
PII
Topic
Final action priority
Related

Where policies live

Created and managed at the Project level in Citadel.
Versioned — the active version of each policy is what Guardian evaluates.
Applied to a Project or to a specific Guard API.

Policy types

PII

Three detection mechanisms that can be combined in a single policy:

Mechanism	Matches by	Typical use
NER (Named Entity Recognition)	AI-inferred entities (person names, addresses, etc.)	Semantically fuzzy categories
Regex	Regular expression pattern	Structured identifiers (resident numbers, phone, email)
Keyword	Exact-match keyword	Project names, confidential terms

Each rule declares a policy_type:

`policy_type`	Action	Effect
`PASSING`	PASS	Detection is logged but allowed through.
`MASKING`	MASK	Detected text is replaced with `mask_word` (e.g., `[PERSON_NAME]`).
`BLOCKING`	BLOCK	Request is blocked.

Topic

Topic rules classify the entire conversation into safe, unsafe, or controversial categories. unsafe matches trigger BLOCK; controversial matches can route to review.

Final action priority

When multiple policies apply:

BLOCKING(BLOCK) > MASKING(MASK) > PASSING(PASS)

If any rule says BLOCK, the final action is BLOCK. Otherwise if any rule says MASK, the final is MASK. Otherwise PASS.

PASS / MASK / BLOCK

What each action means for the response payload.

Key concepts PASS, MASK, BLOCK

Get started

Core concepts

Reference

Where policies live

Policy types

PII

Topic

Final action priority

PASS / MASK / BLOCK

Get started

Core concepts

Reference

​Where policies live

​Policy types

​PII

​Topic

​Final action priority

​Related

PASS / MASK / BLOCK

Where policies live

Policy types

PII

Topic

Final action priority

Related