Skip to main content
Policy metadata injection only runs on /policy/* endpoints and requires a Policy Gateway plan.
When you stream from a /policy/* endpoint, every SSE frame carries a policy field describing the current enforcement state. This lets clients render compliance UI (warning banners, “why was this blocked” tooltips, audit links) without a second API call.

Enabling

Metadata injection is automatic on any /policy/* streaming response. /v1/* endpoints never inject.

Frame shape

Standard Anthropic SSE frame, unmodified: 
event: content_block_delta
data: {"type": "content_block_delta", "index": 0, "delta": {"type": "text_delta", "text": "Hello"}}
Same frame on /policy/messages: 
event: content_block_delta
data: {"type": "content_block_delta", "index": 0, "delta": {"type": "text_delta", "text": "Hello"}, "policy": {
  "policy_id": "support-bot",
  "decision": "allow",
  "effective_decision": "allow",
  "reason_code": "ALLOW",
  "rollout_mode": "enforced",
  "enforced": true,
  "triggered_categories": [],
  "allowlist_hits": ["refund policy"],
  "denylist_hits": [],
  "policy_target": "support-bot"
}}
The policy object appears on every SSE data: line — message_start, content_block_start, content_block_delta, message_delta, message_stop. The values are stable across the stream unless a rule fires mid-stream (e.g., output classifier).

Fields

See the policy event reference for the full field list — the streaming policy object is a subset of the enforcement event.

Client example

const res = await fetch("https://api.abliteration.ai/policy/messages", {
  method: "POST",
  headers: {
    Authorization: `Bearer ${process.env.ABLIT_KEY}`,
    "X-Policy-Project": "proj_support_bot",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    model: "abliterated-model",
    stream: true,
    max_tokens: 1024,
    messages: [{ role: "user", content: "Hello" }],
  }),
});

const reader = res.body.getReader();
const decoder = new TextDecoder();
let buffer = "";

while (true) {
  const { done, value } = await reader.read();
  if (done) break;
  buffer += decoder.decode(value, { stream: true });

  for (const line of buffer.split("\n")) {
    if (!line.startsWith("data: ")) continue;
    const frame = JSON.parse(line.slice(6));
    if (frame.policy?.effective_decision !== "allow") {
      console.warn("Policy intervention:", frame.policy);
    }
    // ...render content as usual
  }
}