Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.abliteration.ai/llms.txt

Use this file to discover all available pages before exploring further.

Stream Policy Gateway events to your SIEM, log pipeline, or data lake. Configure connectors per project in the console.

Available destinations

Thirteen connectors across three categories. Every Policy Gateway plan gets all of them.

SIEM & observability

Splunk HEC

HTTP Event Collector with token auth

Datadog Logs

Datadog Logs intake API

Elastic

Elasticsearch / Elastic Cloud index

Azure Monitor

Log Analytics workspace (Data Collector API)

Cloud storage

Amazon S3

Bucket archive

Azure Blob Storage

Container archive

Google Cloud Storage

Bucket archive via S3-compatible HMAC keys

Backblaze B2

Bucket archive via S3-compatible API

Cloudflare R2

Zero-egress bucket archive

Generic

HTTP Webhook

POST to any endpoint (Slack, PagerDuty, internal)

S3-Compatible

MinIO, Wasabi, DigitalOcean Spaces, etc.

OpenTelemetry

OTLP over HTTP or gRPC

Event shape

Every decision emits one event. All three event classes (enforcement, simulation, revision) share a base schema: 
{
  "event_id": "3d14a2b8-...",
  "event_type": "enforcement",
  "source": "policy_gateway",
  "created_at": "2026-04-20T18:30:00Z",
  "user_id": "user_...",
  "org_id": null,
  "policy_id": "support-bot",
  "policy_name": "Support bot policy",
  "data_classification": "internal",
  "history_id": null,

  "decision": "refuse",
  "effective_decision": "allow",
  "enforced": false,
  "rollout_mode": "shadow",
  "reason_code": "REFUSE",
  "triggered_categories": [],
  "allowlist_hits": [],
  "denylist_hits": ["competitor-x"],
  "policy_target": "chat.completions",
  "policy_user": "user_42",
  "quota_subject": "user_42",
  "project_id": "proj_support_bot",
  "project_label": "Support Bot",
  "model": "abliterated-model"
}

Decision fields

FieldMeaning
decisionRaw rule outcome — one of allow, rewrite, summary, escalate, refuse
effective_decisionWhat was actually applied. In shadow/non-enforced canary, this equals allow even when decision != allow
enforcedBoolean — was the decision acted on (true) or only logged (false)
rollout_modeshadow, canary, enforced, or rollback
reason_codeUppercase code mirroring the decision: ALLOW, REWRITE, SUMMARY, ESCALATE, REFUSE. Policies can override with a custom reason_codes list.
triggered_categoriesModeration categories that matched
allowlist_hits / denylist_hitsWhich terms matched
policy_targetchat.completions, messages, responses, mcp_tool
policy_userSubject from X-Policy-User header (if sent)
quota_subjectEffective per-user subject (policy_user, or falls back to user_id)

Event variants

event_type: "enforcement" fires on every governed request and uses the base schema above. event_type: "simulation" fires when the console’s policy simulator is used. Adds: 
scenario_categories: string[]   // categories forced into the simulated scenario
event_type: "revision" fires on policy create/update/delete. Adds: 
edit_type:        "create" | "update" | "delete"
config_snapshot:  <full policy config at time of change>

Delivery

At-least-once delivery — expect duplicates and dedupe on event_id. Connector health surfaces in the console.
Last modified on May 3, 2026