Skip to main content
Get Policy Gateway evaluating your traffic in six steps.

1. Create a project

In the console, create a project. Each project holds:
FieldPurpose
name, descriptionDisplay metadata
statusactive or disabled
budgetrequests / tokens / window (daily, weekly, monthly) — project-wide quota
user_quotaPer-user quota, keyed on the X-Policy-User header
web_toolsenabled + allowed_domains + blocked_domains — restricts web_search / web_fetch reach
policy_idThe policy this project evaluates against (set in step 3)
Projects hold exactly one policy. API keys are scoped to exactly one project.

2. Write a policy

Policies have three sections: metadata, rules, deployment. 
{
  "name": "support-bot",
  "description": "Policy for customer-facing support agent",
  "classification": "internal",
  "config": {
    "rules": {
      "allowlist": [],
      "denylist": ["competitor-x", "internal project codename"],
      "flagged_categories": ["hate", "harassment", "sexual"],
      "enforcement_action": "block",
      "escalation_path": "policy-oncall@acme.com",
      "redact_pii": true
    },
    "deployment": {
      "enabled": false,
      "percentage": 0,
      "auto_rollback": {
        "enabled": true,
        "threshold_pct": 20,
        "min_requests": 100,
        "window_minutes": 15,
        "cooldown_minutes": 60,
        "rollback_decisions": ["refuse", "escalate"]
      }
    }
  }
}
Start with deployment.enabled: false — shadow mode. Attach the policy via the console, or via API: 
curl -X PATCH https://api.abliteration.ai/api/policy-gateway/projects/proj_support_bot \
  -H "Authorization: Bearer $ABLIT_KEY" \
  -H "Content-Type: application/json" \
  -d '{"policy_id": "support-bot"}'

4. Issue a scoped API key

In the console, create an API key under the project. That key is bound to the project — every request made with it is evaluated against the linked policy.

5. Send traffic through the policy surface

Point your client at /policy/* (not /v1/*) so policy evaluation and metadata injection happen: 
curl https://api.abliteration.ai/policy/chat/completions \
  -H "Authorization: Bearer $ABLIT_KEY" \
  -H "X-Policy-User: user_42" \
  -d '{"model": "abliterated-model", "messages": [...]}'
See policy endpoints for header semantics.

6. Observe, then enforce

Let shadow mode run. Review decisions in the console or via your configured connector. When the allow/refuse rate looks right, flip deployment.enabled: true and ramp percentage from 10 → 100 using canary mode.
Last modified on May 3, 2026