Creating Policies

Policies are collections of guardrails organized by purpose. They define how your organization governs AI.

Policy Creation

Via Dashboard

• Policies → Create Policy
• Name: “Production Governance”
• Select guardrails to include
• Configure overrides (optional)
• Set rollout strategy
• Click Create

Via API

$
curl -X POST https://api.governanceai.com/v1/policies \
>
  -H "Authorization: Bearer $API_KEY" \
>
  -d '{
>
    "name": "Production LLM Governance",
>
    "description": "Enforce safety and compliance in production",
>
    "guardrail_ids": ["guardrail_pii", "guardrail_toxic", "guardrail_rate_limit"],
>
    "scope": "organization",
>
    "enforcement": {
>
      "mode": "blocking",
>
      "log_violations": true
>
    }
>
  }'

Policy Versions

Policies are versioned automatically:

• v1.0 - Initial policy
• v1.1 - Added guardrail
• v2.0 - Major update

Rollback to previous version anytime.

Scopes

• Organization - Apply to entire org
• Workspace - Apply to specific workspace
• Application - Apply to specific app
• User - Apply to specific user

Narrower scopes override broader ones.

Policy Testing

Test impact before deploying:

$
curl -X POST https://api.governanceai.com/v1/policies/test \
>
  -H "Authorization: Bearer $API_KEY" \
>
  -d '{
>
    "policy_id": "policy_123",
>
    "test_requests": [
>
      {
>
        "input": "What is my password?",
>
        "context": {"user_id": "user_test"}
>
      }
>
    ]
>
  }'

Rollout Strategies

• Immediate - Deploy to all users now
• Canary - Roll out to 5% → 25% → 100%
• Scheduled - Deploy at specific time

Next Steps

• Setting Up Guardrails - Create guardrails first
• Running Scans - Scan repositories
• API Reference - Policy APIs