Creating Policies

Policies govern runtime behavior: what happens on violations, budget limits, and artifact integrity. Configure them per deployment via config or apply pre-built enforcement packs.

Policy types

Policies live under pipeline_lock.policies in your deployment config.

1. Violation actions

What happens when schema or feature contract validation fails.

  • on_violationblock | allow_with_warning
  • http_status — Status code when blocked (default 400)
  • response_bodyminimal | full
  • include_violation_context — Include violation details in response
  • emit_event — Log to enforcement audit

2. Budget policies

Request rate, compute limits, retry cost ceiling. Enforced before execution.

  • request_rate_per_minute — Max requests per minute per user/deployment
  • max_compute_per_request_seconds — Max compute seconds per request
  • retry_cost_multiplier_ceiling — Max amplification from retries

3. Preprocess integrity

Verify artifact checksums at worker boot (e.g. sklearn pipelines, tokenizers).

  • enabled — Turn on integrity checks
  • fail_on_mismatch — Fail deployment if checksum mismatch
  • artifacts — Array of {name, type, sha256}

Enforcement packs

Pre-built policy presets. Apply from the dashboard or API.

  • rag-default — RAG: prompt + context, strict schema, block on violation
  • agent-runtime — Agent/tool-calling: messages, tools, warn mode
  • high-risk — Maximum strictness, block, preprocess integrity
  • student-privacy — Block or flag when student PII (name+ID, personnummer, email) is detected. Learn more →
  • cost-sensitive — Budget policies: rate limit, compute limit, retry ceiling

Contextual policy packs

Packs that detect and act on content (PII, student identifiers) rather than schema or contract. Run before the model. Audit events include contextual with detection types and reason codes.

Student Privacy

Dashboard → Deployments → [deployment] → Policies tab → Enforcement packs → Student Privacy → Apply. Then use Try it with a prompt containing student name and ID to see a block.

Code examples

Create policies via CLI, REST API, or Python SDK.

CLI — deploy with policy config

Pass -c or --config with pipeline_lock JSON.

quantlix deploy my-model -c '{
  "pipeline_lock": {
    "contract_version": "1.0",
    "mode": "enforce",
    "schema": {
      "strict": true,
      "input_schema": {
        "type": "object",
        "required": ["prompt"],
        "properties": { "prompt": { "type": "string" } },
        "additionalProperties": false
      }
    },
    "policies": {
      "actions": {
        "on_violation": "block",
        "http_status": 400,
        "include_violation_context": true
      }
    }
  }
}'

CLI — deploy with budget policies

Add budget under policies.budget.

quantlix deploy my-model -c '{
  "pipeline_lock": {
    "contract_version": "1.0",
    "mode": "enforce",
    "schema": { "strict": true, "input_schema": { "type": "object", "properties": { "prompt": { "type": "string" } }, "required": ["prompt"], "additionalProperties": false } },
    "policies": {
      "actions": { "on_violation": "block" },
      "budget": {
        "request_rate_per_minute": 60,
        "max_compute_per_request_seconds": 120,
        "retry_cost_multiplier_ceiling": 2.0
      }
    }
  }
}'

REST API — deploy with config

curl -X POST https://api.quantlix.ai//deploy \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model_id": "my-model",
    "config": {
      "pipeline_lock": {
        "contract_version": "1.0",
        "mode": "enforce",
        "schema": {
          "strict": true,
          "input_schema": {
            "type": "object",
            "required": ["prompt"],
            "properties": { "prompt": { "type": "string" } },
            "additionalProperties": false
          }
        },
        "policies": {
          "actions": { "on_violation": "block" }
        }
      }
    }
  }'

Python SDK — deploy with policy config

from quantlix import QuantlixClient

client = QuantlixClient(api_key="YOUR_API_KEY")

config = {
    "pipeline_lock": {
        "contract_version": "1.0",
        "mode": "enforce",
        "schema": {
            "strict": True,
            "input_schema": {
                "type": "object",
                "required": ["prompt"],
                "properties": {"prompt": {"type": "string"}},
                "additionalProperties": False,
            },
        },
        "policies": {
            "actions": {
                "on_violation": "block",
                "http_status": 400,
                "include_violation_context": True,
            },
        },
    },
}

deployment = client.deploy("my-model", config=config)
print(deployment.deployment_id)

Apply enforcement pack via API

Replace deployment config with a preset pack.

curl -X POST https://api.quantlix.ai//deployments/DEPLOYMENT_ID/apply-pack \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"pack_id": "cost-sensitive"}'

Pack IDs: rag-default, agent-runtime, high-risk, cost-sensitive