Creating Policies
Runtime policies control what AI is allowed to do at runtime: what happens on violations, budget limits, and artifact integrity. Configure them per deployment via config or apply pre-built enforcement packs.
Policy types
Policies live under pipeline_lock.policies in your deployment config.
1. Violation actions
What happens when schema or feature contract validation fails.
on_violation—block|allow_with_warninghttp_status— Status code when blocked (default 400)response_body—minimal|fullinclude_violation_context— Include violation details in responseemit_event— Log to enforcement audit
2. Budget policies
Request rate, compute limits, retry cost ceiling. Enforced before execution.
request_rate_per_minute— Max requests per minute per user/deploymentmax_compute_per_request_seconds— Max compute seconds per requestretry_cost_multiplier_ceiling— Max amplification from retries
3. Preprocess integrity
Verify artifact checksums at worker boot (e.g. sklearn pipelines, tokenizers).
enabled— Turn on integrity checksfail_on_mismatch— Fail deployment if checksum mismatchartifacts— Array of {name, type, sha256}
Runtime decisions
Policies are evaluated at request time. They can block execution, allow with warning, redact sensitive text before provider inference, or stop a request because a budget gate was exceeded.
Allow
The request passes policy and can continue to model, tool, or retrieval execution.
Block
The request stops before inference and records an enforcement event.
Warn
The request continues, but Quantlix records the violation for audit and visibility.
Redact
Sensitive substrings are replaced before downstream model or tool calls.
Enforcement packs
Pre-built policy presets. Apply from the dashboard or API.
- rag-default — RAG: prompt + context, strict schema, block on violation
- agent-runtime — Agent/tool-calling: messages, tools, warn mode
- high-risk — Maximum strictness, block, preprocess integrity
- student-privacy — Block or flag when student PII (name+ID, personnummer, email) is detected. Learn more →
- enterprise-baseline — Secrets-shaped patterns, PAN/IBAN, national IDs, then direct/weak PII handling
- gdpr-data-protection — Personal-data handling controls with redact/block/flag actioning and trace events
- finance-pack — Finance-sensitive prompt controls (PAN/identifier checks + finance-context warnings)
- healthcare-pack — Privacy-sensitive healthcare prompt controls (identifier handling + healthcare-context warnings)
- cost-sensitive — Budget policies: rate limit, compute limit, retry ceiling
Contextual policy packs
Packs that detect and act on content (PII, student identifiers) rather than schema or contract. Run before the model. Audit events include contextual with detection types and reason codes.
Code examples
Create policies via CLI, REST API, or Python SDK.
CLI — deploy with policy config
Pass -c or --config with pipeline_lock JSON.
quantlix deploy my-model -c '{
"pipeline_lock": {
"contract_version": "1.0",
"mode": "enforce",
"schema": {
"strict": true,
"input_schema": {
"type": "object",
"required": ["prompt"],
"properties": { "prompt": { "type": "string" } },
"additionalProperties": false
}
},
"policies": {
"actions": {
"on_violation": "block",
"http_status": 400,
"include_violation_context": true
}
}
}
}'CLI — deploy with budget policies
Add budget under policies.budget.
quantlix deploy my-model -c '{
"pipeline_lock": {
"contract_version": "1.0",
"mode": "enforce",
"schema": { "strict": true, "input_schema": { "type": "object", "properties": { "prompt": { "type": "string" } }, "required": ["prompt"], "additionalProperties": false } },
"policies": {
"actions": { "on_violation": "block" },
"budget": {
"request_rate_per_minute": 60,
"max_compute_per_request_seconds": 120,
"retry_cost_multiplier_ceiling": 2.0
}
}
}
}'REST API — deploy with config
curl -X POST https://api.quantlix.ai//deploy \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"model_id": "my-model",
"config": {
"pipeline_lock": {
"contract_version": "1.0",
"mode": "enforce",
"schema": {
"strict": true,
"input_schema": {
"type": "object",
"required": ["prompt"],
"properties": { "prompt": { "type": "string" } },
"additionalProperties": false
}
},
"policies": {
"actions": { "on_violation": "block" }
}
}
}
}'Python SDK — deploy with policy config
from quantlix import QuantlixClient
client = QuantlixClient(api_key="YOUR_API_KEY")
config = {
"pipeline_lock": {
"contract_version": "1.0",
"mode": "enforce",
"schema": {
"strict": True,
"input_schema": {
"type": "object",
"required": ["prompt"],
"properties": {"prompt": {"type": "string"}},
"additionalProperties": False,
},
},
"policies": {
"actions": {
"on_violation": "block",
"http_status": 400,
"include_violation_context": True,
},
},
},
}
deployment = client.deploy("my-model", config=config)
print(deployment.deployment_id)Apply enforcement pack via API
Replace deployment config with a preset pack.
curl -X POST https://api.quantlix.ai//deployments/DEPLOYMENT_ID/apply-pack \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"pack_id": "cost-sensitive"}'Pack IDs: rag-default, agent-runtime, high-risk, student-privacy, enterprise-baseline, gdpr-data-protection, finance-pack, healthcare-pack, cost-sensitive
Common questions
What happens when a policy blocks?
Quantlix stops the request before inference, returns the configured response, and records an enforcement event so the decision is auditable.
How do budget gates relate to billing?
Budget gates are runtime controls that prevent runaway usage. Billing still depends on your Quantlix plan and the external providers or infrastructure you use.