Policy Rules
Rules let you control what can and can't flow through the gateway.
Creating rules​
Dashboard → Rules → Add Rule
Rule types​
Keyword block​
Block any request containing a word or pattern:
{
"name": "Block competitor mentions",
"type": "keyword_block",
"pattern": "competitor|rival_product",
"action": "block"
}
Prompt injection detection​
Autrace scans for common jailbreak patterns (DAN, ignore-previous-instructions, role-play bypass, etc.). Enable in Dashboard → Rules.
Rate limiting​
Limit tokens per key per hour:
{
"name": "Hourly token limit",
"type": "rate_limit",
"limit_tokens_per_hour": 50000
}
Default rules​
When you create an account, Autrace sets up sensible default rules:
- PII detection (redact)
- Basic prompt injection detection
- Request size limit (32KB)
You can view and modify these in Dashboard → Rules.