Deny or redact payloads that contain customer identifiers and enforce PII tags for downstream processing.

Allow only approved tools (e.g. chat.completions) and block risky tool classes in regulated contexts.

Each decision returns a request_id, reason_code, and bundle identifiers that support evidence collection and incident review.

Rate limiting and monthly limits are enforced before policy evaluation, preventing runaway costs and noisy traffic spikes.