| Policy type | Lives at | Consumed by | Customer-facing? |
|---|---|---|---|
| Combined / Agnes policy | /protection/policies | The POST /api/v1/analyze/ endpoint. | Yes — most users only ever touch this. |
| YARA policy | /protection/yara-policies | The YARA analyzer. | Yes — opt in if you author your own rules. |
| SDP policy | /protection/sensitive-data | The Sensitive Data analyzer. | Yes — required to fine-tune which info types are inspected. |
| Safety policy | /protection/safety-moderation | The Safety & Responsible AI analyzer. | Yes — opt in for custom guidelines beyond the default. |
How they fit together
A combined policy is the only thing your code refers to at request time. It in turn names the supporting policies (YARA / SDP / safety) it wants to run with, either inline as analyzer parameters or as request-level overrides on theanalyze call.
Combined / Agnes policies
The hero policy. Defines theexecution_plan, the ordered analyzer
steps, and the termination rules that decide whether a run blocks.
- Read The Agnes Analyzer for the schema and execution semantics.
- Read Agnes policies for CRUD, slugs, and versioning.
- Built-in fixtures:
default-inbound,default-outbound,default-permissive.
YARA policies
YARA is the rule engine you use to encode your business’s specific threat patterns — leaked source code shapes, internal codenames, known prompt injection idioms, etc. Agnes lets you create individual YARA rules and group them into a YARA policy so a single combined policy can target a specific subset of rules.- Read YARA rules and policies.
- A YARA policy is essentially
(name, ordered list of YARA rule IDs). - The combined policy points at one via the
yara_policy_idparameter on theyaraanalyzer (or via the request-levelyara_policy_idoverride).
SDP policies
SDP (Sensitive Data Protection) is Agnes’s wrapper around Google Cloud DLP. An SDP policy bundles an inspection configuration (which info types to detect, at what likelihood) with a de-identification configuration (how to mask findings). Agnes ships several defaults:| Default | Detects | Redacts as |
|---|---|---|
| General PII Redaction | EMAIL_ADDRESS, PHONE_NUMBER, PERSON_NAME, LOCATION, DATE_OF_BIRTH, IP_ADDRESS, URL, AGE | [REDACTED] |
| Financial Data Masking | CREDIT_CARD_NUMBER, IBAN_CODE, SWIFT_CODE, U.S. routing / account numbers | Asterisks |
| Healthcare PHI Protection | Medical record numbers, NPI / DEA, ICD-9 / 10 codes, FDA codes, HIPAA beneficiary IDs, blood type | Replaced with the info type label |
| Government ID Protection | SSN, passport, driver’s license, ITIN, ATIN | Asterisks |
| Credential & Secret Detection | AUTH_TOKEN, BASIC_AUTH_HEADER, PASSWORD, GCP API keys / credentials, signed URLs | Fully redacted |
- Read SDP policies.
Safety policies
A safety policy is the prompt text Agnes feeds to ShieldGemma when it acts as the LLM-as-judge. It defines the categories of content you consider unsafe, with category-specific guidelines. The shipped “Default Safety Policy” covers the standard categories (harmful content, hate speech, harassment, sexual content, misinformation, illegal content, privacy violations).- Read Safety policies.
- Custom safety policies are appropriate when your industry has tighter guidelines (e.g. healthcare advice safety, child-directed media, professional contexts).
Choosing what to author
If you are just getting started:- Use the shipped
default-inboundanddefault-outboundcombined policies as-is. They reference a sensible default SDP policy and the default safety policy. - Watch the Analysis log for a few days. Are you seeing false positives? Missing real attacks?
- Tighten what’s noisy: clone the default combined policy and adjust thresholds before you write any custom YARA / SDP / safety policies.
- Reach for YARA when you have business-specific patterns Agnes’s ML analyzers do not see.
- Reach for custom SDP when the default info type set is wrong for your domain (e.g. you actually expect SSNs and want to allow them).
- Reach for custom safety policies when the default category list does not match your product’s tone (educational, creative, strict).