Control Mode
This view is currently read-only and non-operational for mutation actions. Any control interaction is a no-op until backend mutation endpoints are implemented.
Security Inspection
Inspect prompt injection posture and policy contract for block, warn, sanitize, and safer-route actions.
Scope source: env
Injection Classification Policy
{
"mode": "operational",
"policy": {
"classification_threshold": "medium",
"default_action": "warn",
"fail_closed": true
},
"scope": {
"TenantID": "11111111-1111-1111-1111-111111111111",
"OrgID": "org-runtime-smoke",
"ActorSub": "smoke-user",
"ClaimsVersion": "v1"
},
"source": "proxy_security_runtime"
}Action Policy
{
"actions": {
"allow": "allow_clean_pass_through",
"block": "deny_request_fail_closed",
"safer_route": "route_to_safer_tier_with_audit",
"sanitize": "sanitize_then_route_with_audit",
"warn": "allow_with_warning_and_audit"
},
"mode": "operational",
"scope": {
"TenantID": "11111111-1111-1111-1111-111111111111",
"OrgID": "org-runtime-smoke",
"ActorSub": "smoke-user",
"ClaimsVersion": "v1"
},
"source": "proxy_security_runtime"
}Safer-Route Policy
{
"mode": "operational",
"policy": {
"enabled": true,
"fallback_model_tier": "gpt-4o-mini",
"fallback_provider": "openai"
},
"scope": {
"TenantID": "11111111-1111-1111-1111-111111111111",
"OrgID": "org-runtime-smoke",
"ActorSub": "smoke-user",
"ClaimsVersion": "v1"
},
"source": "proxy_security_runtime"
}Action Matrix
{
"block": "deny request and emit security event",
"warn": "allow with warning event and audit marker",
"sanitize": "apply sanitization path before provider request",
"safer-route": "route to approved safer provider/model tier"
}Security API Mapping
- GET /v1/security/policies/injection
- GET /v1/security/policies/actions
- GET /v1/security/policies/safer-route
- Event stream: /admin/security/events
- Threat scoring: /admin/security/threats
Navigate to Security Events and Threat Scores.