Policy Packs
Apply, simulate, and customize NjiraAI policy packs for your agent.
Overview
Policy packs are rule sets that define what NjiraAI blocks, modifies, or allows. Each pack contains rules with match patterns, actions, and severity levels.
NjiraAI ships with starter packs for common risks. You can use them as-is or customize them via the Console.
Starter packs
| Pack | What it protects | Key rules |
|---|---|---|
pii-guard |
Personal data leakage | SSN patterns, credit card numbers, email exfiltration |
tool-safety |
Destructive operations | DROP/DELETE SQL, shell commands, file system writes |
high-risk-actions |
Financial/credential risks | Wire transfers, crypto payments, high-value transactions |
Apply a policy pack
Option 1: Via the Console
- Log in to the NjiraAI Console
- Navigate to Policies
- Browse available packs and click Activate on the ones you want
- Active policies take effect immediately
Option 2: Specify via header
Override the active policy for a single request using the X-Policy-Id header:
curl https://gateway.njira.ai/v1/chat/completions \
-H "Authorization: Bearer nj_live_YOUR_KEY" \
-H "X-Policy-Id: pii_guard" \
-H "Content-Type: application/json" \
-d '{"model":"gpt-5.2","messages":[{"role":"user","content":"test"}]}'
Policy format
Policies are defined in YAML. Here is the structure:
id: my_custom_policy
version: "1.0.0"
description: |
My custom policy pack — describe what it does.
rules:
- id: block_example
type: pattern # pattern, regex, hazard, or threshold
match: "dangerous text"
action: BLOCK # ALLOW, BLOCK, or MODIFY
reason: "Explanation of why this is blocked"
severity: critical # critical, high, medium, low
metadata:
author: your-team
category: security
last_updated: "2026-01-01"
Rule types
| Type | Description | Example match |
|---|---|---|
pattern |
Exact substring match (case-insensitive) | "wire transfer" |
regex |
Regular expression | "\\d{3}-\\d{2}-\\d{4}" |
hazard |
Hazmat scanner category | "prompt_injection" |
threshold |
Numeric threshold | "pay" with threshold: 1000 |
Actions
| Action | Behavior |
|---|---|
BLOCK |
Reject the request with 403 |
MODIFY |
Sanitize/redact and forward (requires suggestion field) |
ALLOW |
Forward unchanged |
Simulate a policy
Test policy rules against sample inputs without affecting live traffic. Use the Simulate feature in the Console:
- Navigate to Policies → Simulate
- Select a policy pack
- Enter test inputs and view the expected verdicts
You can also simulate via the API:
curl -s https://api.njira.ai/v1/govern \
-H "Authorization: Bearer nj_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"input": "My SSN is 123-45-6789",
"tool_name": "test_tool",
"policy_id": "pii_guard"
}' | jq '{action, reason_code, reason_text}'
Expected output
{
"action": "BLOCK",
"reason_code": "PII_DETECTED",
"reason_text": "SSN pattern (XXX-XX-XXXX) detected"
}
Create a custom policy pack
- In the NjiraAI Console, navigate to Policies → Create
- Define your policy in YAML format:
id: my_pack
version: "1.0.0"
description: "Custom policy for my agent"
rules:
- id: block_internal_urls
type: regex
match: "https?://internal\\."
action: BLOCK
reason: "Internal URL access blocked"
severity: high
metadata:
author: my-team
category: custom
last_updated: "2026-01-01"
- Click Save — the policy is active immediately
- Use Simulate to test it against sample inputs before enabling enforcement
Verify
# Check loaded policies via API
curl -s https://api.njira.ai/v1/sdk/policies \
-H "Authorization: Bearer nj_live_YOUR_KEY" | jq '.policies[].id'
Success criteria
| Check | Expected |
|---|---|
| Starter packs appear in Console under Policies | ✅ |
| Custom policy appears after creation | ✅ |
| Simulation returns expected verdicts | ✅ |
Next steps
- Policy Management — manage lifecycle via Console or API key
- Shadow → Enforce — test with real traffic in shadow mode
- Troubleshooting — common issues