DLP

Input data-loss prevention (DLP) runs on the caller's prompt before routeur.ai forwards the request to the upstream provider. Each rule either rewrites a match in place (redact) or stops the request (block). The upstream model never sees the original sensitive value.

Actions

lognon-blocking

Records a match in the trace without modifying the request. Useful while tuning a new rule.

redactrewrites in place

Replaces the matched substring with [REDACTED] before the upstream call. The number of substitutions is reported in routeur.ai.redactions.

warntrace flag

Like log but raises severity on the trace record.

blockstops the request

Returns 403 blocked_by_dlp with the rule name in the message. No upstream call is made.

Example: redact an internal identifier

Bring-your-own pattern. Anything matching the rule is rewritten before the upstream call sees it.

rule

{
  "name":     "project_code_redact",
  "detector": "regex",
  "pattern":  "PROJ-[A-Z0-9]{6}",
  "action":   "redact",
  "severity": "medium",
  "enabled":  true
}

upstream sees

{
  "model": "gpt-4o-mini",
  "messages": [{
    "role": "user",
    "content": "Summarise ticket [REDACTED] for the standup."
  }]
}

Example: block a confidentiality marker

rule

{
  "name":     "confidential_block",
  "detector": "keyword",
  "pattern":  "INTERNAL-ONLY",
  "action":   "block",
  "severity": "high",
  "enabled":  true
}

403application/json

caller response

{
  "error": {
    "code":    "blocked_by_dlp",
    "message": "dlp:confidential_block",
    "type":    "routeur_error"
  }
}

Detector types

regex: caller-supplied regular expression matched against message content.
keyword: literal substring match, case-insensitive.
preset: managed detectors maintained by routeur.ai for common sensitive-data categories. Available presets are listed in the dashboard.

← Routing rules

Output moderation →