Policy Reference

Keypost supports 17 policy types organized into 6 categories. Policies are evaluated in order and can be combined for layered protection.

How policies work

When a request arrives, Keypost evaluates all policies attached to that Keypost. The request is allowed only if all policies pass. A single deny stops the request.

Request → Policy 1 (pass) → Policy 2 (pass) → Policy 3 (deny) → BLOCKED

Policy categories

Access

Policy	Description
Allow	Explicitly allow specific tools
Deny	Block specific tools entirely

Constraints

Policy	Description
Parameters	Validate and constrain parameter values
Schedule	Time-based access windows
Geo	Geographic restrictions
Environment	Different rules per environment
Requires	Dependency on prior tool calls

Rate Limits

Policy	Description
Throttle	Limit calls per time window
Quota	Daily/monthly usage caps

Data Protection

Policy	Description
DLP	Block or redact sensitive data patterns
Field Redaction	Remove specific fields from audit logs
Response DLP	Scrub sensitive data from responses

Cost Control

Policy	Description
Budget	Track and limit spend
Reuse	Cache responses to avoid duplicate calls

Compliance

Policy	Description
Approval	Require human approval for sensitive ops
Audit	Enhanced logging for compliance

Creating policies

From your Keypost dashboard:

Select a Keypost
Click Add Policy
Choose a template or start from scratch
Configure the policy settings
Save and activate

Policies take effect immediately. No restart required.