POLICY ENGINE

Composable policy, enforced at runtime.

Block, redact, modify or require: write rules once in CEL and the gateway evaluates every prompt, completion and tool call inline, in milliseconds.

CEL policy language~41ms inline4 actions
app.roder.ai/security/policies
Composable security policies
Secret redactedegress blocked · 41ms
200 allowedlive · streaming
See it work

Write a rule. It governs every request.

Compose conditions on identity, content and destination, then watch them allow, redact and block in real time.

Live decisions

Every prompt evaluated against your active policies: allow, redact or block.

Coverage

Policies apply across every model and MCP server behind the gateway.

Policy as code

Manage, version and ship policies from your terminal or pipeline.
app.roder.ai/security/traffic
Blocked requests
Trifecta detections
# manage policies from your terminal or CI
$ roder policy list
  block-secrets  enabled
  pii-redact     enabled
  eng-budget     require_approval
$ roder policy push ./rules.cel
✓ signed · published · transparency-log #4821
$ roder logs tail --decision=block
18:03:51 gpt-5 · blocked · secret in prompt
Composable rules

Block, redact, modify, require.

Express policy in CEL as conditions on principal, content and destination. Ship signed rule-packs through CI; every change lands in a transparency log.

  • Block secrets and PII before they ever leave
  • Redact, modify or require approval, beyond plain allow or deny
  • Ed25519-signed rule-packs with a transparency log
# CEL policy: evaluated inline on every request
rule "block-secrets":
  when: content.secret || content.pii.any
  action: redact  # block · redact · modify · require
rule "eng-budget":
  when: team == "eng" && spend > budget
  action: require_approval
evaluated in ~41ms · logged · signed
Capabilities

Everything a policy can do.

Composable CEL rules

Conditions on identity, content, destination and cost, combined however you need.

Four actions

Block, redact, modify or require approval. Granular control beyond allow or deny.

Real-time DLP

PII and secrets detected and scrubbed inline across LLM and MCP traffic.

Injection defense

Prompt-injection, jailbreak and lethal-trifecta patterns blocked at the edge.

Signed and versioned

Ed25519-signed rule-packs, shipped through CI with a transparency log.

Compliance Packs

Prebuilt policy sets for GDPR, EU AI Act, DORA, NIS2 and EHDS.

app.roder.ai/security/pspm
Principals
Principal detail
Click any principalrisk · trust · policies
Context-aware

Policies that know who's asking.

Every rule can branch on the principal (human, agent or MCP server) and the risk it carries. Open any caller to see the policies it triggers.

  • Per-principal policy branching
  • Continuous risk scoring feeds every decision
  • Least-privilege enforced right at the gateway
CEL
composable policy language
4
enforcement actions
~41ms
inline evaluation
7-yr
immutable audit trail
Sovereign by design

Every policy governed in the EU.

EU-hosted SaaS, your own cloud, or fully air-gapped. Engineered against the regulations your auditors actually ask about.

GDPR·EU AI Act·DORA·NIS2·ISO 27001·SOC 2 Type II

Put every AI request under policy.

Spin up an EU-hosted trial in under an hour, or talk to the team that built it.