NjiraAI — The safety layer for tool-using AI agents

Overview

Policy packs are YAML files that define what NjiraAI blocks, modifies, or allows. Each pack contains rules with match patterns, actions, and severity levels.

NjiraAI ships with starter packs for common risks. You can use them as-is or customize them.

Starter packs

Pack	What it protects	Key rules
`pii-guard`	Personal data leakage	SSN patterns, credit card numbers, email exfiltration
`tool-safety`	Destructive operations	DROP/DELETE SQL, shell commands, file system writes
`high-risk-actions`	Financial/credential risks	Wire transfers, crypto payments, high-value transactions

Apply a policy pack

Option 1: Copy to policies directory

# Copy a starter pack to the active policies directory
cp -r policies/starter/pii-guard policies/pii_guard_custom

# Restart Intelligence to pick up new policies
make up-all

Option 2: Specify via header

curl http://localhost:8080/v1/chat/completions \
  -H "Authorization: Bearer nj_live_dev_key_12345" \
  -H "X-Policy-Id: pii_guard" \
  -H "Content-Type: application/json" \
  -d '{"model":"gpt-4o","messages":[{"role":"user","content":"test"}]}'

Policy format

id: my_custom_policy
version: "1.0.0"
description: |
  My custom policy pack — describe what it does.

rules:
  - id: block_example
    type: pattern          # pattern, regex, hazard, or threshold
    match: "dangerous text"
    action: BLOCK          # ALLOW, BLOCK, or MODIFY
    reason: "Explanation of why this is blocked"
    severity: critical     # critical, high, medium, low

metadata:
  author: your-team
  category: security
  last_updated: "2026-01-01"

Rule types

Type	Description	Example match
`pattern`	Exact substring match (case-insensitive)	`"wire transfer"`
`regex`	Regular expression	`"\\d{3}-\\d{2}-\\d{4}"`
`hazard`	Hazmat scanner category	`"prompt_injection"`
`threshold`	Numeric threshold	`"pay"` with `threshold: 1000`

Actions

Action	Behavior
`BLOCK`	Reject the request with 403
`MODIFY`	Sanitize/redact and forward (requires `suggestion` field)
`ALLOW`	Forward unchanged

Simulate a policy

Run policy fixtures to verify expected verdicts without live traffic:

# Run all starter pack fixtures
python -c "
import json

fixtures = json.load(open('policies/starter/pii-guard/fixtures.json'))
for case in fixtures:
    print(f\"{case['input'][:50]:50s} → expected: {case['expected_action']}\")
"

Expected output

My SSN is 123-45-6789                              → expected: BLOCK
My credit card is 4111-1111-1111-1111               → expected: BLOCK
What is the weather today?                          → expected: ALLOW

Create a custom policy pack

Create a directory under policies/:

mkdir -p policies/my_pack

Create latest.yaml:

id: my_pack
version: "1.0.0"
description: "Custom policy for my agent"

rules:
  - id: block_internal_urls
    type: regex
    match: "https?://internal\\."
    action: BLOCK
    reason: "Internal URL access blocked"
    severity: high

metadata:
  author: my-team
  category: custom
  last_updated: "2026-01-01"

Create v1.yaml (copy of latest.yaml for versioning)
Restart Intelligence to load:

make up-all

Verify

# Check loaded policies via health/debug endpoint
curl -s http://localhost:8081/v1/policies \
  -H "Authorization: Bearer nj_live_dev_key_12345" | jq '.policies[].id'

Success criteria

Check	Expected
Starter packs exist in `policies/starter/`	✅
Custom policy loads after restart	✅
Fixture simulation outputs match expected actions	✅

Next steps

Shadow → Enforce — test with real traffic in shadow mode
Troubleshooting — common issues

Policy Packs