Skip to Content
Adjusting behavior

Adjusting behavior

Every teammate runs through a 14-stage governance chain before any action reaches an AI provider. You control each stage from the dashboard or the Admin API.

Daily budget

Set a maximum daily spend per teammate, per team, or across your entire organization. When a budget is exhausted, requests are blocked until the next day (UTC midnight reset).

ScopeWhere to set it
Organization-wideSettings > Governance > Daily Budget
Per teamTeams > [team name] > Budget
Per API keySettings > API Keys > [key] > Budget
Per runner sessionConfigured at session creation via the API

Budgets are hierarchical: a per-key budget cannot exceed the team budget, which cannot exceed the org budget.

PII scanning

Every request is scanned for personally identifiable information and secrets before it leaves your network. The scanner checks 33 regex patterns and optionally uses Presidio NER for higher accuracy.

Options:

  • Block (default) — requests containing PII are rejected with a 403 and details of what was detected
  • Redact — PII is replaced with placeholder tokens before the request is forwarded
  • Log only — PII is flagged in the audit log but the request proceeds
  • Disabled — not recommended; turns off scanning entirely

Configure in Settings > Governance > PII Scanning.

Rate limiting

Control how many requests each API key or organization can make per minute. Rate limit headers (RateLimit-Limit, RateLimit-Remaining, RateLimit-Reset) are included in every response.

Default: 100 requests per minute. Adjust in Settings > Governance > Rate Limits.

Human-in-the-loop approvals

Flag requests that exceed a cost threshold or match specific patterns for manual approval before they execute.

How it works:

  1. A request triggers the HITL gate (e.g., estimated cost exceeds $5).
  2. The request is paused and a notification is sent to Slack, Teams, or email.
  3. A human approves or rejects. Approved requests resume; rejected requests return a 403.

Set the cost threshold and notification channel in Settings > Governance > Approvals.

Model selection

Restrict which AI models your team can use. This prevents accidental use of expensive models and enforces compliance requirements.

  • Allowlist — only listed models can be used (e.g., claude-haiku-4-5, gpt-4o-mini)
  • Default model — requests without a model specified use this one
  • Block list — explicitly deny specific models

Configure in Settings > Governance > Model Allowlist.

Content safety and security

Two additional governance stages protect against prompt injection, jailbreak attempts, and data exfiltration:

  • Content Safety — regex-based detection of injection patterns
  • Security Scanner — advanced detection for encoded payloads and exfiltration attempts
  • AI Security Classifier — optional LLM-based false-positive reduction

These are enabled by default. Tune sensitivity in Settings > Governance > Security.

All governance stages

For the complete 14-stage governance chain reference, see Gateway Governance Chain.

AI teammates that ship real workTeammates and roles