Policy-action catalog
When a request is classified, ThreatLens looks up the policy matrix cell for that data class and resolves an action. This page is the authoritative list of what each action does.
Actions
Listed least to most restrictive.
| Action | Label | What happens |
|---|---|---|
allow | Allow (send as-is) | The request goes to the model unchanged. |
redact | Redact sensitive values, then send | Sensitive spans are masked, then the redacted request is sent. The model never sees the raw values. |
route | Route to an approved destination (else block) | The request is sent only to a destination that meets the required trust tier. If no such destination exists, it is blocked. |
warn | Warn the user and send | The user sees a governance warning, then the request proceeds. |
approval | Require admin approval | The request is held until an approver allows or denies it (exceptions). |
block | Block | The request is stopped. It never reaches any model. |
For most High/Critical classes, the default is route — the content is allowed, but only to a destination you trust (your BYOK enterprise endpoint), never to a public frontier model.
Internet access modes
Independently of the action, each class also carries an internet policy that governs whether the request may use live web/grounding:
| Mode | Label | Meaning |
|---|---|---|
allow | Allow web (as-is) | The request may use web search/grounding normally. |
safe_only | Web via safe query only | A scrubbed, sensitive-data-free query may go to the web — the raw content does not. |
block | No web access | The request may not touch the internet. |
Always-on protections
Two protections are not matrix-tunable — they apply on every tier, regardless of the cell you set:
- Raw secrets and credentials (the Source Code / Secrets class) are always blocked.
- Prompt-injection patterns are always blocked before the request reaches a model.
How the action is chosen
- Content is classified into a data class.
- The matrix cell for that class yields a minimum trust tier, an action, and an internet mode.
- The chosen destination is checked against the minimum trust tier. If it qualifies, the action runs as configured; if it does not,
routefalls back to block. - The outcome — including the action, the destination actually used, and any redactions — is written to the audit record.
In monitor mode, the action is computed and recorded as the intended decision but not enforced; in enforce mode it is applied. See monitor vs enforce.