On this page
Gateway and Policy
The AIF gateway is the application-facing execution boundary. It receives inference requests, resolves execution context, applies policy, renders prompt material, routes providers, and records audit evidence.
Gateway Responsibilities
- normalize request input
- resolve provider and model intent
- call policy before execution
- render governed prompts
- invoke the provider
- evaluate the response where configured
- return a consistent response object or REST envelope
- emit audit evidence
Policy Decisions
Policy should be able to return clear decisions:
| Decision | Meaning |
|---|---|
| allow | Execute the request. |
| deny | Block execution and return a governed error. |
| modify | Adjust provider, model, prompt, or limits before execution. |
| review | Require human review before or after execution. |
Example Policy Questions
- Is this user allowed to run this AI capability?
- Is this provider allowed for this workspace?
- Does the prompt contain sensitive data?
- Does the task require human review?
- Is the output permitted to enter a workflow automatically?
Keep these questions in policy contracts, not scattered through UI pages.