Write a policy without writing YAML.

Pick typed detectors, drop in an industry bundle, test against real documents, push it live with a click. This is where security and compliance teams write the rules that govern every AI request.

Typed detectors. Real defaults. No regex on day one.

Each rule is a typed detector with a typed config cell: chips for keywords, sliders for thresholds, checkboxes for card networks. Add a rule with a click, toggle its action with a button. YAML stays under the hood unless you want it.

The Policy Workbench rule table for Northwood Health Group's 'Clinical workflows' policy. A 'Hybrid detection (regex + ML)' note sits above a quick-add row of detector pills. The rules table below lists each rule with its detector, a typed configuration cell, an allow / warn / redact / block / escalate action toggle, a Principle column that tags some rules with a governance principle (Traceability, Data Stewardship), and a delete button. The rules run from jailbreak and pasted-credential blocks, through provincial health-card, SIN, date-of-birth, passport, email, phone, and payment-card redactions, to clinical-terminology warnings. Several rows carry an 'ML' pill for the on-device NER detectors. The page header shows the version chip, when it was last edited, and Save / Activate buttons.
Workbench rule table for a clinical-data policy. The pill bar surfaces the common detectors; the Advanced (YAML) disclosure stays closed unless you want it.
  • Typed detector catalog

    Checksum-validated identifiers (credit card, IBAN, SIN), cloud secrets across 22+ providers, PII, healthcare terminology and codes, network addresses, jailbreak phrases, and custom regex with live compile-check. Every detector is anchored to a primary source: vendor docs, ISO standards, government data dictionaries.

  • Typed configuration cells

    A keyword detector renders a chip input; an entropy detector, a slider; a credit-card detector, network checkboxes. The regex escape hatch has a live compile-check.

  • Plain-English rule explainer

    Every rule renders a one-sentence English summary a compliance reviewer can read: “Block any request containing a Canadian SIN matching a Luhn checksum,” not a YAML stanza.

  • Version history

    Every save is a new immutable version. Preview, activate, or copy any past version from the header dropdown. Rollback is one click on yesterday’s row.

  • Governance principle tags

    Tag a rule with the principle it serves: Traceability, Bias Mitigation, or Data Stewardship. Descriptive only, but carried into the audit trail, so an auditor can trace an enforced action back to its principle.

Pre-built rule sets for the regulations your industry already maps to.

46 bundles, merged into the draft in a click: Canadian and US PII, PCI-DSS, banking (OSFI), provincial health packs (PHIPA, RAMQ, AHCIP, BC MSP), solicitor–client privilege, client financials, HR, source-code exfiltration, secret tokens, jailbreak guard. Overlapping detectors merge at compile time; nothing applies twice.

The Bundle library drawer open over Northwood Health Group's Policy Workbench, filtered to Healthcare. Filter rows for industry, region, regulation, and detection type sit above a search field. The nine matching bundles show as cards in a grid: the 'Canadian PII (PIPEDA)' and 'US PII baseline' base packs, the provincial health packs for Ontario (PHIPA), Québec (RAMQ), Alberta (AHCIP), and British Columbia (BC MSP), a US HIPAA pack, and two on-device-ML packs, 'Free-text PII (ML)' and 'Clinical free-text (ML)'. Each card shows its rule count, a one-line summary, the detectors it includes as chips (Canadian SIN, date of birth, OHIP number, medical / HIPAA term, ICD / CPT code, and more), an 'Extends' line where it builds on a base pack, and an 'Add to draft' action.
The bundle library. Filter by industry or region, inspect what each bundle inherits, apply with a click.

Three modes. Same policy. Verify before you ship.

Test a draft against a paste, a document, or a folder before it goes live. The simulator runs the same engine as the gateway: what you see is what real traffic gets.

Paste a prompt. See the decision.

Paste a prompt, click Test. The result card shows the decision, the rule hits with offsets, and the diff if redaction fired. Preset pills seed a credit card, a SIN, a jailbreak attempt.

The simulator's Quick test tab, full width. On the left, a Plain text / JSON request-body toggle and a row of sample-prompt chips sit above a textarea holding a clinical prompt with an OHIP number, a date of birth, a payment card, and a working diagnosis. On the right, the result card shows a 'Redact' decision, noting that matched values are scrubbed before the upstream provider sees them, followed by per-rule hit cards for the OHIP number, date of birth, phone number, and payment card. Each hit shows the reason shown to the caller and the matched span, with a link to open the rule in the editor.
Quick test: paste a prompt, run it against the draft, and read the decision with its per-rule hits.

Drop a long-form file. Get an annotated render.

PDF, DOCX, plaintext, Markdown, JSON, CSV. Every detector hit is highlighted inline beneath an aggregate worst-wins decision. The annotated render downloads as standalone HTML for legal review.

Drop a folder. Get a per-file report.

Drag in a folder or zip. The summary table shows the decision and hit counts per file; any row opens that file’s annotated render, and the batch downloads as a zip. Zip-bomb limits enforced.

Generate a policy from your data.

Drop in a representative corpus. The synthesizer runs every catalog detector across it and proposes a draft policy with default actions per detected category. Toggle, Apply, done.

The 'Generate from corpus' synthesizer drawer. A recommendation table lists each detector the corpus triggered with a hit count, a masked sample, and a suggested-action dropdown. Rows include email address, phone number, date of birth, Canadian postal code, credit card number, IBAN, OHIP number, OpenAI API key, and Canadian SIN; a jailbreak-phrase row is flagged as already in the draft. Below the table, a line notes which free-text detectors run on the on-device ML engine and so are not measured in synthesis, and an 'Apply to draft' button commits the selected rows.
Synthesizer: drop a corpus, get a draft policy you can review and tighten.
  • In-memory processing

    Uploaded corpus bytes are processed in memory only. No filenames, no content, no content hashes are persisted. The audit row records the file count, total bytes, and the detector-hit histogram. Nothing else.

  • Per-category default actions

    All "secrets" detectors default to block. PII identifiers default to redact. Advisory detectors (jailbreak phrases, dosage numbers, location names) default to warn. Operator reviews and tightens before activation.

  • Synthesized rules land as drafts

    The synthesizer never activates a policy. The output is a new draft version that an operator reviews in the rule table, edits if needed, and activates with the standard one-click flow.

Want to see this on your own traffic?
30-day pilot, written criteria.

A pilot is the fastest way to see the Workbench against your actual prompts. We agree the criteria in writing before day one and evaluate factually against those criteria.

contact@mandateco.ca  ·  1-905-630-1908