Documentation Index
Fetch the complete documentation index at: https://docs.meshai.dev/llms.txt
Use this file to discover all available pages before exploring further.
Policies are governance rules evaluated on every LLM request that flows through the MeshAI proxy. When a request violates a policy, the proxy returns a 403 response and logs an audit event.
Policy Types
| Type | Description | Example |
|---|
model_allowlist | Restrict which models an agent can use | Only allow gpt-4o and claude-sonnet-4-20250514 |
block_provider | Block an entire LLM provider | Block all requests to openai |
require_approval | Require HITL approval before the request proceeds | All production agents need approval |
budget_limit | Enforce a monthly spend cap (USD) | $500/month per agent |
rate_limit | Throttle requests per minute | 60 requests/min |
require_human_review | Flag the agent for periodic human review | High-risk agents reviewed weekly |
Create a Policy
curl -X POST https://api.meshai.dev/governance/policies \
-H "Authorization: Bearer msh_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "production-model-allowlist",
"description": "Only approved models in production",
"policy_type": "model_allowlist",
"config": {
"allowed_models": ["gpt-4o", "claude-sonnet-4-20250514", "gemini-2.0-flash"]
},
"scope": "global",
"enabled": true
}'
{
"success": true,
"data": {
"id": "pol_abc123",
"name": "production-model-allowlist",
"policy_type": "model_allowlist",
"config": {
"allowed_models": ["gpt-4o", "claude-sonnet-4-20250514", "gemini-2.0-flash"]
},
"scope": "global",
"enabled": true,
"created_at": "2026-03-17T10:00:00Z"
}
}
Policy Examples
Block a Provider
curl -X POST https://api.meshai.dev/governance/policies \
-H "Authorization: Bearer msh_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "block-openai",
"policy_type": "block_provider",
"config": { "provider": "openai" },
"scope": "global",
"enabled": true
}'
Require Approval (HITL)
curl -X POST https://api.meshai.dev/governance/policies \
-H "Authorization: Bearer msh_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "production-approval",
"policy_type": "require_approval",
"config": { "environment": "production" },
"scope": "global",
"enabled": true
}'
Budget Limit
curl -X POST https://api.meshai.dev/governance/policies \
-H "Authorization: Bearer msh_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "agent-budget-cap",
"policy_type": "budget_limit",
"config": { "monthly_limit_usd": 500 },
"scope": "agent",
"agent_id": "agt_abc123",
"enabled": true
}'
Rate Limit
curl -X POST https://api.meshai.dev/governance/policies \
-H "Authorization: Bearer msh_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "api-rate-limit",
"policy_type": "rate_limit",
"config": { "requests_per_minute": 60 },
"scope": "global",
"enabled": true
}'
Require Human Review
curl -X POST https://api.meshai.dev/governance/policies \
-H "Authorization: Bearer msh_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "high-risk-review",
"policy_type": "require_human_review",
"config": { "review_interval_days": 7 },
"scope": "agent",
"agent_id": "agt_abc123",
"enabled": true
}'
List Policies
curl https://api.meshai.dev/governance/policies \
-H "Authorization: Bearer msh_YOUR_API_KEY"
Update a Policy
curl -X PATCH https://api.meshai.dev/governance/policies/pol_abc123 \
-H "Authorization: Bearer msh_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "enabled": false }'
Delete a Policy
curl -X DELETE https://api.meshai.dev/governance/policies/pol_abc123 \
-H "Authorization: Bearer msh_YOUR_API_KEY"
What Happens When a Policy Is Violated
When a proxy request violates a policy, the agent receives:
{
"error": "Policy violation: model_allowlist — model 'gpt-3.5-turbo' is not in the allowed list",
"policy_id": "pol_abc123",
"status": 403
}
policy.violated.
