Skip to main content
Policy profiles give you control over how InferenceWall behaves at runtime: which mode it operates in, where the decision thresholds sit, and whether individual signatures are enforced or demoted to monitoring. You configure all of this in YAML — no code changes required.

Default policy

InferenceWall ships with a built-in default policy: 
name: default
version: "2.0.0"
mode: enforce
thresholds:
  inbound_flag: 4.0
  inbound_block: 10.0
  outbound_flag: 3.0
  outbound_block: 7.0
  early_exit: 13.0
signatures: {}
The signatures field is empty by default, meaning all signatures run with their built-in settings.

Enforcement modes

ModeBehavior
monitorAll signatures run and log matches, but the decision is always allow. Nothing is blocked.
enforceSignatures contribute to anomaly scoring. Scans that exceed thresholds return flag or block.

Thresholds

You can override any of the five thresholds in your policy:
ThresholdDescriptionDefaultStrict
inbound_flagScore to flag incoming requests4.02.5
inbound_blockScore to block incoming requests10.07.0
outbound_flagScore to flag outgoing responses3.02.0
outbound_blockScore to block outgoing responses7.05.0
early_exitScore to skip downstream engines13.010.0
The “Strict” column shows values from the built-in strict policy profile, which is appropriate for high-sensitivity deployments.

Per-signature overrides

Use the signatures field to override individual signatures within a policy: 
signatures:
  INJ-D-001:
    action: monitor        # Override to monitor even in enforce mode
    anomaly_points: 3      # Lower the scoring weight
  INJ-D-008:
    action: enforce        # Force enforce even if global mode is monitor
  CS-T-003:
    action: monitor        # Demote this signature to monitor-only

Override precedence

When determining how a signature behaves, InferenceWall applies this order:
  1. Per-signature override — highest priority; always wins.
  2. Global policy mode — applies to all signatures not explicitly overridden.
  3. Signature default action — the default_action field set by the signature author; lowest priority.
This means you can force a single high-value signature to enforce even while running the rest of the pipeline in monitor mode — useful when you want to block only the most dangerous attacks while you calibrate thresholds.
1

Deploy in monitor mode

Set mode: monitor in your policy. InferenceWall will scan all traffic and log every match, but will not block anything. This lets you see what your real traffic looks like without risk.
mode: monitor
2

Observe for 1–2 weeks

Review the logged matches. Look at score distributions, which signatures are firing, and on what content. Identify any signatures that fire frequently on legitimate traffic (false positives).
3

Configure allowlists for false positives

Demote noisy signatures to monitor via per-signature overrides, or raise the relevant thresholds. This brings false positives under control before you start enforcing.
signatures:
  INJ-D-013:
    action: monitor   # Research/Academic Framing — too noisy for this app
4

Flip high-confidence signatures to enforce

Move your highest-severity signatures to action: enforce individually. Start with credential leakage (DL-S-*) and coercive injection (INJ-D-029, INJ-D-030) — these have near-zero false positive rates.
signatures:
  DL-S-001:
    action: enforce
  DL-S-004:
    action: enforce
  INJ-D-029:
    action: enforce
5

Switch global mode to enforce

Once you are satisfied with the false positive rate, set mode: enforce globally. All signatures will contribute to scoring and threshold-based blocking from this point forward.
mode: enforce

Creating a custom policy

Copy the default policy, modify it, and save it to ~/.inferwall/policies/: 
mkdir -p ~/.inferwall/policies
cp $(python -c "import inferwall; print(inferwall.__path__[0])")/policies/default.yaml \
   ~/.inferwall/policies/my-policy.yaml
The pipeline auto-discovers all .yaml files in ~/.inferwall/policies/. To select a policy explicitly — for example in CI/CD or container deployments — set the IW_POLICY_PATH environment variable: 
export IW_POLICY_PATH=~/.inferwall/policies/my-policy.yaml
If IW_POLICY_PATH points to a file that does not exist, the pipeline will fail to start. Verify the path before deploying.
For the full policy customization reference, including all available fields and environment variable overrides, see Custom Policies.