Skip to main content
Policies separate detection configuration from detection logic. Instead of changing code to raise a block threshold or demote a noisy signature to monitor-only, you edit a YAML file. InferenceWall auto-discovers policy files at startup, so changes take effect on the next restart without any package modification.
1

Copy the default policy

mkdir -p ~/.inferwall/policies
cp $(python -c "import inferwall; print(inferwall.__path__[0])")/policies/default.yaml \
   ~/.inferwall/policies/my-policy.yaml
This gives you the exact policy that ships with InferenceWall as a starting point, with all five thresholds and an empty signatures map.
2

Edit thresholds, mode, and per-signature overrides

Open ~/.inferwall/policies/my-policy.yaml and modify the values you want to change:
name: my-policy
version: "1.0.0"
mode: monitor                   # Start in monitor mode

thresholds:
  inbound_flag: 6.0             # Raise flag threshold to reduce noise
  inbound_block: 12.0           # Raise block threshold
  outbound_flag: 4.0
  outbound_block: 8.0
  early_exit: 15.0

signatures:
  INJ-D-001:
    action: enforce             # Force-enforce this signature even in monitor mode
    anomaly_points: 12          # Increase weight
  CS-T-003:
    action: monitor             # Demote to monitor-only
3

Point InferenceWall at your policy

Drop the file into ~/.inferwall/policies/ and InferenceWall will auto-discover it on the next startup. To explicitly select a specific file, set IW_POLICY_PATH:
export IW_POLICY_PATH=~/.inferwall/policies/my-policy.yaml
IW_POLICY_PATH is useful in CI/CD pipelines or container deployments where you want deterministic policy selection rather than auto-discovery.

Policy YAML fields

Top-level fields

FieldTypeDescription
namestringHuman-readable policy name for logging and audit events
versionstringSemVer string; increment when you make changes
modemonitor | enforceGlobal enforcement mode (see below)
thresholdsobjectFive scoring thresholds (see below)
signaturesmapPer-signature overrides keyed by signature ID

Thresholds

ThresholdDescriptionDefaultStrict
inbound_flagScore to flag an incoming request4.02.5
inbound_blockScore to block an incoming request10.07.0
outbound_flagScore to flag an outgoing response3.02.0
outbound_blockScore to block an outgoing response7.05.0
early_exitScore at which downstream engines are skipped13.010.0

Enforcement modes

ModeBehavior
monitorAll signatures run and log matches, but no blocking or flagging actions are taken
enforceSignatures contribute scores to threshold comparisons and trigger flag or block decisions

Per-signature overrides

Override individual signatures within the signatures map: 
signatures:
  INJ-D-001:
    action: monitor        # Override to monitor even in global enforce mode
    anomaly_points: 3      # Lower scoring weight for this signature
  INJ-D-008:
    action: enforce        # Force enforce even in global monitor mode
FieldValuesDescription
actionenforce, monitorOverrides the global mode for this specific signature
anomaly_points115Overrides the signature’s default scoring weight

Override precedence

When multiple sources could set a signature’s action, InferenceWall resolves them in this order (highest wins):
  1. Per-signature overridesignatures.<ID>.action in the policy file
  2. Global policy mode — the top-level mode field
  3. Signature default actiontuning.default_action in the signature YAML

Environment variable

export IW_POLICY_PATH=~/.inferwall/policies/my-policy.yaml
When set, InferenceWall loads exactly this file and skips auto-discovery. When unset, it discovers all .yaml files in ~/.inferwall/policies/.

Auto-discovery

Drop any .yaml file into ~/.inferwall/policies/ and InferenceWall will pick it up on the next startup. Use this when managing multiple policy profiles (e.g., strict.yaml, permissive.yaml) and switching between them by setting IW_POLICY_PATH.
Recommended rollout workflowRoll out new policies gradually to avoid unexpected blocking in production:
1

Deploy in monitor mode

Set mode: monitor. All signatures run and log matches, but no requests are blocked.
2

Observe logged matches

Watch the scan logs for 1–2 weeks. Identify which signatures fire most often and which generate false positives.
3

Allowlist false positives

For signatures that fire on known-benign traffic, set action: monitor in the per-signature overrides.
4

Enforce high-confidence signatures individually

Flip signatures you trust to action: enforce one at a time, monitoring the effect of each change.
5

Switch global mode to enforce

Once you’re confident in the policy, set mode: enforce to activate blocking globally.

Further reading

Policy concepts

How InferenceWall resolves policies, applies overrides, and manages the policy lifecycle.

Scoring concepts

The anomaly scoring model: confidence weighting, diminishing corroboration, and threshold math.