PalveronPalveronDocs
User Handbook

Enforcement Actions in Detail

The four enforcement actions and when to use which

BLOCK — Hard Block

Request immediately stopped (HTTP 403). Trace saved with "BLOCKED" decision. Blockchain attestation always active (cannot be disabled). Use for: Prohibited content, privacy violations, Art. 5-relevant requests.

APPROVAL — Require Approval

Request paused (HTTP 202). Approval authority notified. Request processed only after approval or stopped after denial. Blockchain attestation always active. Use for: Critical actions requiring human judgment. Financial transactions above a threshold.

ANONYMIZE — Mask PII

Sensitive data replaced by placeholders (e.g., [email protected][EMAIL-REDACTED]). Request continues with masked data. Original content stored in trace (for audit). Use for: GDPR compliance when the agent should still respond.

FLAG — Passive Marking

Request passes unchanged. Marked as governance_flagged: true in the trace. Appears in monitoring dashboard. Use for: Observation phase for new policies. Shadow monitoring before enforcing.

Two-Pass PII Detection

The ANONYMIZE action automatically uses two-pass PII detection:

  1. Pass 1 (Regex, under 1ms): Emails, phone numbers, IBANs, SSNs, credit card numbers.
  2. Pass 2 (AI-based, ~200ms): Contextual PII detection — e.g., "The customer is Max Mustermann and lives at 12 Example Street."

Create a Guardrail

Create guardrails in natural language with the NL Policy Builder — or write the rule yourself.

System Guardrails

The four built-in protection guardrails — understand and customize

On this page

BLOCK — Hard BlockAPPROVAL — Require ApprovalANONYMIZE — Mask PIIFLAG — Passive MarkingTwo-Pass PII Detection