Policy engine
The deployer policy is the centrepiece of every Meridian Blue tenant. It declares which models are eligible, which purposes are allowed, what the safety-score floor is, and which signers stand behind those decisions. The router enforces the policy fail-closed and cites the version on every refusal.
Policy API
| Method | Path | Purpose |
|---|---|---|
GET | /api/v1/policies | List policies for the tenant. |
GET | /api/v1/policies/active | Fetch the currently-active policy + its signature. |
POST | /api/v1/policies | Publish a new policy version (admin / owner only). |
POST | /api/v1/policies/:id/sign | Add a signer to a draft policy. |
GET | /api/v1/policies/:id/history | Version history with signer + sign-time. |
Templates
Built-in templates make it cheap to start: internal_productivity, customer_support, eu_bank (DORA-aligned), healthcare (MDR-aligned), law_enforcement. Each template ships with a sensible log_level, retention window, and risk-tier defaults. Pick one, then customise.
Evaluation order
- Risk classification (Article 5 prohibited / Annex III high).
- Provider whitelist gate (model is from an allowed provider).
- Free-tier vs paid model access gate.
- Maximum chain length cap.
- Minimum safety score filter (S13.4).
- Required-fields gate (high-risk →
purpose+user_consent_id).
Policy attribution
Every refusal carries policy_attribution in the error body — the signed policy version that demanded the refusal and the signer identities. This is what your legal team takes to a regulator if the refusal is ever questioned.
{
"error": { "code": "policy_safety_filter_empty", /* ... */ },
"policy_attribution": {
"policy_id": "6531a9...",
"policy_version": 42,
"signed_by": ["[email protected]", "[email protected]"],
"signature": "sha256:...",
"effective_date": "2026-04-01T00:00:00.000Z"
}
}minimum_safety_score
Setting minimum_safety_score on the policy filters the routing pool to models whose declared safety score (from the GPAI evaluation registry) is at or above the threshold. Models without a registry entry are removed too — fail-closed. If the filter empties the chain entirely, the request is rejected with 403 policy_safety_filter_empty.