Firewall Coverage
This page renders route-level Prompt Firewall coverage from the public API artifact. It is meant to help customers understand where text inspection runs in the governed execution path.
This projection does not expose detector rules, extractor names, bypass-oriented payload details, or internal enforcement wiring.
| Route | Provider | Firewall | Customer Scope |
|---|---|---|---|
| POST /v1/proxy/openai | openai | Evaluated | Evaluated before provider execution when inspectable text is present. |
| POST /v1/proxy/anthropic | anthropic | Evaluated | Evaluated before provider execution when inspectable text is present. |
| POST /v1/proxy/google | Evaluated | Evaluated before provider execution when inspectable text is present. | |
| POST /v1/proxy/xai | xai | Evaluated | Evaluated before provider execution when inspectable text is present. |
| POST /v1/proxy/meta | meta | Evaluated | Evaluated before provider execution when inspectable text is present. |
| POST /v1/executions | * | Evaluated | Evaluated before provider execution when inspectable text is present. |
| POST /v1/execute | * | Evaluated | Evaluated before provider execution when inspectable text is present. |
| POST /v1/permits | * | Not at submission | Permit-first mode operates on metadata only |
| POST /v1/jobs | * | Not at submission | Async jobs do not run firewall at submission |
Coverage is route- and payload-dependent. Treat the Prompt Firewall as one layer in the governance path, not as a universal content-security boundary.
Last updated on Edit this page on GitHub