Pre-egress inspection
Requests are validated on the way out, so you do not depend on every developer to manually sanitize prompts.
Policy + redaction at egress
Stop sensitive data before it leaves.
Governance Shield inspects outbound AI requests, redacts sensitive fields, and enforces routing and security policy before providers ever see the payload.
Inspect
PII + secrets reviewed
Transform
Sensitive fields replaced
Route
Approved provider lane
The boundary
A programmable perimeter for outbound AI traffic.
Governance Shield should feel like an active traffic layer, not a checklist. The value is in what gets intercepted, transformed, and recorded while requests are still inside your control plane.
Policy enforcement inline
Allow-lists, budget rules, and data controls apply consistently across IDEs, agents, and internal services.
Audit-ready by default
Every redaction and decision can be logged to support reviews, incident response, and governance reporting.
PII interception
Before and after the policy boundary
Raw request
email: stefan.kilo@gbc.com
phone: +49 30 123456
project_ref: finance-rollout-eu
api_key: sk-live-private-...
Policy output
email: [EMAIL_1]
phone: [PHONE_1]
project_ref: [PROJECT_REF_1]
api_key: [SECRET_1]
PII / PHI
Auto-redact with [REDACTED]
Emails, phone numbers, SSNs
Secrets & keys
Redact or block by policy
Cloud keys, API tokens, database URIs
Auth headers
Strip and notify
Hard-coded auth inside payloads
How enforcement works
Controls that live in the request path.
Policy builder
if payload.contains(email) -> redact
if payload.contains(api_key) -> block
if region != eu and policy == eu_only -> reroute
if monthly_spend > limit -> downgrade model
01
Capture
Traffic is routed through Spendplane so every outbound request is observable and controllable.
02
Analyze
Payloads are checked for secrets, PII, and policy violations using built-in and custom rules.
03
Transform
When allowed, sensitive values are redacted or replaced with stable placeholders before forwarding.
04
Prove
Decisions are logged with context so teams can answer what left, where it went, and why it was allowed.
Exportable governance events
Pull redaction and policy events for incident review, compliance checks, and security reporting.
Trace a request end-to-end
Follow prompts through routing decisions and enforcement outcomes without relying on provider logs.
Audit & reporting
[trace] request_id=spn_10284
[detect] email matched rule pii-email
[transform] token [EMAIL_1] substituted
[route] eu-approved provider lane selected
[record] governance event stored for audit export
Make safe-by-default the easiest path.
Put guardrails at the perimeter so builders can move fast without sending raw context directly to providers.