policy_controls() defines how secure_chat() should respond after a
scanner has already resolved a prompt, context row, or output as blocked.
Scanner reports still use the core actions allow, redact, and block;
controls decide whether the orchestration layer should drop context, return
a refusal message, or mark a run for human review.
Usage
policy_controls(
on_prompt_block = "block",
on_context_block = "drop",
on_output_block = "block",
refusal_message = "I can't safely complete that request.",
escalation_message = "Human review requested by llmshieldr policy."
)Arguments
- on_prompt_block
One of
"block","refuse", or"escalate".- on_context_block
One of
"drop","keep_redacted","block","refuse", or"escalate".- on_output_block
One of
"block","refuse", or"escalate".- refusal_message
Message returned as
result$outputwhen a control maps a block torefuse.- escalation_message
Optional human-readable reason stored in policy metadata when a control maps a block to
escalate.
Details
Control fields:
on_prompt_block: applied when the user prompt is blocked before the chat call.on_context_block: applied when one or more retrieved context rows are blocked."drop"excludes blocked rows and continues."keep_redacted"includes their redacted text."block","refuse", and"escalate"stop before the chat call.on_output_block: applied when model output is blocked after the chat call.
refuse returns refusal_message as the result output. escalate returns
no output and records the final action as "escalate" for downstream
routing.