Controls and policies

Enforcement layers that decide whether a request can proceed
View as Markdown

Panicly enforcement is layered. Some controls live in the core rules engine, while others are enforced in the broader gateway path.

Kill Switch

Immediate project traffic stop before upstream provider spend.

Network Controls

Sender IP blocking and inspection.

Region Rules

Country and Panicly-defined region blocking, backed by geo_rules.

Model Controls

Per-project model enable and disable state backed by model_rules.

Token guard

Blocks requests that exceed configured token limits.

Loop guard

Detects repeated identical payload patterns.

Evaluation layers

The Panicly key must belong to a valid project in the workspace.

Panicly checks included monthly volume and purchased capacity before routing.

The gateway can block by sender IP, country, product-defined region, or disabled model before provider forwarding.

Panicly checks Kill Switch, burst protection, abuse detection, token guard, and loop guard.

Approved requests can still be rejected by the upstream provider. Panicly should still record the outcome.

Use trusted location signals

Region and network decisions depend on trusted platform or proxy location signals, not arbitrary client-supplied headers.

Rule tuning fields

rate_limit_rpm
number

Per-project burst protection threshold.

abuse_threshold
number

Rolling abuse or spend-style threshold.

max_tokens
number

Maximum token budget accepted for a request.

loop_sensitivity
number

Sensitivity for repeated-payload detection.