Policy logic shouldn't live in application code.

Swiftward is a policy enforcement engine for AI, Trust & Safety, and financial automation. Define rules declaratively, test against real data, deploy with shadow mode, roll back instantly. On-prem. Deterministic. Every decision replayable.

Book a call

Use cases · How it works

One engine — three markets

AI & Agent Control

Problem: Your AI agent executes tool calls, generates outputs, accesses data. The logic controlling what's allowed lives in application code — changing it means engineering tickets and deploys.

With Swiftward: Tool call authorization, PII/secrets leakage prevention, prompt injection defense. Declarative rules, no code changes, full trace of every decision.

UGC / Trust & Safety

Problem: Users post content that violates policies. Moderation rules are scattered across services. Changing a threshold means a code deploy and a prayer.

With Swiftward: Content policy enforcement, spam and coordinated abuse detection, appeals and escalation. Same content + same policy = same decision, every time.

Risk & Financial Automation

Problem: Automated systems approve transactions, enforce limits, screen for sanctions. The rules are hardcoded and auditing a decision means digging through logs.

With Swiftward: Limits and thresholds, fraud signals, AML/KYC rule enforcement, sanctions screening. Every decision traceable and replayable.

Key capabilities

On-prem control

No SaaS lock-in, data stays inside. Deploy anywhere: Docker, Kubernetes, or bare metal.

Full audit trail

Every signal, rule match, state mutation, and action logged per event. Traces, investigations, replay/DLQ for compliance. See the Trust & Safety Decision System Map.

Deterministic decisions

Same event + same state + same policy version = same verdict (replayable). Under the hood: ordering guarantees + two-phase execution to keep side effects consistent.

Safe policy testing

A/B test policy changes with traffic splitting. Run new rules in shadow mode—evaluate against real traffic without affecting production. Validate before promoting.

How it works

Event in → policy evaluated → decision + trace out

1 / 3

AI / DLP: Sensitive data ends up in LLM prompts and MCP tool call parameters — credentials, PII, patient data, confidential documents. Catch and block before it leaves your environment.

Input

LLM request with RAG context containing an AWS access key

Decision

REJECTED

Rule: block_secrets_leakage

Effects

Block request + Alert #dlp-alerts + SIEM export + Label "secrets_leak"

Policy (YAML)

signals:
  secrets_scan:
    udf: dlp/secrets_scanner
    params:
      text: "{{ event.data.prompt_context }}"
      patterns: [aws_key, api_token, private_key,
                 db_connection_string]

rules:
  block_secrets_leakage:
    enabled: true
    all:
      - path: "signals.secrets_scan.found"
        op: eq
        value: true
    effects:
      verdict: rejected
      state_changes:
        set_labels: ["secrets_leak"]
        change_counters:
          blocked_requests: 1
      actions:
        - action: security_alert
          params:
            channel: "#dlp-alerts"
        - action: siem_export
          params:
            severity: high
      response:
        blocked: true
        reason: "Request context contains credentials"

Decision trace

trace_id:       tr_ai_20250115_003
policy_version: ai_dlp_v1
duration:       14ms

SIGNALS COMPUTED
+ secrets_scan = FOUND (8ms, dlp/secrets_scanner)
  -> type: aws_access_key
  -> match: "AKIA****..."
  -> confidence: 0.99

RULES EVALUATED
[P100] block_secrets_leakage   MATCHED

VERDICT: REJECTED
Source:  block_secrets_leakage
Reason:  Request context contains credentials

STATE MUTATIONS
+ SET LABELS:      ["secrets_leak"]
+ CHANGE COUNTERS: blocked_requests += 1

ACTIONS EXECUTED
+ security_alert -> #dlp-alerts (5ms, OK)
+ siem_export -> severity:high (3ms, OK)

UGC / Anti-spam: New account from a high-risk country posts a link to a known spam domain. Block and label.

Input

Post with link to cheap-tees-deals.com, 2-day-old account, signup country in high-risk list

Decision

REJECTED

Rule: block_spam_links

Effects

Block post + Label "spam" + Notify #t-and-s

Policy (YAML)

signals:
  high_risk_country:
    udf: list/contains
    params:
      list: high_risk_countries
      values:
        - "{{ event.data.author.signup_country }}"
        - "{{ event.data.author.last_signin_country }}"

  spam_domain_in_post:
    udf: list/contains_extracted
    params:
      list: tshirt_spam_domains
      text: "{{ event.data.content }}"
      extract: domains

  account_age_days:
    udf: time/days_since
    params:
      timestamp: "{{ event.data.author.created_at }}"

rules:
  block_spam_links:
    enabled: true
    all:
      - path: "signals.spam_domain_in_post"
        op: eq
        value: true
    any:
      - path: "signals.high_risk_country"
        op: eq
        value: true
      - path: "signals.account_age_days"
        op: lte
        value: 3
    effects:
      verdict: rejected
      state_changes:
        set_labels: ["spam"]
      actions:
        - action: notify
          params:
            channel: "#t-and-s"
      response:
        blocked: true
        reason: "Spam domain from high-risk source"

Decision trace

trace_id:       tr_ugc_20250115_042
policy_version: anti_spam_v2
duration:       11ms

SIGNALS COMPUTED
+ high_risk_country = true (2ms, list/contains)
  -> matched: signup_country in high_risk_countries
+ spam_domain_in_post = true (4ms, list/contains_extracted)
  -> extracted: ["cheap-tees-deals.com"]
  -> matched: tshirt_spam_domains
+ account_age_days = 2 (1ms, time/days_since)

RULES EVALUATED
[P100] block_spam_links    MATCHED

VERDICT: REJECTED
Source:  block_spam_links
Reason:  Spam domain from high-risk source

STATE MUTATIONS
+ SET LABELS:      ["spam"]

ACTIONS EXECUTED
+ notify -> #t-and-s (3ms, OK)

Risk / Finance: Trading bot submits an order priced too far from the current spread. Reject before it hits the order book.

Input

AAPL buy order at $218.40 — spread midpoint is $231.50 (5.7% off)

Decision

REJECTED

Rule: reject_price_deviation

Effects

Block order + Alert #risk-ops + Label "price_deviation"

Policy (YAML)

signals:
  spread_mid:
    udf: market/spread_mid
    params:
      symbol: "{{ event.data.symbol }}"

  price_deviation_pct:
    udf: math/pct_diff
    params:
      a: "{{ event.data.price }}"
      b: "{{ signals.spread_mid }}"

rules:
  reject_price_deviation:
    enabled: true
    all:
      - path: "signals.price_deviation_pct"
        op: gte
        value: 5  # more than 5% from mid
    effects:
      verdict: rejected
      state_changes:
        set_labels: ["price_deviation"]
        change_counters:
          rejected_orders: 1
      actions:
        - action: risk_alert
          params:
            channel: "#risk-ops"
      response:
        blocked: true
        reason: "Order price deviates >5% from spread"

Decision trace

trace_id:       tr_fin_20250115_091
policy_version: trading_risk_v1
duration:       8ms

SIGNALS COMPUTED
+ spread_mid = 231.50 (3ms, market/spread_mid)
  -> symbol: AAPL
+ price_deviation_pct = 5.7 (1ms, math/pct_diff)
  -> order_price: 218.40
  -> spread_mid: 231.50

RULES EVALUATED
[P100] reject_price_deviation   MATCHED

VERDICT: REJECTED
Source:  reject_price_deviation
Reason:  Order price deviates >5% from spread

STATE MUTATIONS
+ SET LABELS:      ["price_deviation"]
+ CHANGE COUNTERS: rejected_orders += 1

ACTIONS EXECUTED
+ risk_alert -> #risk-ops (4ms, OK)

AI Agents / MCP: AI support agent calls refund_transaction for $2,400 — daily limit already at $3,200 of $5,000. Hold the action, route to a human for approval.

Input

AI agent (role: cs_agent) calls refund_transaction for $2,400 — daily refunds already at $3,200

Decision

FLAGGED

Rule: flag_refund_over_limit

Effects

Hold action + Enqueue #manager-approvals (30m timeout) + Label "limit_exceeded"

Policy (YAML)

signals:
  tool_authorized:
    udf: rbac/check_permission
    params:
      role: "{{ event.data.agent.role }}"
      action: "{{ event.data.tool_call.name }}"

  daily_refund_total:
    udf: state/counter_value
    params:
      entity: "{{ event.data.agent.id }}"
      counter: daily_refunds
      window: 24h

  refund_after:
    udf: math/add
    params:
      a: "{{ signals.daily_refund_total }}"
      b: "{{ event.data.tool_call.params.amount }}"

rules:
  block_unauthorized_tool:
    priority: 200
    enabled: true
    all:
      - path: "signals.tool_authorized"
        op: eq
        value: false
    effects:
      verdict: rejected
      actions:
        - action: security_alert
          params:
            channel: "#security-ops"
      response:
        blocked: true
        reason: "Agent role lacks permission for this tool"

  flag_refund_over_limit:
    priority: 100
    enabled: true
    all:
      - path: "signals.tool_authorized"
        op: eq
        value: true
      - path: "signals.refund_after"
        op: gt
        value: 5000
    effects:
      verdict: flagged
      state_changes:
        set_labels: ["limit_exceeded"]
        change_counters:
          daily_refunds: "{{ event.data.tool_call.params.amount }}"
      actions:
        - action: enqueue_hitl
          params:
            queue: "#manager-approvals"
            timeout: 30m
      response:
        held: true
        reason: "Daily refund limit exceeded — pending approval"

Decision trace

trace_id:       tr_mcp_20250115_017
policy_version: agent_controls_v1
duration:       12ms

SIGNALS COMPUTED
+ tool_authorized = true (3ms, rbac/check_permission)
  -> role: cs_agent
  -> action: refund_transaction
+ daily_refund_total = 3200 (2ms, state/counter_value)
  -> entity: agent_cs_047
  -> window: 24h
+ refund_after = 5600 (1ms, math/add)
  -> 3200 + 2400 = 5600

RULES EVALUATED
[P200] block_unauthorized_tool   NOT MATCHED
[P100] flag_refund_over_limit    MATCHED

VERDICT: FLAGGED
Source:  flag_refund_over_limit
Reason:  Daily refund limit exceeded — pending approval

STATE MUTATIONS
+ SET LABELS:      ["limit_exceeded"]
+ CHANGE COUNTERS: daily_refunds += 2400 (total: 5600)

ACTIONS EXECUTED
+ enqueue_hitl -> #manager-approvals (4ms, OK)
  -> timeout: 30m
  -> review_url: /review/tr_mcp_20250115_017

Architecture & scaling

Swiftward runs as a single binary that can operate as one process or be deployed as role-based components (ingestion, workers, control API) for horizontal scaling.

Why not just X?

Why not OPA?

OPA: Policy decision engine — great for authorization/DevOps.

Swiftward: Policy runtime + event processing + state management + audit trails + DLQ/replay. Built for consequential decisions — AI safety, content moderation, fraud, compliance.

Why not SaaS LLM gateways?

SaaS gateways: Proprietary, your data leaves infrastructure, limited to LLM use cases only.

Swiftward: OpenAI-compatible gateway + general policy engine for UGC, fraud, compliance. On-prem, no vendor lock-in. One system, multiple use cases.

Why not build in-house?

You'll re-create policy versioning, deterministic execution ordering, audit trails, DLQ/replay, and integrations.

Policy logic shouldn't live in application code.

One engine — three markets

AI & Agent Control

UGC / Trust & Safety

Risk & Financial Automation

Key capabilities

On-prem control

Full audit trail

Deterministic decisions

Safe policy testing

How it works

Policy (YAML)

Decision trace

Policy (YAML)

Decision trace

Policy (YAML)

Decision trace

Policy (YAML)

Decision trace

Architecture & scaling

Why not just X?

Why not OPA?

Why not SaaS LLM gateways?

Why not build in-house?

Talk to us

Documentation