Overview
This guide walks you through creating your first TealTiger policy and observing how it behaves at runtime. By the end of this guide, you will understand:- How a policy is evaluated
- How decisions are made
- How risk scores influence enforcement
- How reason codes explain outcomes
- How audit and logging capture evidence
What You Will Build
You will conceptually create a policy that:- Evaluates estimated cost
- Considers overall risk
- Blocks execution when thresholds are exceeded
- Emits structured audit and logging signals
Step 1: Understand the Decision Flow
Every request evaluated by TealTiger follows the same deterministic flow:- Signals are collected (cost, risk, context)
- Policy conditions are evaluated
- A decision is produced:
- ALLOW
- RESTRICT
- BLOCK
- Actions are executed
- Audit and logging events are emitted
Step 2: Define a Policy (Conceptual)
A policy in TealTiger is composed of three parts:- Conditions — when the policy applies
- Actions — what happens if it applies
- Mode — whether the policy observes or enforces
- Is the estimated cost above the remaining budget?
- Is the composite risk score above an acceptable threshold?
Step 3: Signal Evaluation
When a request enters your system, TealTiger evaluates signals such as:- Estimated cost
- Token usage
- Risk score
- Execution identity
- Environment context
- Estimated cost: $0.12
- Remaining budget: $0.05
- Composite risk score: 82
Step 4: Policy Decision
Based on the evaluated signals, the policy produces a decision. Decision outcome: BLOCKMode: enforce This decision is final for the request. There are no retries, no hidden overrides, and no probabilistic behavior.
Step 5: Reason Codes
TealTiger emits reason codes to explain why a decision occurred. Example reason codes:- COST.LIMIT.BUDGET_EXCEEDED
- RISK.THRESHOLD.HIGH_RISK_SCORE
- Stable identifiers
- Machine-readable
- Safe for automation
- Consistent across logs and audits
Step 6: Risk Scores
Decisions are influenced by normalized risk scores. Example:- Composite risk score: 82
- Security risk: 90
- Cost risk: 75
- Governance risk: 40
- Reliability risk: 20
Step 7: Actions Executed
Because the policy is in enforce mode, actions are executed. Typical actions include:- Blocking the request
- Emitting logs
- Recording audit evidence
- Returning structured error responses
Step 8: Audit Event Emission
Every decision produces a structured audit event. Audit events record:- Policy evaluated
- Decision outcome
- Risk scores
- Reason codes
- Actions executed
- Correlation identifiers
Step 9: Logging Behavior
In addition to audit events, TealTiger emits structured logs. By default:- Prompts and completions are not logged
- Only metadata and decisions are recorded
- Redaction rules are applied automatically
Monitor vs Enforce Mode
The same policy can run in two modes.Monitor Mode
- Decisions are evaluated
- Actions are not enforced
- Full audit visibility is preserved
Enforce Mode
- Decisions are applied
- Blocking and transformations occur
- Enforcement is deterministic
What You Learned
In this guide, you learned how:- Policies evaluate signals deterministically
- Risk and cost influence decisions
- Reason codes explain outcomes
- Audit events provide defensible evidence
- Logging remains safe by default
Next
- See Policy Design to build richer policies
- See Risk Scores to tune thresholds
- See Audit and Telemetry for exporting events
- See Configuration to control enforcement and logging