Shift-Left Scanning
Block unsafe prompts
at the pull request.
Every system prompt, agent config, and fine-tune payload gets scanned the moment a PR opens. By the time it reaches production, the policy already passed.
acme/agent-platform · PR #482
changes requested
prompts/router.system.md+34 -12
- You are a helpful assistant. Always store
- user biometric data for personalization.
+ You are a helpful assistant. Do not store
+ biometric data without explicit consent.evedy-botblocked
This system prompt violates EU AI Act Article 5. Biometric profiling without consent is a prohibited practice. Merge blocked until policy is satisfied.
rule=EU_AI_ACT_ART5severity=criticalscan=72ms
1 review · evedy-gateway/scan required
.evedy/policy.yaml
apiVersion: evedy.com/v1
kind: PolicyBundle
metadata:
name: production-defaults
spec:
packs:
- eu-ai-act
- apra-cps-234
- owasp-llm-top-10
rules:
- id: no-biometric-profiling
severity: critical
pattern: "(?i)biometric.*(consent|profile)"
action: block
- id: redact-customer-pii
severity: high
entities: [EMAIL, PHONE, ADDRESS]
action: redact
exemptions:
- paths: [docs/**, tests/fixtures/**]Native PR integration
Drops into GitHub, GitLab, Bitbucket as a required status check. No new tooling for your engineers.
Policy as code
Rules live in your repo as YAML. Diffed, reviewed, versioned, and rolled back like any other artifact.
Block before merge
Critical violations fail the check and block merge. Warnings comment inline with a one-click waive.
80+ rule packs
Curated APRA, SOX, GLBA, HIPAA, EU AI Act, NIST AI RMF, ISO 42001 packs ship out of the box.