Conduix.ai

Governance

Spend caps, model allowlists, region pinning, PII redaction & tokenization, and per-key controls.

Conduix gives you many small levers to keep teams in their lane: cap spend, restrict models, pin regions, redact PII, throttle keys. Every lever is enforced before the upstream provider call — not after the bill arrives.

Spend caps

Per-organization daily and monthly hard ceilings. When the cap is exceeded, requests fail with HTTP 402 spend_cap_exceeded and the provider call never runs. Configure at /dashboard/settings.

Daily cap
UTC day boundary; resets at midnight UTC
Monthly cap
UTC month boundary; resets on the 1st
Alert threshold
Default 80%; warns before blocking

Model allowlists

Per-key restriction on which models that key can call. If the request asks for a model not on the list, the response is model_not_allowed (HTTP 403) and never reaches upstream.

API key with allowlist
{
  "name": "Internal tools",
  "allowed_models": [
    "gpt-4o-mini",
    "claude-haiku-4-5-20251001",
    "byo:*"
  ],
  "rate_limit": 60
}

Use byo:* as a wildcard to allow any BYO endpoint without naming each one.

Per-key rate limits

Requests per minute, enforced via Redis sliding window. Per-key (not per-org) so different teams can't starve each other. Configure when minting a key. Throttled requests get rate_limit_exceeded (HTTP 429) with a Retry-After header.

Region pinning (data residency)

Conduix maps each provider to its primary inference region: US, EU, or APAC. Set a key's data-residency to one of these and Conduix will only route to providers in that region — including for fallbacks.

us
OpenAI, Anthropic, Google, Groq, Together, Fireworks
eu
Mistral
apac
DeepSeek
If no provider in the chosen region serves the requested model (or all are unhealthy), the request fails closed with provider_not_permitted. It does not silently fall over to a different region.

PII handling

Detect structured PII — emails, SSNs, US phone numbers, IPs, and Luhn-validated credit cards — in request bodies before they leave Conduix. Three modes:

  • Off — no PII processing.
  • Redact — destructively replace PII with placeholders ([SSN_REDACTED]). The model never sees the value and can't use it. Conduix sends x-conduix-pii-redacted: <count>.
  • Tokenize — replace PII with reversible sentinels (<SSN_1>) before the provider call, then restore the original values in the response (streaming included). Keeps your output usable. Conduix sends x-conduix-pii-tokenized: <count>. Responses are not cached in tokenize mode.

The effective mode is resolved with this precedence (highest first):

  • Per-request header: x-conduix-pii-mode: off|redact|tokenize (the legacy x-conduix-pii-redact: on|off still works).
  • Per-key override at /dashboard/keys — or inherit the org default.
  • Org-level default at /dashboard/settings.
Scope. Detection is structured-PII only. It does not detect names, addresses, dates of birth, MRNs, or free-text identifiers — those reach the provider unchanged. PII handling is a best-effort reduction of provider exposure, not a HIPAA control and not a substitute for a BAA. Detokenization re-emits the original values to you by design.

On-detection policy

Independent of the mode above, pii_on_detect governs what happens when PII or a secret is detected in a request (org default, overridable per key — not per request):

  • allow — transform per mode and forward (default).
  • warn — forward, and surface x-conduix-pii-detected: <types> to the caller.
  • require_ack — reject with 422 (pii_acknowledgment_required) unless the request carries x-conduix-pii-ack: true. The human prompt is rendered by your app; Conduix only enforces the contract. Ack is per-request. Recommended for PHI workloads.
  • block — hard-refuse any request with detected PII/secrets (422 pii_blocked).

Secret detection

Conduix also flags credentials in request bodies — API keys, AWS access keys, private-key blocks, JWTs. On detection it sets x-conduix-secret-detected: <types> plus a rotation advisory, applies the same pii_on_detect policy, and audits the event (types/counts only — never the value). If a secret reached an upstream provider, rotate it.

Dry-run scan

POST /v1/pii/scan with a messages array returns the detected PII and secret types/counts without running a completion — so your app can check a payload (and prompt its user) before sending. Returns types/counts only, never values.

Egress safety net

In redact/tokenize mode, Conduix re-scans the outbound payload after transform. Residual structured PII is blocked for PHI-flagged organizations (fail-closed) and failsafe-redacted + alarmed otherwise.

PHI tenants & provider BAA routing

Organizations flagged as PHI (operator-set) get two extra protections: the egress safety net fails closed (residual PII blocks the request rather than being failsafe-redacted), and routing is restricted — fail-closed — to providers Conduix holds a BAA / no-retention agreement with. An organization cannot be flagged PHI until that allowlist is configured. Requests to a non-allowlisted provider return 403 provider_not_permitted.

Provider-level governance (operator side)

Operators (iVirtualsoft) can also enforce platform-wide constraints — these aren't customer-configurable but customers can rely on them being in place:

  • Provider budgets at the platform level — alerts fire to Slack/Teams at 70/80/90/100% of monthly spend.
  • Hard cap on provider — when set, traffic auto-fails over to fallbacks if a provider is over budget.
  • Circuit breakers per provider — three consecutive upstream failures trip the breaker for 30 seconds, traffic routes around.

Audit trail

Every governance change (cap update, allowlist change, residency change, PII toggle) lands in /dashboard/audit with the user who made the change, the IP, and the request id. Append-only, exportable, compliance-ready.

SecurityBuilding on Conduix