Docs Concepts

Concepts

Architecture overview of the Meibel policy plane: how requests flow through it, how policies are defined, and what the audit log captures.

Request lifecycle

Every call through the Meibel proxy follows this sequence:

  1. Tenant resolution — The X-Meibel-Tenant header identifies which tenant context applies, which policy to load, and which rate budget to debit.
  2. Entity detection — The full assembled prompt (including RAG-retrieved context) is scanned for entity types defined in the active policy.
  3. Redaction — Detected entities are replaced with typed mask tokens ([SSN_001], [PERSON_NAME_001]). Replacement is deterministic within a call — the same entity value always maps to the same mask index.
  4. Policy verdict — If no entities were found: ALLOWED. If entities were redacted: REDACTED. If a block rule matched: BLOCKED.
  5. Forward to upstream — The redacted prompt is forwarded to the upstream model API with your credentials.
  6. Audit write — An immutable audit record is written: entity types found (not values), verdict, model version, prompt hash, tenant ID, timestamp.
  7. Response return — The upstream response is returned verbatim with Meibel headers attached.

Policy DSL

Policies are YAML documents with three top-level sections: entities, blocks, and audit.

Full policy schema
version: "1"
policy_id: healthcare-v2

entities:
  - group: pii-standard
    action: redact
    mask_format: [TYPE_INDEX]
  - group: hipaa-safe-harbor   # 16 HIPAA identifiers
    action: redact
    mask_format: [PHI_TYPE_INDEX]
  - pattern: "NPI-\\d{10}"         # custom regex
    label: PROVIDER_NPI
    action: redact

blocks:
  - if_entity: SSN
    in_context: system_prompt   # SSN in system prompt = hard block
    action: block
    reason: SSN in system_prompt not permitted

audit:
  enabled: true
  store_raw_prompt: false
  store_hash: true
  store_entity_types: true

Entity type taxonomy

pii-standard
  • PERSON_NAME
  • EMAIL_ADDRESS
  • PHONE_NUMBER
  • SSN
  • DATE_OF_BIRTH
  • STREET_ADDRESS
  • IP_ADDRESS
financial
  • FIN_ACCT_NUM
  • CREDIT_CARD
  • IBAN
  • CUSIP
  • ISIN
  • AUM_VALUE
  • BENEFICIAL_OWNER
hipaa-safe-harbor
  • PATIENT_NAME
  • DATE (clinical)
  • MRN
  • NPI
  • DIAGNOSIS_CODE
  • HEALTH_PLAN_NUM
  • DEVICE_SERIAL
government
  • GOVT_ID
  • DRIVERS_LICENSE
  • BENEFIT_CASE_NUM
  • EIN
  • PASSPORT

Isolation models

Tenant isolation is enforced at the database partition level. There are three isolation models available depending on your deployment:

ModelDescriptionUse case
Shared partitionTenant data in same DB, partitioned by tenant_id. Queries are tenant-scoped by default.Developer and Team plans; up to 100 tenants.
Dedicated namespaceSeparate DB schema per tenant. No cross-schema queries possible.Enterprise plans; regulated industries requiring stronger isolation.
On-premEntire Meibel stack deployed in your infrastructure. No data leaves your network.Enterprise customers with data residency requirements or network restrictions.

Audit log schema

Each audit record is immutable once written. The schema is fixed across API versions.

Audit record schema
{
  "request_id":      "req_01HX9K2B4Y",        // unique ID, immutable
  "tenant_id":       "finance-wealth",
  "policy_id":       "finance-default-v1",
  "policy_verdict":  "REDACTED",              // ALLOWED | REDACTED | BLOCKED
  "model_version":   "gpt-4o-2024-08-06",    // from upstream API response
  "pii_findings":    ["PERSON_NAME", "SSN"],  // entity labels only
  "redaction_count": 2,
  "prompt_hash":     "sha256:a3f9cc...",       // sha256 of pre-redaction prompt
  "latency_ms":      312,
  "created_at":      "2025-11-14T14:23:08Z"
}
Raw prompt is never stored

store_raw_prompt: false is the default and recommended setting. Meibel stores only the SHA-256 hash of the pre-redaction prompt and the entity type labels. Raw prompt content does not leave your network unless you explicitly configure archiving.

Quickstart API Reference