The SecurityPolicy Model
The Elchi Shield policy file format — envelope, domains, routes, match predicates, inheritance, and multi-file merge semantics.
Modes & Fail Postures
What block, detect, shadow, and off actually do to a request; fail_open vs fail_close; and the recommended detect → shadow → block rollout.
Body Inspection & Limits
Enabling request/response body buffering, size and time limits, and the always-on structural protections — truncation guard, content decoding, and the process-wide body budget.
Built-in Checks & Pipeline Order
The built-in header and body checks, skip_checks exemptions, custom pipeline stage ordering, audit sampling, and per-policy log level.
Data Loss Prevention (DLP)
Block hard secrets and redact PII in request or response bodies — kinds, block vs redact precedence, and how in-place redaction works mechanically.