RAI & observability¶

Responsible AI (RAI) policy¶

Oris applies a default PolicyEnforcer at pipeline boundaries:

Input checks — Blocked keys (e.g. password, secret, token), basic prompt-injection heuristics, and simple PII-shaped patterns in string values.
Output checks — Blocked terms, plus stub hooks for toxicity/hallucination markers used in tests.

These checks align with InputGuard / OutputGuard hooks in the executor so behavior stays consistent whether you run a full pipeline or SafeRunner.

Layer your defenses

Default policy is a baseline, not a complete safety program. Combine Oris with org policies, model safeguards, and human review appropriate to your domain.

Tracing¶

Each run produces a RunTrace with ordered StepTrace records: timestamps, status, per-step latency_ms, flags, and optional metadata.

The stable JSON-oriented view is PipelineResult.to_run_summary()—used by the CLI and ideal for logs. See Runs, output & traces.

Audit logging¶

The tracing package includes audit helpers for redaction-aware logging—see oris.tracing.audit in the repository.

CLI reference — --debug trace lines on stderr
Security — reporting issues and secret handling

RAI & observability¶

Responsible AI (RAI) policy¶

Tracing¶

Audit logging¶

Related¶