Skip to main content
The harness enforces model allowlists based on compliance requirements. When a compliance mode is set, only models in the corresponding allowlist are permitted.

Compliance Modes

ModeAllowed ModelsUse Case
gdprgpt-4o, gpt-4o-mini, gpt-3.5-turboEU data protection
hipaagpt-4o, gpt-4o-miniHealthcare data
pcigpt-4o-mini, gpt-3.5-turboPayment card data
strictgpt-4oMaximum restriction

Usage

import cascadeflow

cascadeflow.init(mode="enforce")

# GDPR compliance — only gpt-4o, gpt-4o-mini, gpt-3.5-turbo allowed
with cascadeflow.run(compliance="gdpr") as session:
    result = await agent.run("Process this EU customer data")
Or as agent metadata: 
@cascadeflow.agent(compliance="hipaa")
async def medical_agent(query: str):
    return await llm.complete(query)

Enforcement Behavior

When a model outside the allowlist is requested:
  • In observe mode: the trace records action: "switch_model" with the suggested compliant alternative, but execution continues with the original model
  • In enforce mode: the harness blocks the non-compliant model and either switches to a compliant alternative or stops execution

Combining with Budget

Compliance and budget constraints are independent. Both are checked at every step: 
with cascadeflow.run(budget=0.50, compliance="gdpr") as session:
    # Must stay within budget AND use only GDPR-approved models
    result = await agent.run("Analyze EU customer feedback")

Custom Allowlists

The built-in allowlists cover common regulations. For custom requirements, set compliance at the integration level or use the HarnessConfig directly: 
config = HarnessConfig(
    mode="enforce",
    compliance="strict",  # Only gpt-4o
)
cascadeflow.init(config=config)
Example walkthrough: Compliance Gating | GitHub: enforcement/basic_enforcement.py