The Inference Gateway: the security boundary
The component that holds the keys and guards the egress: its pipeline, the threat model around it, what anonymization does to outbound prompts, how model routing stays inspectable, and where the inference-tier boundary sits.
When the middleware fires
All four conditions must hold; the first that fails short-circuits to a no-op for the entire pass (provider receives unmodified content; response is not touched; audit row records anonymization_applied = false).
| Condition | Source | Default |
|---|---|---|
gateway.yaml anonymization.enabled = true |
Operator config | false — feature flag stays off until the deployment opts in. |
Request's routed tier is in anonymization.apply_at_tiers |
Operator config | [3, 4, 5] — local Tier 1 / Tier 2 inference skips because the data never leaves the operator's environment. |
Request's lq_ai_privileged is false |
Backend forwards Project.privileged |
False for chats outside any project, or in non-privileged projects. |
Request's anonymize is true |
Per-call body field | True. Callers send anonymize: false only when they need the raw text on the provider call (evaluation, raw-passthrough scenarios). |