Set the org's LLM model policy
PUT/api/v1/organizations/current/model-policy
Replace the org's per-org LLM admission policy.
- Owner-only: the policy governs where proprietary source may be sent, so it sits at the same trust tier as org deletion / ownership.
- Fully replaces the prior policy (idempotent PUT). The body is
validated against the typed
OrgModelPolicyschema; an unknown provider or malformed override is rejected (422) before persistence — no string-as-type, no silent drop. - Persisted on the org; shipped to the runner in spawn metadata as
model_policy_jsonon the NEXT assessment start (in-flight runs keep the policy that was active at their spawn).
Request
Responses
- 200
- 400
- 401
- 403
- 404
- 409
- 422
- 429
- 500
Successful Response
Bad request — malformed input or failed validation.
Missing, expired, or invalid credentials.
Authenticated but not authorized for this resource. Note: cross-organization reads return 404, not 403.
Resource not found, or hidden for tenant-enumeration safety (the caller lacks permission to know whether the resource exists).
Conflict — the current resource state does not allow this operation (e.g. assessment already started, email already in use).
Semantic validation failure — request shape was valid but contents were not.
Too many requests — rate limited. Retry after the window resets.
Internal server error — unexpected failure.