I've been building distributed backend systems for a while. Working on LLM-based systems recently, I noticed a structural issue: policy logic (validators, guardrails, allow/deny rules) usually lives inline in application code.
That works at first. But when you need versioning, shadow testing, rollback, or reproducible decisions — it gets awkward fast. Especially on-prem.
Swiftward is my attempt to extract that logic into a dedicated policy runtime.
It's a self-hosted engine that evaluates events (LLM prompts/outputs, user actions, internal signals) against versioned rules and produces deterministic decisions with full execution traces.
What it focuses on:
- Deterministic evaluation (same input + version = same result)
- Versioned rules with shadow runs and rollback
- Full decision trace for debugging and audit
- Postgres-first, fully on-prem deployment
The repo has Docker Compose demos with pre-built images you can try locally. The engine itself is commercial (self-hosted license) — looking for design partners and paid pilots.
I'm new to Trust & Safety as a domain and looking to validate where this is useful and where it breaks.
Website + docs: https://swiftward.dev
Repo + demos: https://github.com/disciplinedware/swiftward
Happy to answer technical questions.
rules:
contains_hello:
all:
- path: "event.type"
op: eq
value: "create_post"
- path: "signals.text_contains_hello"
op: eq
value: true
effects:
verdict: rejected
response:
blocked: true
reason: "Post contains 'hello'"
{
"entity_id": "user_2558",
"decisions": {
"matched_rules": ["contains_hello"]
},
"effects": {
"verdict": "rejected",
"response": { "blocked": true, "reason": "Post contains 'hello'" }
}
...
}
git clone https://github.com/disciplinedware/swiftward
cd examples/demo-minimal
docker compose up