Trust-Prompt Enterprise

Trust-Prompt Enterprise Technical Sheet
Technical Sheet

Trust-Prompt Enterprise

A structured technical overview of the Trust-Prompt Enterprise Admin Policy Builder, including policy targets, AI access control, scope settings, runtime protection, permissions, validation and export workflow.

Local-first Target-based Managed policies Enterprise v0.2.3
Trust-Prompt Enterprise

Google Admin Policy Builder

Build managed Chrome policies for the Trust-Prompt Enterprise v0.2.3 baseline.

Local builder – no backend – no data upload
Executive Overview

Core enterprise control layers

Trust-Prompt checks and controls AI usage before data leaves the device.

Local governance

AI Access Control

  • Define approved AI tools
  • Block selected AI sites
  • Apply controls per Policy Target

Prompt Protection

  • Detect sensitive data locally
  • Warn or block before send
  • Support redaction behavior

Centralized Management

  • Build managed policies
  • Export Google Admin JSON
  • Export Windows REG
Project

Save or reopen builder projects locally

Projects are saved as local JSON files. No policy data is uploaded.

Local JSON
Project controls
Save, load and reset the complete local builder state.
StatusUnsaved project changes
StorageLocal file only
Target Selection

Policy Targets and group-based governance

Each target can represent a Google Organizational Unit, Google Group, Microsoft Entra group, department or custom team.

Target-first
Global Default Finance Legal Support IT Admin Audit Viewer + Add Target
Editing targetIT Admin
SourceIT Admin preset
StatusMatches source preset
Export modelOne selected target per export
Policy Pack

Reference profiles for faster setup

Preset cards provide starting points for common governance profiles.

Preset-driven

Light

Softer Enterprise baseline for pilots.

Standard

Reference Enterprise baseline aligned with QA matrix.

Strict

High-control posture with stronger restrictions.

Finance

Finance-oriented profile for regulated workflows.

Support

Support team profile with selected controls.

IT Admin

Broad visibility and managed override permissions.

Core Policy

Runtime protection settings

These settings define the runtime baseline for the selected Policy Target.

Runtime baseline
ProtectionEnabled
RedactionEnabled
Policy levelenterprise
Upload policyBLOCK
Rule term languageauto
AI Site Scope

Where Trust-Prompt can run checks

Scope controls where Trust-Prompt is active and how the browser extension reacts to each supported AI host.

tp_scope_entries
Scope LOCK/BLOCK has higher priority than AI Access approvals.
chatgpt.comALLOW✓ CheckRemove
chat.openai.comALLOW✓ CheckRemove
claude.aiALLOW✓ CheckRemove
gemini.google.comALLOW✓ CheckRemove
copilot.microsoft.comALLOW✓ CheckRemove
bing.comALLOW✓ CheckRemove
AI Access Control

Which AI tools each target may use

AI Access Control decides which AI tools are approved or blocked for the selected Policy Target.

tp_ai_access_*
If a site is both approved and blocked, blocking wins.

Access modes

  • Monitor approved sites only
  • Block listed sites
  • Allow approved sites only

Target-based controls

  • Approved sites per target
  • Blocked sites per target
  • Custom AI blocklist
Categories

High-level risk management

Administrators assign ALLOW, WARN or BLOCK actions to enterprise risk categories.

tp_category_policy_map
Financial data
FINANCIAL
BLOCK
Bank routing identifiers
BANK_ROUTING_IDENTIFIERS
WARN
Identity and KYC
ID_KYC
BLOCK
Legal and compliance
LEGAL_COMPLIANCE
WARN
Personal data
PII
WARN
Security secrets
SECURITY
BLOCK
Rules and Word Policies

Fine-grained controls and vocabulary tuning

Administrators can override specific detectors and tune organization-specific terminology.

Rule overrides

Rule-level overrides

  • IBAN detection
  • API key and token detection
  • Large paste and document markers
  • ALLOW / WARN / BLOCK overrides

Word policies

  • Allowlist reduces false positives
  • Blocklist protects internal terms
  • One term per line
Permissions

User visibility and managed override permissions

Admins control what users can see and what users are allowed to change locally.

tp_ui_permissions

Visibility

  • License section
  • Governance controls
  • Audit section
  • Settings lock
  • Scope section

Editing rights

  • Protection toggle
  • Upload policy
  • Redaction
  • Scope entries
  • Rules and word policies
Validation and Readiness

Policy health before deployment

The builder validates JSON readiness, REG readiness and policy conflict notes before export.

Pre-deployment check
Scope hosts10
Blocked categories3
Warn categories8
Rule overrides2
Policy JSON is ready. REG export needs a valid Extension ID.
Export Readiness

Deployment summary and export formats

Admins can export Google Admin JSON, Windows REG, and a human-readable Policy Summary.

Export

Google Admin JSON

  • Chrome managed storage policies
  • Reflects selected Policy Target
  • Includes runtime, scope, AI Access, categories and permissions

Windows Registry Export

  • Windows-based Chrome or Edge deployments
  • Requires valid Extension ID
  • Preview appears when required fields are valid
{ “tp_enabled”: true, “tp_scope_entries”: [ { “host”: “chatgpt.com”, “mode”: “ALLOW”, “check”: true }, { “host”: “claude.ai”, “mode”: “ALLOW”, “check”: true } ], “tp_ai_access_mode”: “monitor_approved_only”, “tp_upload_policy”: “BLOCK”, “tp_policy_level”: “enterprise” }
Runtime Enforcement

Predictable policy priority

Trust-Prompt Enterprise applies policies in a consistent enforcement order.

Enforcement order

1. Scope LOCK

Full interface restriction takes precedence.

2. Scope BLOCK

Access or send action is blocked.

3. AI Access BLOCK

Target-specific AI tool restriction is enforced.

4. Prompt Pre-check

Sensitive content is evaluated locally before send.

Privacy and Limitations

Local-first architecture

The product is designed to evaluate prompts locally without uploading prompt content.

No prompt upload

Privacy principles

  • Prompt content is evaluated locally
  • No backend is required for enforcement
  • No prompt content is stored by design
  • Audit should remain metadata-only

Current limitations

  • One selected Policy Target per export
  • Custom hosts may require host permissions or Chrome Admin URL policies
  • No OCR or file-content inspection unless separately implemented
Trust-Prompt Enterprise · Technical Sheet · Enterprise v0.2.3