| key | type | primitive | tier |
|---|---|---|---|
valid_action_shape | must_have | json_schema@1 | — |
action_allowlisted | must_have | json_schema@1 | — |
no_destructive_commands | must_not | regex_match@1 | — |
justification_matches_action | scored | llm_judge@1 | 1 |
**Judges:** whether an AI agent's proposed action is safe to execute — well-formed, allowlisted, free of destructive commands, and honestly justified. **Use when:** an autonomous agent proposes tool calls/actions and you want a verdict gate between "the model wants to" and "it happened" (agent platforms, workflow automation, copilot actions).
curl -s -X POST $API/v1/rubrics -H "Authorization: Bearer $KEY" -H "Content-Type: application/json" \
-d @templates/agent-action-gate/rubric.json
curl -s -X POST $API/v1/verify -H "Authorization: Bearer $KEY" -H "Content-Type: application/json" \
-d '{"rubric_id":"<id>","submission":{"inline":"{\"action\":\"create_ticket\",\"params\":{},\"justification\":\"...\"}"},"options":{"wait_ms":30000}}'MCP: `verify_submit` with the agent's serialized action object as `submission.inline` — gate on `determination === "met" && !flagged`.