| key | type | primitive | tier |
|---|---|---|---|
no_email_pii | must_not | regex_match@1 | — |
no_phone_pii | must_not | regex_match@1 | — |
no_harassment | must_not | llm_judge@1 | 1 |
brand_safe_tone | scored | llm_judge@1 | 1 |
**Judges:** user-generated or AI-generated content against a baseline publishing policy — no email/ phone PII (deterministic regex), no harassment, brand-safe tone (judged). **Use when:** you display untrusted content publicly (comments, reviews, AI replies) and need an auditable yes/no with evidence rather than a black-box filter.
curl -s -X POST $API/v1/rubrics -H "Authorization: Bearer $KEY" -H "Content-Type: application/json" \
-d @templates/content-policy-basic/rubric.json
curl -s -X POST $API/v1/verify -H "Authorization: Bearer $KEY" -H "Content-Type: application/json" \
-d '{"rubric_id":"<id>","submission":{"inline":"<the content>"},"options":{"wait_ms":30000}}'MCP: `verify_submit { rubric_id, submission: { inline } }` — treat `flagged` as "route to a human". Note the `obfuscated-email` fixture: it documents what the regex layer deliberately does NOT catch.