API Documentation

Complete guide to integrating Verdic Guard API for AI output validation and semantic drift detection.

What is Verdic Guard?
AI output validation and semantic drift detection system

Verdic Guard is a production-ready Policy Enforcement Engine that validates AI-generated outputs against your Contractual AI Scope and safety requirements. It uses advanced multi-dimensional execution deviation risk analysis to detect semantic drift, hallucination, and policy violations in real-time. All decisions are logged to a comprehensive audit trail for compliance.

Execution Deviation Risk Analysis

9-dimensional execution deviation risk detection including semantic angle, domain matching, topic coherence, and more.

Real-Time Validation

Average response time of 5-7 seconds per validation request with 99.9% uptime SLA.

Production Ready

Handles high-volume validation with rate limiting, error handling, and comprehensive logging.

Secure by Default

API key authentication, PII detection, prompt injection protection, and content moderation.

Getting Started
Set up your API key and start validating AI outputs
1

Sign up for an account

Create your free account at /auth/signup. Free tier includes 1,000 validation credits per month.

2

Create a project

Go to your projects dashboard and create a new project. Define your global intent (what your AI should do) for the project.

3

Generate API key

Visit your API keys dashboard to generate a new API key. Free tier users with credits can generate keys immediately.

4

Start validating

Use your API key to make validation requests. Each validation consumes 1 credit. Check your usage dashboard to monitor consumption.

API Limits & Pricing
Credits, rate limits, and pricing plans

Pricing Plans

PlanMonthly CreditsPriceFeatures
Free1,000$0/monthBasic validation, API access
Starter10,000$29/monthMulti-dimensional analysis, analytics
Pro100,000$99/monthML threshold tuning, SLA, priority support
EnterpriseUnlimitedContact SalesCustom SLA, 24/7 support, dedicated infrastructure

API Call Limits

  • Rate Limit: 100 requests per minute per API key (429 error if exceeded)
  • Credits: Each validation request consumes 1 credit
  • Credits Reset: Monthly credits reset at the start of each billing cycle
  • Timeout: Request timeout is 60 seconds (504 error if exceeded)
  • Response Time: Average 5-7 seconds per validation (can vary based on content complexity)

What Counts as One API Call?

Each successful POST request to /api/validate consumes exactly 1 credit, regardless of:

  • Output text length (though very long outputs may timeout)
  • Validation result (ALLOW or BLOCKED both consume 1 credit)
  • Whether the request was successful or resulted in an error

Failed requests (4xx/5xx errors) do not consume credits, except timeout errors which do consume credits.

API Reference
POST
https://verdic.dev/api/validate

Request Headers

Authorization: Bearer your_api_key_here
Content-Type: application/json
Note: API key must start with "vdk_" prefix

Request Body

{
  "projectId": "uuid-of-your-project",
  "output": "The AI-generated text you want to validate",
  "config": {
    "globalIntent": "Optional: Override project's global intent",
    "threshold": 0.76,
    "allowCode": false,
    "allowCreative": false,
    "allowActionableDetails": true,
    "enableV6": true,
    "enableV7": false,
    "enableV8": false
  }
}

projectId (required): UUID of your project. Get this from your projects dashboard.

output (required): The AI-generated text to validate. Must be a non-empty string with meaningful content (not just whitespace).

config (optional): Configuration overrides. If not provided, uses project's default settings.

  • globalIntent: Override the project's global intent for this validation
  • threshold: Drift threshold (0-1 scale). Lower = stricter. Default: 0.76
  • allowCode: Allow code blocks in output (default: false)
  • allowCreative: Allow creative content (default: false)
  • allowActionableDetails: Allow actionable advice/details (default: false)
  • enableV6: Enable ML predictor for threshold tuning (default: true)
  • enableV7: Enable context tracking (requires conversation history, default: false)
  • enableV8: Enable rotation mode (requires conversation history, default: false)

Response Format

Success Response (status: "OK")

{
  "status": "OK",
  "drift": 0.25,
  "output": "The validated output text"
}

Blocked Response (status: "BLOCKED")

{
  "status": "BLOCKED",
  "reason": "RISKY_CAPABILITY_BLOCKED",
  "detail": "Risky capability 'policy_interpretation' is blocked by policy",
  "hint": "Remove policy interpretation references from the output"
}

Error Response (status: "FAILED")

{
  "status": "FAILED",
  "message": "Validation error: executionConfig is required"
}

status: Overall validation status. One of:

  • "OK" - Output passed validation
  • "BLOCKED" - Output was rejected
  • "FAILED" - Validation error occurred

drift: (OK responses only) Execution deviation risk score (0-1). Lower values indicate better alignment with your ExecutionConfig.

reason: (BLOCKED responses only) High-level reason code (e.g., "RISKY_CAPABILITY_BLOCKED", "ACTIONABILITY_VIOLATION", "DOMAIN_SAFETY").

detail: (BLOCKED responses only) Detailed explanation of why the output was blocked.

hint: (BLOCKED responses, optional) Suggested fix to make the output compliant.

message: (FAILED responses only) Error message describing what went wrong.

Understanding Decisions

ALLOW

Output fully satisfies the validation criteria. Safe to use in production. Status will be "OK".

WARN

Minor concerns detected but output is generally safe. You may want to log this for monitoring. Status will be "OK".

SOFT_BLOCK

Significant drift detected. Output should not be used. Use a fallback response instead. Status will be "BLOCKED".

HARD_BLOCK

Serious violation detected (PII, prompt injection, toxicity, etc.). Output must not be used. Status will be "BLOCKED".

SDK Installation
Install the official Verdic Guard SDK for your language

JavaScript/TypeScript

npm install @verdic/guard-sdk

Zero dependencies. Uses native fetch API. Works in Node.js 18+ and browsers.

Python

pip install verdic-guard

Minimal dependencies. Only requires requests library.

Code Examples
Integration examples using the official SDKs and raw API
// Using @verdic/guard-sdk (recommended)
// npm install @verdic/guard-sdk

const { validate } = require('@verdic/guard-sdk');

// Your ExecutionConfig (from project settings or Contract Composer)
const executionConfig = {
  schemaVersion: "1.0.0",
  domain: "credit_risk",
  audience: "professional",
  output: {
    allowedModalities: ["natural_language", "structured_text"],
    allowExecutableCode: false,
    allowPseudoCode: false,
    allowStructuredData: false
  },
  actionability: "analytical",
  creativity: "low",
  reasoning: "summary",
  dataInteraction: "no_personal_data",
  riskyCapabilities: {
    financial_advice: "blocked",
    credit_eligibility_inference: "blocked",
    pricing_recommendation: "blocked",
    risk_scoring_explanation: "blocked",
    policy_interpretation: "blocked",
    regulatory_advice: "blocked",
    personalized_outcome_prediction: "blocked"
  },
  enforcement: {
    defaultDecision: "HARD_BLOCK",
    logDecisions: true,
    includeReason: true,
    includeAuditTrace: true
  }
};

// Project credentials
const PROJECT_ID = "your-project-uuid";
const API_KEY = "your-api-key"; // Store securely in environment variables

/**
 * Validate AI output before sending to users
 * 
 * @param {string} output - The AI-generated text to validate
 * @returns {Promise<Object>} Validation result with status and details
 */
async function validateAIOutput(output) {
  try {
    const result = await validate({
      apiUrl: 'https://verdic.dev',
      executionConfig,
      output
    });

    if (result.status === 'OK') {
      console.log('✓ Output validated successfully');
      console.log(`  Drift: ${result.drift}`);
      return { allowed: true, output };
    } else if (result.status === 'BLOCKED') {
      console.log('✗ Output blocked by Verdic Guard');
      console.log(`  Reason: ${result.reason}`);
      console.log(`  Detail: ${result.detail}`);
      if (result.hint) {
        console.log(`  Hint: ${result.hint}`);
      }
      return { 
        allowed: false, 
        reason: result.reason,
        fallback: 'I apologize, but I cannot provide that response.' 
      };
    } else {
      console.error('✗ Validation failed:', result.message);
      throw new Error(result.message || 'Validation failed');
    }
  } catch (error) {
    console.error('Validation error:', error);
    throw error;
  }
}

// Example usage
async function example() {
  const aiOutput = "Your AI-generated response here";
  const result = await validateAIOutput(aiOutput);
  
  if (result.allowed) {
    // Safe to send to user
    console.log('Safe output:', result.output);
  } else {
    // Use fallback response
    console.log('Using fallback:', result.fallback);
  }
}

example();
Validation Features
What Verdic Guard validates in your AI outputs

1. Semantic Drift Detection

Multi-dimensional analysis detects when outputs drift from your defined global intent. Uses 9 dimensions including semantic angle, domain matching, and topic coherence.

2. PII Detection

Automatically detects and blocks Personally Identifiable Information (email addresses, phone numbers, SSN, credit cards, etc.) before it reaches users.

3. Prompt Injection Protection

Detects and blocks prompt injection attempts, SQL injection, XSS attacks, and other adversarial inputs that could manipulate your AI system.

4. Content Moderation

Integrates with OpenAI's moderation API to detect hate speech, violence, self-harm content, and other unsafe material.

5. Modality Validation

Ensures outputs match expected format (text, code, structured data) and enforces content type constraints defined in your project configuration.

6. Intent Alignment

Validates that outputs align with your project's global intent using advanced embedding-based semantic analysis with configurable strictness thresholds.

Error Handling
Common errors and how to handle them

401
Unauthorized

Your API key is invalid or missing.

  • Check that you're including the Authorization header with "Bearer" prefix
  • Verify your API key is correct and hasn't been revoked
  • Ensure you have an active subscription or available credits (free tier)

403
Forbidden / Insufficient Credits

You've exceeded your credit limit.

  • Check your usage on the dashboard at /dashboard/usage
  • Upgrade your plan at /pricing for more credits
  • Wait for credits to reset at the start of your billing cycle
  • Free tier: Credits reset monthly

404
Project Not Found

The project ID doesn't exist or you don't have access.

  • Verify the projectId is correct (get it from /dashboard/projects)
  • Ensure the project belongs to your account
  • Check that the project hasn't been deleted

429
Too Many Requests (Rate Limited)

You're making requests too quickly.

  • Limit: 100 requests per minute per API key
  • Implement exponential backoff in your retry logic
  • Reduce request rate or add delays between batches
  • Consider caching validation results for identical outputs

504
Request Timeout

Validation request took longer than 60 seconds.

  • Timeout limit: 60 seconds per request
  • Average response time: 5-7 seconds (can vary)
  • Retry the request (timeouts are rare but can occur under heavy load)
  • Check our status page if timeouts persist

500
Internal Server Error

Something went wrong on our end.

  • Retry your request after a short delay
  • Check our status page for any ongoing incidents
  • Contact support at hello@verdic.dev if the issue persists
  • Include the requestId from the error response in your support ticket
Best Practices
Tips for optimal usage and integration

1. Define Clear Global Intent

Your project's global intent is critical for accurate validation. Be specific about what your AI should do. Example: "Provide helpful customer support responses for a SaaS product" is better than "Be helpful."

2. Handle Errors Gracefully

Always implement fallback responses when validation fails. Use the decision field for granular control (ALLOW, WARN, SOFT_BLOCK, HARD_BLOCK) but have a default fallback for all blocked cases.

3. Monitor Your Usage

Regularly check your usage dashboard to track credit consumption. Set up alerts if you're approaching your limit. Consider upgrading before you run out of credits in production.

4. Implement Retry Logic

Use exponential backoff for retries. Handle 429 (rate limit) and 504 (timeout) errors with increasing delays. Never retry on 401, 403, or 404 errors without fixing the underlying issue.

5. Cache When Appropriate

For identical outputs, consider caching validation results to save credits. However, be careful with time-sensitive content that might change in meaning over time.

6. Test Before Production

Use the free tier or a test project to validate your integration before deploying to production. Test various outputs including edge cases to understand how the guard behaves with your content.

Need Help?
Get support and stay updated

Support Channels

Additional Resources

  • Dashboard: /dashboard - Manage projects, API keys, and view usage
  • How It Works: /how-it-works - Learn about validation mechanisms
  • Pricing: /pricing - View plans and upgrade options