verdict_provider
Optional bridge to external deterministic detector providers.
What it mitigates
- Threats detected by specialized external classifiers
- Content categories outside local regex/rule coverage
- Provider-backed deny decisions with confidence thresholds
Recommended defaults
| Profile | enabled | minConfidence | onProviderError |
|---|---|---|---|
local | optional | 0.9 | deny |
standard | optional | 0.9 | alert |
unbounded | optional | 0.95 | alert |
Minimal config
moduleConfig:
verdict_provider:
enabled: true
minConfidence: 0.9
onProviderError: alert
timeoutMs: 3000
providers:
- type: lakera
apiKey: "${LAKERA_API_KEY}"Design guidance
- Keep this module opt-in and place it before
approval_gate. - Use deterministic fail behavior (
onProviderError) per environment risk. - Treat provider latency budget (
timeoutMs) as part of your SLO.