JSON Report Contract Proposal
Published Confluence page for Project Palisade.
Confluence page ID:
6104645647Parent folder ID:6018662571Remote version:1Last remote update:2026-07-01T13:46:21.984ZSync status: Published to Confluence.
Purpose
This document proposes the first JSON report shape for Palisade guardrail results.
The report is the primary contract returned by Palisade. A remediated output may be returned as a separate payload or artifact reference, but the report explains whether the input was compliant, what domains were evaluated, what was detected, and what changed during remediation.
This is a concrete example for discussion, not a final strict API schema.
Contract Principles
- The first field shown in examples is
compliant. compliant: truemeans the evaluated input/output is acceptable under the selected policy profile.compliant: falsemeans at least one required domain failed or the final remediation did not pass policy.verdictuses the existing Palisade vocabulary:allow,flag,remediate, orblock.- Domain results should be structured enough for deterministic validation and LLM-as-judge evaluation.
- Evidence should identify what was detected without exposing unnecessary sensitive content.
- Remediation details should explain what was fine, what changed, and whether the remediated output passed the follow-up check.
Example Report
{
"compliant": false,
"report_id": "report_01HV7PalisadeExample",
"schema_version": "0.1.0-proposal",
"execution_id": "exec_2026_07_01_000123",
"conversation_id": "conv_optional_456",
"created_at": "2026-07-01T12:00:00Z",
"application": {
"app_id": "libre-assist",
"environment": "pilot"
},
"policy_profile": {
"profile_id": "libre-assist-base-v0",
"profile_version": "0.1.0",
"mode": "shadow"
},
"input": {
"modality": "text",
"content_ref": "request.input[0]",
"normalized_artifacts": [
{
"artifact_id": "norm_text_001",
"type": "normalized_text",
"returned_to_caller": false
}
]
},
"verdict": "remediate",
"summary": "The request is mostly acceptable, but one domain requires redaction before the content can be returned.",
"domains": {
"violence": {
"compliant": true,
"detected": false,
"severity": "none",
"reason": "No violent threat, instruction, or graphic violent content was detected.",
"evidence": [],
"action": "allow"
},
"pii": {
"compliant": false,
"detected": true,
"severity": "medium",
"reason": "The input contains a direct email address that should not be retained in the final response.",
"evidence": [
{
"type": "entity",
"label": "EMAIL",
"location": "input.text[42:61]",
"safe_excerpt": "{EMAIL}"
}
],
"action": "remediate"
},
"medical_advice": {
"compliant": true,
"detected": false,
"severity": "none",
"reason": "No diagnosis, treatment change, dosing change, or clinical instruction was detected.",
"evidence": [],
"action": "allow"
}
},
"remediation": {
"eligible": true,
"applied": true,
"strategy": "text_redaction",
"summary": "The email address was replaced with a neutral placeholder.",
"what_was_fine": [
"The request intent was within the allowed product-support scope.",
"No unsafe medical instruction was detected."
],
"what_changed": [
{
"domain": "pii",
"change_type": "redaction",
"before": "{EMAIL}",
"after": "[redacted email]"
}
],
"output_ref": "remediation.output.text",
"post_remediation": {
"checked": true,
"compliant": true,
"verdict": "allow",
"reason": "The remediated output no longer contains the detected email address."
}
},
"module_results": [
{
"module_id": "pii-redaction-v0",
"module_type": "deterministic",
"version": "0.1.0",
"domains": ["pii"],
"verdict": "remediate",
"confidence": 0.98
}
],
"telemetry": {
"latency_ms": 184,
"model_calls": 0,
"policy_cache_hit": true
}
}
Domain Result Shape
Each evaluated domain should use the same basic fields:
| Field | Purpose |
|---|---|
compliant | Domain-level pass/fail under the selected policy |
detected | Whether the module detected the domain at all |
severity | Suggested values: none, low, medium, high, critical |
reason | Short human-readable explanation |
evidence | Bounded evidence, offsets, labels, references, or safe excerpts |
action | Suggested action: allow, flag, remediate, or block |
Remediation Result Shape
The remediation object should explain both the decision and the final result:
| Field | Purpose |
|---|---|
eligible | Whether policy permits remediation for this finding |
applied | Whether remediation actually ran |
strategy | Strategy used, such as text_redaction, image_blur, or audio_mute |
summary | One-sentence summary of the remediation |
what_was_fine | Parts of the content that did not need changes |
what_changed | Specific changes made, using safe placeholders when needed |
output_ref | Reference to the separate remediated output payload or artifact |
post_remediation | Follow-up safety check result for the remediated output |
Notes
- JSON object order is for readability in this proposal. Implementations should not rely on key order.
- The report should avoid raw PHI, credentials, secrets, or full sensitive snippets unless explicitly approved for a controlled environment.
- If remediation fails or is not eligible,
remediation.appliedshould befalseand no remediated output should be returned. - For multimodal requests,
input.normalized_artifactscan include transcripts, image derivatives, OCR output, or sampled video frames when policy allows them.