Skip to main content

Citation Verifier

The citation-verifier policy runs in the output phase. It extracts supported citation patterns, optionally checks RAG context overlap, and records verification details. It blocks only when the output is unverified and output_action.unverified_action is set to block.

Phase and verdicts

  • Phase: output
  • Possible verdicts: allow, block

Configuration

pack:
name: citation-verifier-example
version: 1.0.0
enabled: true
policies:
chain:
- citation-verifier
policy:
citation-verifier:
require_sources: true
require_source_match: true
min_confidence: 0.8
min_groundedness: 0.8
extract_patterns:
- case_law
- academic
- url
- quote
- statistic
rag_context:
verify_against_context: true
min_context_overlap: 0.7
output_action:
unverified_action: block
response:
include_verification_report: true

Supported fields

FieldTypeDefaultNotes
require_sourcesbooleantrueRequires extracted citations when verification runs.
require_source_matchbooleantrueMay also be supplied under verification.require_source_match.
min_confidencenumber0.8Used for claim-confidence checks.
min_groundednessnumber0.8Also serves as a compatibility fallback for rag_context.min_context_overlap.
extract_patternsstring[]['case_law','academic','url','quote','statistic']May also be supplied under verification.extract_patterns.
rag_context.verify_against_contextbooleantrueEnables groundedness evaluation against provided context documents.
rag_context.min_context_overlapnumber0.7Governs the context-overlap threshold.
output_action.unverified_actionflag | redact | blockflagblock is the only setting that changes the verdict; redact does not rewrite output today.
output_action.hallucination_actionblockblockAccepted by the schema but not used by the current evaluator.
external_resolver.endpointstringAccepted by the schema but not called by the current evaluator.
external_resolver.api_keystringLiteral credential metadata for the inactive external resolver path.
external_resolver.timeout_msinteger2000Accepted timeout metadata for the inactive resolver path.
response.include_verification_reportbooleantrueWhen false, result details are reduced to a minimal payload.

How it works

  1. The gateway extracts assistant text from the upstream response.
  2. It reads context documents from the request payload when rag_context.verify_against_context is enabled.
  3. It extracts supported citation patterns from the configured public set.
  4. It computes groundedness and claim-confidence details.
  5. The output is considered verified only when the configured citation/context requirements pass.
  6. The gateway blocks only when the output is unverified and output_action.unverified_action is block.

Important behavior notes

  • The policy does not enforce a separate hallucination_action field.
  • The policy also ignores external_resolver config. Do not rely on it for verification behavior today.
  • Values other than block for output_action.unverified_action do not redact the response body; they keep the verdict as allow and surface verification details.
  • Verified responses include a verification_report unless response.include_verification_report is disabled.

Example scenarios

Block unverified outputs

policy:
citation-verifier:
require_sources: true
require_source_match: true
output_action:
unverified_action: block

Context-only verification with minimal details

policy:
citation-verifier:
require_sources: false
rag_context:
verify_against_context: true
min_context_overlap: 0.7
response:
include_verification_report: false

Best practices

  • Use output_action.unverified_action: block when groundedness is mandatory.
  • Keep require_source_match: true for regulated or citation-sensitive outputs.
  • Provide request-side context documents if you expect context grounding to be part of verification.
  • Keep extract_patterns to the documented public values and rely on request-side context when groundedness matters.

Next steps