Verification Engine
See how the verification engine fact-checks AI content against your knowledge base — through a real scenario of a consultant who uses an AI assistant for email, tickets, and client communications.
The Problem
Sarah runs a consulting business. She uses an AI personal assistant to help with daily tasks: drafting client emails, responding to support tickets, scheduling meetings, and managing her CRM.
The problem? Her assistant is too powerful without guardrails:
- It once sent a client email quoting the wrong project rate ($75/hr instead of $150/hr)
- It replied to a support ticket with a refund policy that doesn't exist
- It almost sent a proposal to the wrong client with confidential pricing from another project
- It scheduled a call outside her business hours when she was on vacation
Sarah needs her AI assistant to be useful but safe. She wants to approve high-stakes actions, block dangerous ones automatically, and make sure any client-facing text is verified against her actual documents.
The Solution: GroundTruth as a Safety Layer
Instead of letting her assistant call external APIs directly, Sarah routes every action through GroundTruth's execute endpoint:
Step 1: Upload Her Knowledge Base
Sarah uploads her key business documents to the Library:
Rate Card 2025.pdf
Hourly rates, project minimums, retainer pricing
Client Policies.docx
Refund policy, cancellation terms, SLAs
Service Descriptions.md
What each consulting package includes
FAQ Responses.txt
Pre-approved answers to common client questions
Now when her assistant drafts an email mentioning "$75/hr", GroundTruth checks it against the Rate Card and flags the discrepancy.
Step 2: Create Safety Policies
Sarah creates five policies that match her risk tolerance. Here's how they look in the Policies dashboard:
Block unverified content
send_email, reply_ticket · Risk score > 50%
Business hours only
send_email, reply_ticket · Outside 9:00 AM – 6:00 PM
Review external emails
send_email · Recipient ≠ @sarahconsulting.com
Review pricing mentions
send_email, reply_ticket · Content matches "$\\d+"
No competitor mentions
All actions · Content matches competitor names
How policies are evaluated
- Policies are checked in priority order (highest first)
- Block decisions always override escalate or allow
- All conditions in a policy must match (AND logic)
- If no policies match, the action is auto-approved
Step 3: Wire Up the Assistant
Sarah adds a wrapper so every assistant action goes through GroundTruth. Here's the key integration code:
import requests
GROUNDTRUTH_URL = "https://app.groundtruth.dev/api/execute"
GROUNDTRUTH_KEY = "hg_sk_sarah_key"
def safe_execute(action: str, params: dict, content: str = None,
channel: str = None):
payload = {
"action": action,
"channel": channel,
"params": params,
"context": { "agent": "sarah-assistant", "userId": "sarah" }
}
if content:
payload["content"] = content
response = requests.post(
GROUNDTRUTH_URL,
headers={"Authorization": f"Bearer {GROUNDTRUTH_KEY}"},
json=payload
)
return response.json()
# Example: send a client email
result = safe_execute(
action="send_email",
channel="email",
params={
"to": "client@acme.com",
"subject": "Project Update - March",
"body": "Hi Tom, our rate remains $150/hr as agreed."
},
content="Our rate remains $150/hr as agreed."
)
# result["decision"] → "approved" | "escalated" | "blocked"Step 4: A Day in Sarah's Life
Here's a typical day with the safety layer active. Each scenario shows exactly which policy fired and the specific condition that triggered it.
Key concept: Policies trigger on conditions, not just risk
Risk score measures whether the AI's content is factually correct against your knowledge base. But policies can also trigger on other conditions — like who the recipient is, what time it is, or whether the message mentions money. A message can be 100% accurate (low risk) and still require approval because of who it's being sent to.
Content submitted:
"You can cancel anytime with a full refund."
Policy: Block unverified content
Condition: risk_score > 0.5 — The assistant fabricated a refund policy. Risk 72% exceeds the 50% threshold. Action blocked automatically.
Suggested rewrite (from KB):
"You can cancel with 30 days written notice. Please note that fees for work already completed are non-refundable."
To: tom@acme.com
"Hi Tom, milestone 3 is complete. I'll send the deliverables by Friday."
Policy: Review external emails
Condition: recipient ≠ @sarahconsulting.com — The content is accurate (risk only 8%), but tom@acme.com is an external address. Sarah wants to personally review all outgoing emails to people outside her company, regardless of risk score.
To: prospect@newcorp.com
"My consulting rate is $150/hr with a minimum 10-hour engagement."
Policy: Review pricing mentions
Condition: content matches "$\d+" — The rate $150/hr is correct per the Rate Card (risk only 5%). But Sarah's policy says any message mentioning a dollar amount needs her sign-off — she once had the AI quote $75/hr by mistake and never wants that to happen again.
No policies matched. This is an internal webhook to update a CRM deal stage — no text content to verify, no email recipient to check, not a blocked action type. When no policies match, GroundTruth auto-approves and executes immediately.
Policy: Business hours only
Condition: time outside 09:00–18:00 — The email content might be perfect, but 7:30 PM is outside business hours. Sarah doesn't want any automated emails going out in the evening. The assistant will retry tomorrow morning.
Step 5: End-of-Day Review
Sarah opens the Execution Log to see everything her assistant did today:
7 actions attempted, 3 approved, 2 blocked, 2 escalated (then approved after review). Zero wrong information sent to clients.
Results
0
Wrong info sent to clients
2
Caught before sending
3 hrs
Saved per day on routine tasks
Sarah's takeaway:
"Before GroundTruth, I was nervous every time my assistant sent an email. Now I have the perfect balance — routine stuff goes through automatically, and anything that involves money, new clients, or policy claims gets flagged for me to review. It's like having a really smart assistant with a really cautious compliance officer watching over its shoulder."
Build Your Own
You can replicate Sarah's setup in about 15 minutes:
Upload your knowledge base
Rate cards, policies, FAQs — anything your assistant might reference. Go to Library.
Create your policies
Start with: block high risk, escalate external communications, block outside hours. Go to Policies.
Get your API key
Go to Settings and create a key. Configure your assistant to call POST /api/execute for every external action.
Monitor and refine
Check the Execution Log daily. Review Approvals as they come in. Adjust policies as you learn.