Skip to main content

get_creative_features

Evaluates a creative manifest and returns feature values from a creative governance agent.

Use cases

  • Security scanning: Detect malware, auto-redirects, credential harvesting, cloaking
  • Creative quality: Evaluate brand consistency, platform optimization, guideline adherence
  • Content categorization: Classify creative content against IAB Content Taxonomy or other standards
  • Accessibility: Check WCAG compliance, screen reader compatibility

Request

Parameters

Authentication when used as a build evaluator

get_creative_features is also the evaluator contract used when build_creative.evaluator.agent_url or build_creative.evaluator.feature_agent.agent_url points at an external evaluator. In that flow, the creative/seller agent is the caller and the evaluator authenticates it on the transport: RFC 9421 request signing with JWKS discovery is preferred, and mTLS or a pre-provisioned Bearer/API-key credential are acceptable when both parties have arranged them. The request payload is not an authentication channel. Evaluators MUST NOT treat agent_url, account, context, ext, or fields inside creative_manifest as proof of caller identity, and callers MUST NOT put evaluator credentials or caller-supplied trust material in those fields. Credential- or trust-material payload keys such as api_key, client_secret, bearer, authorization, jwk, jwks, or jwks_uri are non-conforming and should be rejected with CREDENTIAL_IN_ARGS. After authenticating the transport, the evaluator maps the caller to its allowed creative agent/account configuration. A request signed by, or carrying credentials for, an unrecognized creative agent should fail authentication or authorization; it should not be accepted because the payload names an expected account. When this call was initiated by build_creative and the evaluator is unreachable or rejects the producing agent’s transport authentication, the buyer-visible build should fall back to seller-default ranking with an advisory errors[] note rather than failing solely because evaluation was unavailable.

Response

Response fields

feature_ids filters results[]; audit_observations[] may still appear when the submitted provenance itself is audit-worthy. OVERSIGHT_DISCLOSURE_CARVEOUT_CLAIMED fires when human_oversight is edited or directed and disclosure.required is false; verifier observations such as observed_value and confidence are optional audit context.

Error response

Async evaluation

Some evaluations (e.g., sandboxed malware scanning) take time. The agent returns status: "working" and delivers results via webhook when complete. This uses the standard async task pattern — no custom status values needed.

Orchestrator logic

The orchestrator applies feature requirements on the client side, the same way property list feature requirements work:

Relationship to property governance

Creative governance follows the same pattern as property governance: