get_creative_features
Evaluates a creative manifest and returns feature values from a creative governance agent.Use cases
- Security scanning: Detect malware, auto-redirects, credential harvesting, cloaking
- Creative quality: Evaluate brand consistency, platform optimization, guideline adherence
- Content categorization: Classify creative content against IAB Content Taxonomy or other standards
- Accessibility: Check WCAG compliance, screen reader compatibility
Request
Parameters
Authentication when used as a build evaluator
get_creative_features is also the evaluator contract used when build_creative.evaluator.agent_url or build_creative.evaluator.feature_agent.agent_url points at an external evaluator. In that flow, the creative/seller agent is the caller and the evaluator authenticates it on the transport: RFC 9421 request signing with JWKS discovery is preferred, and mTLS or a pre-provisioned Bearer/API-key credential are acceptable when both parties have arranged them.
The request payload is not an authentication channel. Evaluators MUST NOT treat agent_url, account, context, ext, or fields inside creative_manifest as proof of caller identity, and callers MUST NOT put evaluator credentials or caller-supplied trust material in those fields. Credential- or trust-material payload keys such as api_key, client_secret, bearer, authorization, jwk, jwks, or jwks_uri are non-conforming and should be rejected with CREDENTIAL_IN_ARGS.
After authenticating the transport, the evaluator maps the caller to its allowed creative agent/account configuration. A request signed by, or carrying credentials for, an unrecognized creative agent should fail authentication or authorization; it should not be accepted because the payload names an expected account.
When this call was initiated by build_creative and the evaluator is unreachable or rejects the producing agent’s transport authentication, the buyer-visible build should fall back to seller-default ranking with an advisory errors[] note rather than failing solely because evaluation was unavailable.
Response
Response fields
feature_ids filters results[]; audit_observations[] may still appear when the submitted provenance itself is audit-worthy. OVERSIGHT_DISCLOSURE_CARVEOUT_CLAIMED fires when human_oversight is edited or directed and disclosure.required is false; verifier observations such as observed_value and confidence are optional audit context.
Error response
Async evaluation
Some evaluations (e.g., sandboxed malware scanning) take time. The agent returnsstatus: "working" and delivers results via webhook when complete. This uses the standard async task pattern — no custom status values needed.