第2095篇：AI内容审核的工程实现——多层防线的设计与落地

适读人群：需要构建内容安全体系的工程师 | 阅读时长：约20分钟 | 核心价值：掌握规则引擎、分类模型、LLM审核三层防线的组合策略，以及如何在准确率和吞吐量之间取得平衡

内容审核是AI应用里最容易被低估的工程问题。

早期我们做一个用户生成内容的平台，老板说"接个审核API不就完了"。结果：API延迟800ms拖慢了发布体验，费用每月几万块，遇到突发流量还有限流问题。更麻烦的是，第三方API的误判你没法干预，用户投诉过来你连日志都不知道去哪找。

内容审核不是一个API能解决的问题，它需要分层设计：高速的规则层处理明显违规，模型层处理语义违规，LLM作为最后的精审手段。这三层组合起来才能在成本、速度、精度之间找到平衡。

---

审核体系架构

---

第一层：规则引擎

/**
 * 规则引擎
 * 
 * 处理最明显的违规：精确关键词、黑名单账号、格式异常
 * 要求：<1ms延迟，不能影响正常发布体验
 */
@Service
@Slf4j
public class RuleBasedModerationEngine {
    
    // 敏感词使用Aho-Corasick算法，比逐个正则快100倍
    private final AhoCorasickMatcher sensitiveWordMatcher;
    
    // 黑名单用HashSet，O(1)查找
    private final Set<String> blacklistedUsers;
    private final Set<String> blacklistedUrls;
    
    // 正则规则（用于特定模式，如身份证/手机号泄露）
    private final List<RulePattern> regexRules;
    
    public RuleBasedModerationEngine(ModerationConfig config) {
        // 加载词库
        this.sensitiveWordMatcher = buildAhoCorasick(config.getSensitiveWords());
        this.blacklistedUsers = new HashSet<>(config.getBlacklistedUserIds());
        this.blacklistedUrls = new HashSet<>(config.getBlacklistedDomains());
        
        // 初始化正则规则
        this.regexRules = List.of(
            new RulePattern("手机号泄露",
                Pattern.compile("(?<!\\d)(1[3-9]\\d{9})(?!\\d)"),
                RiskLevel.MEDIUM),
            new RulePattern("身份证泄露",
                Pattern.compile("\\d{17}[\\dXx]"),
                RiskLevel.HIGH),
            new RulePattern("银行卡号",
                Pattern.compile("(?:\\d{4}[- ]){3}\\d{4}"),
                RiskLevel.HIGH),
            new RulePattern("恶意链接模式",
                Pattern.compile("bit\\.ly|tinyurl\\.com|t\\.cn/[A-Za-z0-9]+"),
                RiskLevel.MEDIUM)
        );
        
        log.info("规则引擎加载完成: 敏感词={}个, 黑名单用户={}个",
            config.getSensitiveWords().size(), blacklistedUsers.size());
    }
    
    /**
     * 规则审核
     */
    public RuleCheckResult check(ModerationRequest request) {
        List<RuleViolation> violations = new ArrayList<>();
        
        // 1. 黑名单用户直接拦截
        if (blacklistedUsers.contains(request.getUserId())) {
            return RuleCheckResult.blocked("用户已被封禁", RiskLevel.HIGH, List.of());
        }
        
        String content = request.getContent();
        
        // 2. 敏感词匹配
        List<String> hitWords = sensitiveWordMatcher.findAll(content);
        if (!hitWords.isEmpty()) {
            violations.add(new RuleViolation("敏感词", hitWords, RiskLevel.HIGH));
        }
        
        // 3. 正则规则
        for (RulePattern rule : regexRules) {
            Matcher matcher = rule.pattern().matcher(content);
            List<String> matches = new ArrayList<>();
            while (matcher.find()) {
                matches.add(matcher.group());
            }
            if (!matches.isEmpty()) {
                violations.add(new RuleViolation(rule.name(), matches, rule.riskLevel()));
            }
        }
        
        // 4. URL黑名单检测
        extractUrls(content).stream()
            .filter(url -> isBlacklistedDomain(url))
            .forEach(url -> violations.add(
                new RuleViolation("黑名单URL", List.of(url), RiskLevel.HIGH)));
        
        // 5. 内容长度异常（超长内容可能是洗版/刷屏）
        if (content.length() > 10000) {
            violations.add(new RuleViolation("内容过长", List.of(), RiskLevel.LOW));
        }
        
        if (violations.isEmpty()) {
            return RuleCheckResult.pass();
        }
        
        // 取最高风险级别
        RiskLevel maxRisk = violations.stream()
            .map(RuleViolation::riskLevel)
            .max(Comparator.comparingInt(RiskLevel::getLevel))
            .orElse(RiskLevel.LOW);
        
        if (maxRisk == RiskLevel.HIGH) {
            return RuleCheckResult.blocked("命中高风险规则", maxRisk, violations);
        } else {
            // 中低风险：不直接拦截，交给下一层
            return RuleCheckResult.suspicious(maxRisk, violations);
        }
    }
    
    private List<String> extractUrls(String content) {
        // 简化的URL提取
        Pattern urlPattern = Pattern.compile(
            "https?://[\\w\\-._~:/?#\\[\\]@!$&'()*+,;=%]+");
        Matcher m = urlPattern.matcher(content);
        List<String> urls = new ArrayList<>();
        while (m.find()) urls.add(m.group());
        return urls;
    }
    
    private boolean isBlacklistedDomain(String url) {
        return blacklistedUrls.stream().anyMatch(url::contains);
    }
    
    private AhoCorasickMatcher buildAhoCorasick(List<String> words) {
        // 实际实现使用 org.ahocorasick:ahocorasick 库
        // 这里用接口示意
        return new AhoCorasickMatcher(words);
    }
    
    public enum RiskLevel {
        LOW(1), MEDIUM(2), HIGH(3);
        
        private final int level;
        RiskLevel(int level) { this.level = level; }
        public int getLevel() { return level; }
    }
    
    public record RulePattern(String name, Pattern pattern, RiskLevel riskLevel) {}
    public record RuleViolation(String ruleName, List<String> evidence, RiskLevel riskLevel) {}
    
    public record RuleCheckResult(
        boolean shouldBlock, boolean isSuspicious, 
        String reason, RiskLevel riskLevel, List<RuleViolation> violations
    ) {
        static RuleCheckResult pass() { 
            return new RuleCheckResult(false, false, null, RiskLevel.LOW, List.of()); 
        }
        static RuleCheckResult blocked(String reason, RiskLevel level, List<RuleViolation> v) { 
            return new RuleCheckResult(true, false, reason, level, v); 
        }
        static RuleCheckResult suspicious(RiskLevel level, List<RuleViolation> v) { 
            return new RuleCheckResult(false, true, null, level, v); 
        }
    }
}

---

第二层：分类模型审核

/**
 * 本地ONNX分类模型
 * 
 * 处理语义层面的违规：攻击性言论、有害内容、垃圾信息
 * 本地推理，延迟5-15ms，不依赖外部服务
 */
@Service
@RequiredArgsConstructor
@Slf4j
public class ModelBasedModerationService {
    
    private final LocalEmbeddingService embeddingService;
    private final TextClassificationService classificationService;
    
    /**
     * 多维度分类审核
     * 
     * 通常需要多个分类模型：
     * - 毒性检测模型（攻击性言论、仇恨言论）
     * - 垃圾信息模型（广告、刷量内容）
     * - NSFW模型（不适宜内容）
     */
    public ModelCheckResult check(String content) {
        
        List<CategoryScore> categoryScores = new ArrayList<>();
        
        try {
            // 毒性分类（假设模型有 toxic/non-toxic 两类）
            var toxicResult = classificationService.classify(content);
            if ("toxic".equals(toxicResult.label())) {
                categoryScores.add(new CategoryScore("毒性内容", toxicResult.confidence()));
            }
            
            // 垃圾信息分类
            var spamResult = classifySpam(content);
            if (spamResult.isSpam()) {
                categoryScores.add(new CategoryScore("垃圾信息", spamResult.confidence()));
            }
            
        } catch (Exception e) {
            log.error("模型审核失败，降级通过: {}", e.getMessage());
            // 模型失败不能阻塞发布流程，降级放行让LLM层处理
            return ModelCheckResult.degraded();
        }
        
        if (categoryScores.isEmpty()) {
            return ModelCheckResult.pass();
        }
        
        // 取最高置信度
        double maxConfidence = categoryScores.stream()
            .mapToDouble(CategoryScore::confidence)
            .max().orElse(0);
        
        if (maxConfidence >= 0.85) {
            return ModelCheckResult.highRisk(categoryScores);
        } else if (maxConfidence >= 0.60) {
            return ModelCheckResult.mediumRisk(categoryScores);
        } else {
            // 置信度低，不确定，交给LLM
            return ModelCheckResult.uncertain(categoryScores);
        }
    }
    
    /**
     * 垃圾信息特征提取+分类
     * 
     * 垃圾信息有很多规律性特征，用简单规则+模型组合效果更好
     */
    private SpamClassificationResult classifySpam(String content) throws Exception {
        
        // 特征提取
        SpamFeatures features = extractSpamFeatures(content);
        
        // 先用规则快速判断明显的垃圾信息
        if (features.repeatCharRatio() > 0.3) {
            return new SpamClassificationResult(true, 0.95f, "重复字符过多");
        }
        if (features.emojiRatio() > 0.2) {
            return new SpamClassificationResult(true, 0.90f, "表情符号过多");
        }
        if (features.urlCount() > 3) {
            return new SpamClassificationResult(true, 0.88f, "链接过多");
        }
        
        // 不确定的走模型
        var result = classificationService.classify(content);
        boolean isSpam = "spam".equals(result.label());
        return new SpamClassificationResult(isSpam, result.confidence(), "模型判断");
    }
    
    private SpamFeatures extractSpamFeatures(String content) {
        int len = content.length();
        if (len == 0) return new SpamFeatures(0, 0, 0);
        
        // 重复字符比例
        long repeatChars = IntStream.range(1, len)
            .filter(i -> content.charAt(i) == content.charAt(i-1))
            .count();
        double repeatRatio = (double) repeatChars / len;
        
        // emoji比例（简化：统计特殊unicode区间）
        long emojiCount = content.codePoints()
            .filter(cp -> cp >= 0x1F300 && cp <= 0x1FFFF)
            .count();
        double emojiRatio = (double) emojiCount / len;
        
        // URL数量
        long urlCount = Pattern.compile("https?://")
            .matcher(content).results().count();
        
        return new SpamFeatures(repeatRatio, emojiRatio, (int) urlCount);
    }
    
    public record CategoryScore(String category, double confidence) {}
    public record SpamFeatures(double repeatCharRatio, double emojiRatio, int urlCount) {}
    public record SpamClassificationResult(boolean isSpam, float confidence, String reason) {}
    
    public record ModelCheckResult(
        boolean isHighRisk, boolean isMediumRisk, boolean isUncertain,
        boolean isDegraded, List<CategoryScore> scores
    ) {
        static ModelCheckResult pass() { 
            return new ModelCheckResult(false, false, false, false, List.of()); 
        }
        static ModelCheckResult highRisk(List<CategoryScore> s) { 
            return new ModelCheckResult(true, false, false, false, s); 
        }
        static ModelCheckResult mediumRisk(List<CategoryScore> s) { 
            return new ModelCheckResult(false, true, false, false, s); 
        }
        static ModelCheckResult uncertain(List<CategoryScore> s) { 
            return new ModelCheckResult(false, false, true, false, s); 
        }
        static ModelCheckResult degraded() { 
            return new ModelCheckResult(false, false, false, true, List.of()); 
        }
    }
}

---

第三层：LLM精审

/**
 * LLM语义精审
 * 
 * 用于：模型层不确定的内容、中等风险内容的二次确认
 * 延迟：200-500ms（只有少量内容走到这一层）
 */
@Service
@RequiredArgsConstructor
@Slf4j
public class LlmModerationService {
    
    private final ChatLanguageModel llm;
    
    private static final String MODERATION_PROMPT_TEMPLATE = """
        你是一个内容审核专家。请判断以下用户提交的内容是否违规。
        
        违规类型包括：
        1. 攻击性/仇恨言论（针对特定群体的攻击）
        2. 骚扰/霸凌（针对个人的恶意攻击）
        3. 有害信息（传播错误医疗信息、诈骗内容等）
        4. 隐私泄露（他人的个人信息）
        5. 违法内容（赌博、传销、违禁品等）
        
        **重要规则**：
        - 对正常的批评、投诉、负面评价，不要判为违规
        - 对政治话题的正常讨论，不要判为违规
        - 只有明确违反上述5类的内容才判违规
        - 你的判断会影响真实用户的内容是否被删除，请谨慎
        
        用户提交的内容：
        ---
        %s
        ---
        
        请用JSON格式回复：
        {
          "violation": true/false,
          "confidence": 0.0-1.0,
          "category": "违规类型名称（如果violation=true）",
          "reason": "判断理由（1-2句话）"
        }
        
        只返回JSON，不要其他文字。
        """;
    
    /**
     * LLM精审
     */
    public LlmCheckResult check(String content, List<String> previousViolationHints) {
        
        String prompt = String.format(MODERATION_PROMPT_TEMPLATE, 
            truncateContent(content, 2000));
        
        // 如果有前两层的违规线索，加入提示
        if (!previousViolationHints.isEmpty()) {
            prompt += "\n\n补充信息：前置检测发现以下可疑点，供参考：\n" + 
                String.join("\n", previousViolationHints);
        }
        
        try {
            String response = llm.generate(prompt);
            return parseLlmResponse(response, content);
            
        } catch (Exception e) {
            log.error("LLM审核调用失败: {}", e.getMessage());
            // LLM失败时降级：保守策略，送人工审核
            return LlmCheckResult.failed();
        }
    }
    
    /**
     * 解析LLM返回的JSON结果
     * 
     * LLM的JSON输出有时不干净，需要容错处理
     */
    private LlmCheckResult parseLlmResponse(String response, String content) {
        try {
            // 提取JSON部分（LLM有时会在前后加多余文字）
            String json = extractJson(response);
            
            ObjectMapper mapper = new ObjectMapper();
            JsonNode node = mapper.readTree(json);
            
            boolean violation = node.path("violation").asBoolean(false);
            double confidence = node.path("confidence").asDouble(0.5);
            String category = node.path("category").asText("");
            String reason = node.path("reason").asText("");
            
            return new LlmCheckResult(violation, confidence, category, reason, false);
            
        } catch (Exception e) {
            log.warn("LLM响应解析失败: response={}, error={}", response, e.getMessage());
            // 解析失败时保守处理：送人工
            return LlmCheckResult.failed();
        }
    }
    
    private String extractJson(String response) {
        // 找第一个{到最后一个}
        int start = response.indexOf('{');
        int end = response.lastIndexOf('}');
        if (start >= 0 && end > start) {
            return response.substring(start, end + 1);
        }
        return response;
    }
    
    private String truncateContent(String content, int maxLen) {
        if (content.length() <= maxLen) return content;
        return content.substring(0, maxLen) + "...[截断]";
    }
    
    public record LlmCheckResult(
        boolean violation, double confidence, 
        String category, String reason, boolean failed
    ) {
        static LlmCheckResult failed() {
            return new LlmCheckResult(false, 0, "", "LLM审核失败，送人工复核", true);
        }
    }
}

---

三层防线编排

/**
 * 内容审核编排器
 * 
 * 统筹三层防线，决定最终处置动作
 */
@Service
@RequiredArgsConstructor
@Slf4j
public class ContentModerationOrchestrator {
    
    private final RuleBasedModerationEngine ruleEngine;
    private final ModelBasedModerationService modelService;
    private final LlmModerationService llmService;
    private final HumanReviewQueue humanReviewQueue;
    private final ModerationAuditLogger auditLogger;
    
    /**
     * 完整审核流程
     * 
     * 平均延迟分布（实测）：
     * - 70%的内容：<1ms（规则层直接放行）
     * - 20%的内容：1-15ms（规则+模型层）
     * - 8%的内容：15-500ms（走到LLM层）
     * - 2%的内容：进人工审核队列（异步）
     */
    public ModerationDecision moderate(ModerationRequest request) {
        long startMs = System.currentTimeMillis();
        ModerationContext ctx = new ModerationContext(request);
        
        try {
            // === 第一层：规则引擎 ===
            var ruleResult = ruleEngine.check(request);
            ctx.setRuleResult(ruleResult);
            
            if (ruleResult.shouldBlock()) {
                // 高置信度违规，直接拦截
                return finalize(ctx, Action.BLOCK, "规则命中: " + ruleResult.reason(), startMs);
            }
            
            // 即使规则通过，如果有可疑信号也继续深入检测
            if (!ruleResult.isSuspicious() && isLowRiskContent(request)) {
                // 完全正常的内容，跳过模型层（节省资源）
                return finalize(ctx, Action.ALLOW, "规则检查通过", startMs);
            }
            
            // === 第二层：模型审核 ===
            var modelResult = modelService.check(request.getContent());
            ctx.setModelResult(modelResult);
            
            if (modelResult.isHighRisk() && !modelResult.isDegraded()) {
                // 模型高置信度违规
                return finalize(ctx, Action.BLOCK, "模型检测违规", startMs);
            }
            
            if (!modelResult.isMediumRisk() && !modelResult.isUncertain() 
                    && !modelResult.isDegraded()) {
                // 模型判为正常，放行
                return finalize(ctx, Action.ALLOW, "模型检查通过", startMs);
            }
            
            // === 第三层：LLM精审 ===
            // 只有中等风险/不确定的内容才走到这里
            List<String> hints = buildHintsForLlm(ruleResult, modelResult);
            var llmResult = llmService.check(request.getContent(), hints);
            ctx.setLlmResult(llmResult);
            
            if (llmResult.failed()) {
                // LLM失败，送人工
                humanReviewQueue.enqueue(request, ctx, "LLM审核失败");
                return finalize(ctx, Action.PENDING_REVIEW, "等待人工审核", startMs);
            }
            
            if (llmResult.violation() && llmResult.confidence() >= 0.75) {
                return finalize(ctx, Action.BLOCK, "LLM判定违规: " + llmResult.reason(), startMs);
            }
            
            if (llmResult.violation() && llmResult.confidence() >= 0.55) {
                // LLM不确定，送人工复核，但先允许展示（悲观锁策略另说）
                humanReviewQueue.enqueue(request, ctx, "LLM低置信度违规");
                return finalize(ctx, Action.ALLOW_WITH_REVIEW, "LLM存疑，人工复核中", startMs);
            }
            
            return finalize(ctx, Action.ALLOW, "三层检查均通过", startMs);
            
        } catch (Exception e) {
            log.error("审核流程异常: requestId={}, error={}", request.getRequestId(), e.getMessage());
            // 异常时保守放行（不能因为审核系统故障阻塞所有用户）
            // 同时送人工补审
            humanReviewQueue.enqueue(request, ctx, "审核异常");
            return finalize(ctx, Action.ALLOW_WITH_REVIEW, "审核异常，人工补审中", startMs);
        }
    }
    
    private boolean isLowRiskContent(ModerationRequest request) {
        // 快速判断是否可以跳过深层检测
        // 比如：历史记录良好的认证用户发的短内容
        return request.isVerifiedUser() && request.getContent().length() < 50;
    }
    
    private List<String> buildHintsForLlm(
            RuleBasedModerationEngine.RuleCheckResult ruleResult,
            ModelBasedModerationService.ModelCheckResult modelResult) {
        
        List<String> hints = new ArrayList<>();
        
        if (ruleResult.isSuspicious()) {
            ruleResult.violations().forEach(v -> 
                hints.add("规则检测到: " + v.ruleName()));
        }
        
        if (!modelResult.scores().isEmpty()) {
            modelResult.scores().forEach(s ->
                hints.add(String.format("分类模型: %s (置信度: %.0f%%)", 
                    s.category(), s.confidence() * 100)));
        }
        
        return hints;
    }
    
    private ModerationDecision finalize(
            ModerationContext ctx, Action action, String reason, long startMs) {
        
        long elapsed = System.currentTimeMillis() - startMs;
        var decision = new ModerationDecision(
            ctx.getRequest().getRequestId(), action, reason, elapsed, ctx);
        
        // 异步记录审核日志
        auditLogger.logAsync(decision);
        
        log.debug("审核完成: requestId={}, action={}, elapsed={}ms",
            ctx.getRequest().getRequestId(), action, elapsed);
        
        return decision;
    }
    
    public enum Action {
        ALLOW,          // 放行
        BLOCK,          // 拦截
        PENDING_REVIEW, // 等待人工（暂不展示）
        ALLOW_WITH_REVIEW  // 先展示，人工复核中
    }
    
    public record ModerationDecision(
        String requestId, Action action, String reason, 
        long elapsedMs, ModerationContext context
    ) {
        public boolean isAllowed() {
            return action == Action.ALLOW || action == Action.ALLOW_WITH_REVIEW;
        }
    }
}

---

人工审核队列和反馈学习

/**
 * 人工审核队列
 * 
 * 关键点：人工审核的结果必须反馈给模型优化系统
 * 否则审核系统是死的，无法适应新的违规模式
 */
@Service
@RequiredArgsConstructor
@Slf4j
public class HumanReviewQueue {
    
    private final RedisTemplate<String, String> redis;
    private final ObjectMapper objectMapper;
    
    private static final String REVIEW_QUEUE_KEY = "moderation:human_review_queue";
    private static final String REVIEW_RESULT_KEY = "moderation:review_results";
    
    /**
     * 入队：需要人工审核的内容
     */
    public void enqueue(ModerationRequest request, ModerationContext ctx, String reason) {
        try {
            HumanReviewTask task = new HumanReviewTask(
                request.getRequestId(),
                request.getContent(),
                request.getUserId(),
                reason,
                ctx.getCheckSummary(),
                System.currentTimeMillis()
            );
            
            String json = objectMapper.writeValueAsString(task);
            redis.opsForList().leftPush(REVIEW_QUEUE_KEY, json);
            
            log.info("内容进入人工审核队列: requestId={}, reason={}", 
                request.getRequestId(), reason);
            
        } catch (Exception e) {
            log.error("人工审核入队失败: {}", e.getMessage());
        }
    }
    
    /**
     * 接收人工审核结果，触发反馈学习
     */
    public void submitReviewResult(HumanReviewResult result) {
        // 保存审核结果
        try {
            redis.opsForHash().put(REVIEW_RESULT_KEY, 
                result.requestId(), 
                objectMapper.writeValueAsString(result));
            
            // 触发反馈学习
            if (result.isLabelChanged()) {
                // 自动审核和人工审核结论不一致，是学习样本
                // 实际会写到训练数据库，定期触发模型微调
                saveFeedbackSample(result);
                
                log.info("审核结论变更，记录学习样本: requestId={}, " + 
                    "自动判断={}, 人工判断={}", 
                    result.requestId(), 
                    result.automatedDecision(), 
                    result.humanDecision());
            }
            
        } catch (Exception e) {
            log.error("审核结果保存失败: {}", e.getMessage());
        }
    }
    
    private void saveFeedbackSample(HumanReviewResult result) {
        // 写入样本库，用于后续模型微调
        // 这里简化，实际写数据库
        FeedbackSample sample = new FeedbackSample(
            result.content(),
            result.humanDecision(),  // 人工判断是真值
            result.violationCategory(),
            System.currentTimeMillis()
        );
        
        // ... 写入训练数据库
    }
    
    public record HumanReviewTask(
        String requestId, String content, String userId,
        String queueReason, String checkSummary, long enqueuedAt
    ) {}
    
    public record HumanReviewResult(
        String requestId, String content, String automatedDecision,
        String humanDecision, boolean isLabelChanged,
        String violationCategory, String reviewer
    ) {}
    
    public record FeedbackSample(
        String content, String label, String category, long createdAt
    ) {}
}

---

审核效果监控

/**
 * 审核效果监控
 * 
 * 关注：误判率（好内容被删）> 漏判率（坏内容放行）
 * 前者直接影响用户体验，后者影响平台安全
 */
@Service
@RequiredArgsConstructor
@Slf4j
public class ModerationMetricsService {
    
    private final MeterRegistry meterRegistry;
    
    // 各层的处置分布
    private final Counter ruleBlockedCounter;
    private final Counter modelBlockedCounter;
    private final Counter llmBlockedCounter;
    private final Counter humanReviewCounter;
    private final Counter allowedCounter;
    
    // 延迟分布
    private final Timer totalLatencyTimer;
    
    // 每日误判反馈（从人工审核结果中统计）
    private final AtomicInteger dailyFalsePositives = new AtomicInteger(0);
    private final AtomicInteger dailyFalseNegatives = new AtomicInteger(0);
    
    public ModerationMetricsService(MeterRegistry meterRegistry) {
        this.meterRegistry = meterRegistry;
        this.ruleBlockedCounter = Counter.builder("moderation.blocked")
            .tag("layer", "rule").register(meterRegistry);
        this.modelBlockedCounter = Counter.builder("moderation.blocked")
            .tag("layer", "model").register(meterRegistry);
        this.llmBlockedCounter = Counter.builder("moderation.blocked")
            .tag("layer", "llm").register(meterRegistry);
        this.humanReviewCounter = Counter.builder("moderation.human_review")
            .register(meterRegistry);
        this.allowedCounter = Counter.builder("moderation.allowed")
            .register(meterRegistry);
        this.totalLatencyTimer = Timer.builder("moderation.latency")
            .register(meterRegistry);
        
        // 注册Gauge：实时误判率
        Gauge.builder("moderation.false_positive_rate", 
                dailyFalsePositives, AtomicInteger::get)
            .register(meterRegistry);
    }
    
    public void recordDecision(ContentModerationOrchestrator.ModerationDecision decision) {
        
        totalLatencyTimer.record(decision.elapsedMs(), TimeUnit.MILLISECONDS);
        
        switch (decision.action()) {
            case BLOCK -> {
                String layer = determineBlockLayer(decision.context());
                if ("rule".equals(layer)) ruleBlockedCounter.increment();
                else if ("model".equals(layer)) modelBlockedCounter.increment();
                else llmBlockedCounter.increment();
            }
            case PENDING_REVIEW, ALLOW_WITH_REVIEW -> humanReviewCounter.increment();
            case ALLOW -> allowedCounter.increment();
        }
    }
    
    /**
     * 每日统计报告（关注误判情况）
     */
    @Scheduled(cron = "0 0 8 * * ?")  // 每天8点
    public void dailyReport() {
        double total = ruleBlockedCounter.count() + modelBlockedCounter.count() 
            + llmBlockedCounter.count() + allowedCounter.count();
        
        if (total == 0) return;
        
        double blockRate = (ruleBlockedCounter.count() + modelBlockedCounter.count() 
            + llmBlockedCounter.count()) / total;
        double humanReviewRate = humanReviewCounter.count() / total;
        int fpCount = dailyFalsePositives.getAndSet(0);  // 重置计数
        
        log.info("=== 内容审核日报 ===");
        log.info("总量: {}, 拦截率: {:.1f}%, 人工审核率: {:.1f}%", 
            (int)total, blockRate * 100, humanReviewRate * 100);
        log.info("误判（好内容被删）: {}条 → 需要关注", fpCount);
        
        // 如果误判率超过阈值，发告警
        if (fpCount > 50 || (total > 1000 && fpCount / total > 0.01)) {
            log.error("误判率异常！请检查规则和模型：误判={}, 总量={}", fpCount, (int)total);
        }
    }
    
    private String determineBlockLayer(ModerationContext ctx) {
        if (ctx.getLlmResult() != null) return "llm";
        if (ctx.getModelResult() != null) return "model";
        return "rule";
    }
}

---

实践建议

误判比漏判更危险

在内容审核里，把正常内容误判为违规（假阳性）对用户体验的伤害，往往比漏掉一些违规内容更大。用户发布内容被删除会直接投诉，甚至流失；而少量违规内容通常有其他渠道兜底（举报机制、人工巡查）。所以审核系统要倾向于低误判，宁可提高人工审核比例，也不能高误判。

冷启动策略

新上线的AI审核，别一开始就全量拦截。先做影子模式两周：AI审核和人工审核并行，对比结论。只有AI的精确率达到95%+、人工确认的漏判率低于2%，才切到自动拦截。这两周的数据也是后续优化模型的黄金训练集。

动态阈值

不同类型的平台，违规比例差异极大。一个儿童教育平台应该设置非常严格的阈值（宁可误判），而一个成人内容平台需要更精细的分类。阈值不是一次性配置好的，要根据业务反馈持续调整。