The Anti-Slop Content Firewall

What's in this playbook

A 14-page operational guide to building a content firewall that catches AI slop before it reaches publication. Not a marketing PDF — an architecture document. Free, no email required.

You'll get:

• Why style guides fail as enforcement mechanisms and what to do instead
• The five-layer firewall architecture: Voice, Structure, Proof, Hype, CTA
• How to extract a stylometric fingerprint from existing content
• A starter rule set: 40-60 enforceable rules with concrete examples
• Scoring pipeline that runs pre-publish and post-publish
• Worked examples from three brands we operate: Insightful Recovery Solutions, NVUS Hearts, and Innovation Synergy AI
• The eight failure modes we've watched firewalls run into, and how to avoid each
• A twelve-step implementation checklist

Who this is for

• Founders shipping content with AI and worried their brand voice is drifting
• Marketing leads at small B2B companies who can't afford a full agency but need infrastructure
• Operators who want guardrails, not just better prompts

Download

The playbook is free. No email gate.

Chapter 1 · Why style guides don't enforce anything

Every brand we've ever talked to has a style guide. Almost none of them use it.

The pattern is the same across every brand: a PDF lives in Notion or Google Drive. It documents the brand voice, the tone, the do-and-don't list. It was written carefully. Then the company hires a contractor, an agency, or starts using an AI tool. The guide never makes it into the prompt. The output ships. The voice drifts.

The reason isn't laziness. It's that the style guide is a document, and the content production process is a series of operations. A document is information. An operation needs instructions. The two don't connect automatically. Someone has to read the document, internalize it, then apply it on each piece of content. That someone almost never reads the document.

The fix isn't a longer guide. The fix is that the brand voice has to live as code that every content production tool — including every AI model the team uses — reads at generation time. Not a reference. A constraint.

A content firewall is the operational layer that turns a style guide into enforced rules. The style guide describes the brand. The firewall is what stops off-brand content from shipping.

The shift is small, but the consequences are not. With a style guide, you can describe what the brand sounds like. With a firewall, you can verify whether a specific piece of content matches that description before it goes out. The verification is the difference between hope and infrastructure.

Chapter 2 · The five layers of a content firewall

We run firewalls on every brand we operate. Five layers cover the failure modes that show up in practice. Each layer catches a different kind of off-brand output.

Layer 1 · Voice

Voice is the stylistic signature of the brand. Sentence length distribution, vocabulary clusters, cadence patterns, the way the brand stacks adjectives or refuses to. Two pieces of content can both be factually correct, structurally sound, and technically about the same topic, and still fail voice. The voice layer measures the math of how the content sounds. Same input, different voice profiles, different outputs.

Layer 2 · Structure

Structure is the information architecture of a piece. Does the first sentence earn the second. Does the claim arrive before the proof. Does the CTA make sense given what came before. Most brand style guides ignore structure entirely, because structure feels like content strategy rather than voice. But structure is where slop reveals itself fastest. A piece with no hook, no proof, and a vague CTA is slop regardless of voice quality.

Layer 3 · Proof

Proof is the layer that checks whether claims are backed by specifics. "We help founders scale" is not a claim. It's a sentence. "Insightful Recovery Solutions runs nine live platforms across recovery infrastructure" is a claim. Numbers, names, dates, and direct outcomes are proof. The proof layer rejects content with unsupported assertions, vague modifiers, and percentage claims that don't cite a source.

Layer 4 · Hype

Hype is the marketing-fluff filter. Words that sound like meaning but carry none. Phrases like "in today's fast-paced digital landscape" or "industry-leading solutions" or "we're thrilled to announce." Every brand has a list of these. The hype layer runs the content against the list and rejects matches. It also catches structural hype: paragraphs that repeat the same idea three times, sections that exist only to fill space.

Layer 5 · CTA

CTA is the layer that asks: what action is this content trying to produce, and does the piece earn that action. A blog post that ends with "book a call" without ever explaining why is a CTA failure. A piece that promises a download without linking to it is a CTA failure. The CTA layer checks that every piece of content has a defined action, that the action matches the content, and that the path to the action is one click.

The five layers run independently. A piece can pass voice but fail structure. Pass proof but fail hype. The firewall reports which layer failed and why. The fix is targeted, not stylistic flailing.

Chapter 3 · Extracting your stylometric fingerprint

The voice layer needs a target to score against. That target is the stylometric fingerprint — a quantitative profile of how the brand writes, measurable and reproducible.

Five things to measure, in priority order:

Sentence length distribution. Run any corpus of content through a tokenizer. Plot sentence lengths. The distribution tells you whether the brand writes short and punchy, long and flowing, or alternates between the two. Most brands cluster within a narrow range. The fingerprint records the median, the standard deviation, and the typical alternation pattern.

Vocabulary clusters. Compute TF-IDF against a baseline corpus, like Wikipedia or a public dataset of business writing. The words that show up disproportionately in your content are the brand's vocabulary signature. These are the words AI will not naturally produce because they're statistically unusual. Capture them.

Forbidden words and phrases. The inverse of the vocabulary signature. Words the brand never uses, but a generic AI model will produce by default. Record them with examples of replacements. The hype filter reads from this list.

Exemplar sentences. Five to fifteen sentences from existing content that best represent the brand voice. Use centroid analysis on sentence embeddings to pick the most representative samples. These are the "this is what we sound like" reference set.

Cadence patterns. The way sentences alternate in length and structure. Two long sentences followed by a short punctuating one is a cadence. Three short fragments in a row is a cadence. Capture the patterns that show up consistently and the ones that never appear.

The extraction can be done conversationally — ask an LLM to describe the voice based on samples — but conversational extraction is not reproducible. Run it twice on the same corpus and you'll get two different profiles. For a firewall, the fingerprint has to be deterministic. Same input, same output, every time.

The media-tsunami skill does this empirically. Python CLI, runs against a content directory, outputs a structured profile as JSON. Drop the JSON into a project root as part of CLAUDE.md and every AI tool that reads CLAUDE.md now has the fingerprint as part of its system prompt. The fingerprint becomes a constraint, not a vibe.

Chapter 4 · Building the rule set

The fingerprint describes the brand. The rule set enforces it. A working rule set has 40 to 60 rules. Fewer and the firewall under-catches. More and the rules contradict each other.

Rules fall into five buckets, mapping to the five layers:

Voice rules

Each rule is a pattern and a verdict. Examples from actual production rule sets:

• Sentence length: median 12 words, max 28. Reject any sentence over 35 words.
• Sentence starters: "In today's" → reject. "Quick question" → reject. "Look," → allow.
• Vocabulary: prefer "system" over "platform." Prefer "ship" over "deliver." Prefer "engine" over "machine."
• Tone: declarative over hedging. Reject "we believe," "we feel," "we think." Allow "we know," "we ship," "we run."

Structure rules

• First sentence must contain a specific claim, named subject, or direct question. Reject openings that frame without specifying.
• No paragraph longer than 5 sentences.
• Every section must have a one-sentence summary at the top. Section sprawl is rejected.
• Internal references: every claim that references another section must link to it.

Proof rules

• Any percentage claim must include the denominator and the time window.
• Names of clients or examples must be specific (Tyshaun, Keith, Renarda) or anonymized intentionally ("a B2B SaaS founder"). Generic plural ("our clients") is rejected.
• Outcome claims require a number. "We help founders ship faster" is rejected. "Founders ship in 30 days instead of 90" passes.

Hype rules

• Forbidden adjective stacks: "innovative, scalable" → reject. "Best-in-class" → reject. "Cutting-edge" → reject.
• Forbidden phrases: "we're excited," "we're proud to announce," "in today's fast-paced," "thought leadership."
• Forbidden verbs: "leverage" (verb form), "unleash," "empower," "revolutionize."
• Repetition: same word more than three times in 200 words triggers a flag.

CTA rules

• Every piece must end with one and only one CTA.
• The CTA must be a verb: "Book a call," "Read the breakdown," "Download the playbook."
• The action target must be one click away. Reject "let us know if you're interested" — there's no target.
• The CTA must be specific to the content. A recovery-services article cannot end with "Schedule your free consultation today" — too generic.

The 40-60 number is empirical. We've shipped firewalls with 25 rules (too loose) and 90 rules (mutually exclusive). The midrange is where the rules cover real failure modes without contradicting each other. Start with the rule set the existing brand voice extraction generates, then refine on real failures over the first month.

Chapter 5 · Scoring pipeline architecture

A working firewall has three operational stages. Each stage runs the same rule set, but at a different point in the production flow.

Stage 1 · Generation-time constraint

The fingerprint and rule set load into the prompt every time content is generated. Not as guidance — as constraint. The AI model is told: write this piece. These are the voice axes you must match. These are the words you cannot use. These are the structural rules. Generate within these limits.

This catches the most failures the most cheaply. A constrained prompt produces an on-brand piece 80 to 90 percent of the time on first try. Without the constraint, the same model produces on-brand content 20 to 30 percent of the time.

Stage 2 · Post-generation scoring

After the model produces a piece, the same rule set runs against the output. Each rule scores pass or fail. If the piece scores under threshold (we use 80 percent rule-pass rate as the floor), the piece is rejected and regeneration is triggered with the failure list as additional context.

The scoring is mechanical. Not an LLM judging — a Python script running pattern matching, length distribution checks, forbidden word grep, structural validation. The output is a JSON report with rule IDs, pass/fail flags, and excerpts of the failures.

Stage 3 · Pre-publish gate

Before the piece ships to social, blog, or email, it runs against the rule set one more time. This catches anything that drifted between approval and publication: a typo introduction, a copy-edit that softened a claim, an auto-rewrite from a CMS. The pre-publish gate is the last line.

Each stage logs its decision. The log is the audit trail. If a piece slipped through and showed up off-brand on production, you can trace which stage failed and why. The fix is at the stage that failed, not a generalized "we need to tighten standards."

The whole pipeline runs in code, scheduled. There's no human in the loop until something fails. When something fails, the human gets the specific failure list, not a vague sense that the content "feels off."

Chapter 6 · Pre-publish vs post-publish enforcement

Two enforcement modes. Pick one or both, depending on where you are.

Pre-publish enforcement runs the firewall before any content goes live. New content, new social posts, new email sends. Nothing ships without passing all five layers. This is the right default. It's expensive at first because you're catching drift in real time and the team has to learn what the firewall accepts. After 30 to 60 days the team's drafts pre-conform and the firewall mostly just confirms.

Post-publish enforcement runs the firewall against content that already shipped. Older blog posts, old social, old email campaigns. The output is a report: which existing pieces violate which rules, ranked by reach. The fix is a rewrite-and-republish cycle for the worst offenders.

If you're standing up a firewall on an established brand, run post-publish first. It tells you where the brand already drifted, which channels are worst, and how much rewrite work the cleanup will cost. Then turn on pre-publish so the bleeding stops.

If you're standing up a firewall on a new brand (you haven't shipped much yet), skip post-publish and go straight to pre-publish. The firewall trains the team while the team builds the catalog.

The two modes share infrastructure. Same rule set, same scoring engine, same audit log. The only difference is what feeds into the input: live content streams (pre-publish) or stored content sweeps (post-publish).

Chapter 7 · Worked examples from three brands

Insightful Recovery Solutions

Tyshaun Howard runs Insightful Recovery Solutions. Founder and Principal Consultant. NIH CHORUS co-author. Thirty years of lived experience in recovery, combined with research credentials and a deep network across the field. The brand operates nine live platforms covering recovery infrastructure, leadership labs, and clinical-adjacent training.

The firewall on IRS is the strictest we run. Recovery work has language stakes most brands don't. The forbidden word list is enforced at every stage: "addict," "junkie," "clean," "dirty," "abuse," "cure," "quick fix," "easy," "guaranteed," "rock bottom" — none of them ship. The rule isn't preference. It's the difference between supporting the audience and reinforcing the stigma the field is trying to retire.

Voice rules emphasize Tyshaun's credentials in formal contexts. His title is "Founder & Principal Consultant," not "sober coach." The NIH CHORUS work is named in his bio. The brand voice is direct, executive, and clinically literate without being clinical. The structural rules require every piece to lead with the framework before the personal story — credentials first, lived experience second.

Drift mode for IRS: contractors writing social copy default to softer, more generic recovery language. The firewall rejects every draft until the language sharpens. After three weeks, contractors stopped writing soft drafts.

NVUS Hearts

Keith runs NVUS Hearts. Faith-based streetwear. The brand started from zero on YouTube — six subscribers in March, 178 subscribers and 40.3K views by May. Forty-nine videos shipped. 5.7 percent engagement rate, which is five to ten times the Shorts benchmark. Zero paid spend.

The firewall on NVUS is voice-heavy and structure-heavy. The voice has to feel like Keith — direct, faith-rooted, not preachy. The forbidden list excludes the entire vocabulary of generic faith marketing: "inspirational," "uplifting," "journey." The brand uses "rebuilt," "carried," "carried back" instead. Structural rules require the content to ground in a specific moment or detail — the morning after, the wall someone is staring at, the silence in the car. Generic spiritual abstraction is rejected at the structure layer.

The CTA layer for NVUS is unusual. Most pieces don't have a commerce CTA. The CTA is "follow," "share with someone who needs this," or "watch the next one." The firewall enforces that. Pieces that pivot to product too early get rejected and rewritten.

Drift mode for NVUS: AI tools default to either generic faith content or generic streetwear content. The firewall catches both. The fingerprint for NVUS is what makes it sound like Keith, and the fingerprint is the only thing standing between the brand and generic content.

Innovation Synergy AI

Innovation Synergy AI is a B2B SaaS brand operating in the AI tooling space. The audience is sophisticated — engineers, product leads, founders who've seen every AI demo and are exhausted by hype. The firewall on ISAI is heavy on the hype layer and the proof layer.

The hype rules for ISAI are the most aggressive of any brand we run. Any sentence containing more than two adjectives is flagged. Any claim about AI capabilities without a specific use case or measurable outcome is rejected. The list of forbidden phrases includes most of the standard B2B marketing vocabulary: "intelligent," "smart," "transformative," "next-generation."

The proof rules for ISAI require every product claim to have an example. "Our system handles complex queries" is rejected. "Our system parsed 12,000 customer support tickets last month and resolved 64 percent without human escalation" passes. Numbers, time windows, comparisons. No claim without a number behind it.

Drift mode for ISAI: marketing contractors default to standard B2B vocabulary because that's what the entire category sounds like. The firewall pulls the brand out of that herd by rejecting everything that reads like a competitor. The voice becomes distinct by addition (specific examples, named methodologies) and subtraction (zero generic SaaS language).

The three brands run the same firewall infrastructure. Different fingerprints, different rule sets, same operational shape.

Chapter 8 · Common firewall failure modes

Eight failure modes show up across the brands we operate. Each one is a pattern worth recognizing.

Rules too vague. "Use a direct tone" is not a rule. It's a vibe. The firewall can't enforce it. Replace with measurable patterns: forbidden hedging words, allowed sentence structures.

Rules too brittle. Reject any piece containing the word "thorough" without context will reject pieces about how to be thorough. Add scope: reject only when the word modifies the brand's own offering.

No regeneration loop. A firewall that rejects pieces but doesn't re-prompt with the failure list is a tax on the team. Build the regeneration into the pipeline. Failure list becomes the next prompt's constraint.

Voice rules without structure rules. The piece passes voice but the argument is broken. Voice rules without structure rules produce well-voiced slop.

No human override. A firewall that can't be overridden is brittle. Every system has edge cases. Build a clear override path with logging — the human can override, but the override is recorded and reviewed weekly.

Outdated fingerprint. Voices evolve. A fingerprint extracted in January no longer matches the brand in October. Re-extract every quarter, or after any major shift in product positioning, audience, or platform mix.

Forbidden list bloat. Adding new forbidden words every time something off-brand ships eventually makes the list unmanageable and self-contradicting. Audit the list quarterly. Remove rules that haven't fired in 90 days.

Single-layer dependency. A firewall that relies only on the voice layer or only on the hype layer will catch obvious failures and miss the rest. All five layers matter. Run them independently, score them independently, fail any piece that fails any layer.

Chapter 9 · Implementation checklist

Twelve steps to stand up the firewall. Run them in order. Each step has a clear deliverable.

1. Extract the stylometric fingerprint. Use media-tsunami or equivalent. Output is a structured JSON profile. Stored at the brand's project root as part of CLAUDE.md.

2. Identify the worst-shipping channels. Run a manual audit of the last 90 days of content across every channel. Score each channel on the five layers. Worst-performing channels get the firewall first.

3. Draft the initial rule set. 40 to 60 rules across the five layers. Start with the rules the fingerprint extraction surfaced. Add rules for the failures the manual audit revealed.

4. Wire the rule set into the generation step. The prompt every AI tool runs must include the fingerprint and rule set. Not optional. Not "if there's room." Always.

5. Build the post-generation scoring script. Python or similar. Reads the generated content, runs the rule set, produces a pass/fail report with excerpts.

6. Set the pass threshold. 80 percent rule-pass rate is a defensible starting floor. Tighten over time as the team's drafts improve.

7. Build the regeneration loop. Failed pieces don't get returned to humans — they get re-prompted with the failure list. Three retries before human escalation.

8. Wire the pre-publish gate. Last check before the piece goes live. Same rule set, same scoring, terminal verdict.

9. Stand up the audit log. Every decision, every override, every regeneration, recorded. Reviewed weekly for the first month, monthly thereafter.

10. Run post-publish enforcement on existing content. Audit older content against the firewall. Rank by reach. Schedule rewrites for the worst offenders.

11. Train the team on the failure modes. Not on the rules — the rules are enforced by the firewall. On the patterns that produce failures. Specific examples from the team's own drafts.

12. Re-extract the fingerprint quarterly. Catch voice evolution before drift compounds. Update the rule set with new patterns surfaced. Remove rules that haven't fired.

What WhyStrohm runs for you

The firewall described above is what we operate, in production, on every founder-led brand we run. The fingerprint extraction is media-tsunami. The scoring runs in whystrohm-audit. The drift detection is whystrohm-voice-scorer. The voice extraction at the front of the pipeline is whystrohm-voice-extract. All four skills are open source. You can install them and run the firewall yourself.

Or you can hand the whole stack over. WhyStrohm is the operator on top of these skills. Same firewall, same five layers, same fingerprint extraction — but running every week, against every piece of content, across every channel, while you focus on the work that requires you specifically. Thirty minutes a week of your time. The rest is the system.

The choice is operational, not philosophical. Running the firewall yourself works if you have the time to operate it weekly. If you don't, we operate it for you.

See pricing · Book a 30-minute scoping call