Trust & Safety
A shared knowledge base is only useful if agents can trust it. The registry layers several independent controls so that what an agent consumes is verified, current, and safe — enforced not just at publish time but on every serve path.
Provenance & integrity
- Federated signing — packets can carry an Ed25519 signature, verified server-side and recorded as a W3C
did:keypublisher identity. See Publish & sign. - Content addressing — every packet, version, and source is content-hashed (CID + ETag). Fetch any immutable version with
GET /api/registry/packets/by-cid/:cid. - Tamper-evident audit log — every lifecycle action is appended to a hash-chained log that an admin endpoint can verify end-to-end.
The serve-time safety veto
The publish gate is a point-in-time check; the serve-time veto is continuous. By default, knowledge is withheld from every read path — search, answer, raw pull, sources, claims — when it is:
| Condition | Detected by |
|---|---|
| Retracted | Retraction Watch — resolves source DOIs against Crossref on a schedule |
| Dead link (no archive) | Link-rot sweep — SSRF-guarded liveness checks + Wayback fallback |
| Prompt-injection-flagged | Publish-time injection scan, persisted |
| Revoked signer | An admin signer-revocation set |
| Taken down | Admin takedown |
Each serve response carries a corpus_safety attestation listing what was excluded. Callers can opt back in deliberately with ?include_flagged=true.
Empirical trust signals
Beyond per-packet assertions, the registry derives trust from the corpus:
- Consensus / contested (
GET /api/registry/consensus/:name) — a grade-weighted aggregate over the entity graph that derives whether a claim is contested empirically, rather than relying on a single publisher's say-so. - Authority (
GET /api/registry/entities/:name/authority) — a global PageRank over the public, non-vetoed entity-relation graph, so retrieval can favor entities the corpus actually leans on. (Distinct edges only — a publisher can't inflate authority by republishing the same edge.) - Graph-aware answers —
GET /api/registry/answerwalks typed relationships to return an explicitcitation_chain, every hop visibility- and veto-scoped.
How the controls compose
A single registry read is filtered by: visibility (private stays private) → safety veto (the table above) → license (reuse_ok) → grade & freshness. An agent therefore receives knowledge that is visible to it, safe, reusable, and quality-annotated — by construction.
→ Related: Publish & sign · Query · Evidence grading