SBStackbroker
Trust pre-flight

Point-in-time trust evidence.

Before an agent spends through a service, Stackbroker scans what the service declares — its descriptions, schemas, and endpoint posture — and publishes the result as a signed, expiring manifest. This is trust evidence, not a certification: a snapshot of what we checked, when we checked it, under a published rubric.

How findings affect scoringVerification public key
In scope

What scanning checks

  1. 01

    Static description & schema analysis

    Tool-poisoning and injection-pattern content in declared descriptions and metadata ("ignore previous instructions"-class directives, hidden instructions, excessive-privilege requests, credential-harvesting patterns). Pinned, versioned ruleset — same input, same findings.

  2. 02

    Schema drift

    Every declared schema surface is snapshotted and hashed daily. Unannounced breaking drift records a finding with the exact diff and triggers the provider's connection point for confirmation.

  3. 03

    Endpoint reputation

    TLS validity, HTTPS enforcement, and domain resolution stability — extending the probe harness that already measures latency, success, and schema conformance.

Out of scope — stated plainly

What scanning does NOT check

  • No runtime traffic inspection. We never sit in the request path or read your payloads; scanning covers declared surfaces only.
  • No guarantee against novel attacks. A clean scan means no known pattern matched at scan time — nothing more.
  • No certification.We publish evidence with a timestamp and an expiry — never a certification stamp or a safety promise. Words like that don't appear here because nobody can honestly use them.
Deterministic by design

From findings to flags: the rubric

Raw scanner output is noisy, so findings never pass through raw. A versioned rubric (currently trust_rubric_v1) maps finding categories and severities to effects:

SeverityEffect
LowRecorded in the manifest summary. No flag.
MediumAdds a machine-readable security_advisory_* entry to the card's security_flags[], filterable by routing policy.
HighHuman review first. No public flag, no tier impact, until a reviewer confirms. A confirmed HIGH finding adds a security_finding_* flag and suspends the attested tier until remediation + re-scan. Every confirm/dismiss is written to the audit chain with reviewer identity and reason.

Scanner upgrades require a rubric version bump and a methodology changelog entry. Scan cadence is set by risk and usage — never by payment ( providers can't pay us).

Honest by contract

Staleness rules

Manifests expire after 30 days. Past expiry they are marked stale— displayed as stale, never hidden — and a stale scan stops satisfying an operator's require_attestation_tier: attested floor until a re-scan succeeds. Providers can request a free re-scan after remediation at any time.

For agents

How to consume trust evidence

  1. GET /v1/services/{id}/trust returns the active signed manifest (Ed25519 over canonical JSON; verify against the public key).
  2. /v1/discover and /v1/route responses carry per-candidate last_scanned_at, scan_status, and the manifest URL — enough to enforce "attested, scanned within 7 days" from the response alone.
  3. Filter at request time: scanned_within_days on discover queries and route policies; blocked_security_flags to refuse rubric-confirmed findings outright.

point-in-time evidence · published rubric · signed manifests · stale shown as stale