Trust and safety on Graunt

Graunt is the marketplace for agent-ready data. Every listing is built around evidence agents, builders, and buyers can actually act on: declared rights, rich provenance, evaluated quality, signed manifests, content hashes, and bounded scanner signals. This page describes how that trust model works, what review gates a listing passes before it appears in the catalog, and how Graunt is building toward attribution-aware agent participation and machine-readable commerce.

Why Graunt packets are easier to trust and consume

Random scraped files arrive with no rights claim, no provenance, no integrity, no schema, and no recourse. Graunt packets arrive with a structured manifest, a signed delivery record, declared rights, and a publication-metadata trail an agent or builder can read at machine speed before any decision is made.

Rights-aware packet delivery. Every listing exposes a structured rights_block and a listing-level rights_passport describing license family, citation requirement, training and redistribution flags, and personal-data sensitivity.
Provenance-rich records. Source authority, publisher, publication date, jurisdiction, language, and (where applicable) standard identifiers travel with the listing as machine-readable publication_metadata.
Evaluated quality. Each listing carries a Packet Evidence Record summarizing objective listing facts — presence of required fields, manifest references, validation status, and content metadata — without a single overall trust number. Buyers and agents make fit-for-purpose decisions from the structured fields, not from an opaque rollup. The Packet Evidence Record is exposed on the public API as the packet_checks JSON field on GET /v1/listings/{id}.
Signed manifests + content hashes. Packet listings carry a content_sha256 on the file, a packet_manifest_hash on the manifest, and (for pilot-stage packets) a seller signing key plus a signed publication record. GET /v1/listings/{id}/manifest returns the canonical manifest body with integrity headers for signed listings.
Reproducible delivery records. Authenticated buyer-organization delivery flows through audited entitlements; public-token-grant free downloads are rate-limited and content-hash-pinned. Either way, what the buyer received is the same bytes the manifest describes.
Packet freshness + declared limitations. Listings carry a declared update pattern, publication date, and (where applicable) freshness contract, so agents and buyers can reason about staleness before relying on the data.
Machine-readable metadata everywhere. Discovery, detail, manifest, evidence, and acceptance-standards surfaces are all JSON. Agents read the same fields humans read.

Packet Evidence Record, Evaluation Profile, and Safety Profile

Three bounded evidence objects describe a packet's trust posture to buyers and agents:

Packet Evidence Record. A Packet Evidence Record is the buyer- and agent-facing summary of a packet's declared rights, provenance, manifest status, content hashes, validation signals, and evaluated quality context. It is descriptive evidence, not a legal verification, certification, or guarantee. The Packet Evidence Record is exposed on the public API as the packet_checks JSON field on GET /v1/listings/{id}.
Packet Evaluation Profile. A Packet Evaluation Profile describes the technical checks, validation scope, freshness signals, and evaluation context associated with a packet. It does not roll those signals up into a single number.
Packet Safety Profile. A Packet Safety Profile describes bounded scanner and review signals for a packet. Scanner signals are disclosure-only unless a later gated workflow explicitly changes that posture.

These three objects are descriptive evidence surfaces, not certifications. They never make safety guarantees, clean-content guarantees, training-readiness guarantees, or legal-clearance claims.

Review gates before a listing appears in the catalog

Admin review on every listing. New listings land in PENDING_REVIEW and remain invisible to the public catalog until an admin approves them. Every seller path — self-listed and commissioned alike — flows through the same review gate.
Seller legal acceptance. Sellers accept the Acceptable Use Policy at registration and re-accept the AUP at each listing creation. The accepted version hash, timestamp, IP, and user-agent are recorded against the listing.
Rights and provenance validation. Listings whose rights_block or rights_passport do not parse or contain forbidden combinations are rejected before the listing is persisted.
Buyer legal acceptance. Buyers accept the Terms of Service at account creation and the Marketplace License at purchase time.

Bounded scanner signals

Graunt runs a small set of deterministic scanners against text-shaped packet listings. Scanner outputs are bounded disclosure signals — built to help agents and admins read a listing more confidently, not to substitute for human judgment, certify safety, or block publication automatically.

LLM-origin disclosure signal. Surfaces a presence-or-absence indicator for evaluated listings.
Benchmark-overlap signal. Surfaces overlap-with-known-benchmark indicators on evaluation packets.
Intra-packet duplicate-diversity signal. Surfaces near-duplicate row signals as a row-diversity disclosure.
Prompt-injection-risk signal. Surfaces presence of prompt-injection-like instruction patterns.
Credential-pattern signal. Surfaces presence of credential-shaped patterns. Raw matched values are redacted at the detector boundary and never stored, logged, or surfaced.

Scanner signals are disclosure-only. They feed Graunt's append-only scanner-history substrate and the audit log so admins, buyers, and agents have additional context, but they never act as automatic publication blockers, ranking multipliers, payout gates, or eligibility filters for current or future participation programs. Bounded scanner outputs and human / admin review are designed to work together.

Agent and buyer access today, and the direction

Graunt is designed for accountable agent commerce. Listings, metadata, rights, manifests, and Packet Evidence Records are exposed through structured APIs so programs can discover, filter, inspect, compare, and prepare acquisition decisions at machine speed.

Public discovery. Catalog metadata is open and machine-readable. Listing JSON, manifest JSON, /openapi.json, /.well-known/ai-plugin.json, /llms.txt, and /v1/meta/seller-standards are all callable without credentials.
Authenticated buyer-organization purchase. Stripe-processed paid checkout, audited delivery, and durable entitlements. Buyer organizations control credentials, spend, and approval policy.
Free acquisition variants. Authenticated free entitlements on price_cents=0 listings and rate-limited public-token-grant free downloads on free-public listings deliver the same packet bytes through the same audited delivery path.

Graunt is building toward delegated agent purchasing under buyer-defined credentials, spend controls, approval policies, and audit records — alongside attribution-aware agent participation, commissioned packet workflows, machine-readable commercial terms, and future role-based incentives for builders, curators, validators, referrers, and reviewers. Those capabilities are roadmap-backed and phased; gated flows arrive when their substrate, compliance, and payout infrastructure are ready.

Until each gated flow ships, public copy describes capabilities in terms of direction rather than current operation: a flow is either described as live (with the API path to call) or as planned. Graunt does not market gated flows as operational before they exist.

Forward-compatible attribution and participation

Graunt's commerce surface is designed so future participation is easier to attribute, easier to compensate, and easier to explain. The transaction-allocation substrate already records seller and platform allocation on every paid transaction; future slices extend that ledger with additional contributor roles, Graunt-funded support programs, and seller-funded optional commission boosts. Commissioned packet workflows already record builder attribution; future stages widen the path to additional external builders, curators, validators, and reviewers under the publication review gate.

Compensated recommendation disclosure is locked doctrine for every compensated path; future surfaces carry both human-readable and machine-readable disclosure of the funding source. Closed-loop Graunt-side rewards, when they ship, are non-tradable and never marketed as "tokens" or "cashable instruments" in the alpha horizon.

Reporting an issue

If you believe an asset on Graunt misstates a fact, infringes a right, exposes credentials, or otherwise violates the Acceptable Use Policy, contact us at support@graunt.com. Include the listing URL and a short description; do not include credentials or other sensitive content in the message body.