Readiness Network

Security & Trust

Safe admission, auditable by design

The network's job is to keep agents from calling things they shouldn't. That only works if the network itself is held to a stricter standard.

Admission: untrusted by default

  • Every capability enters as discovered and earns status through verification — never through popularity or payment.
  • Provider identity is checked; impersonating a known vendor is a permanent block.
  • Manifests must declare risk per action (read_only / write / destructive). Understating risk is a hard gate, not a penalty.
  • Tool and skill descriptions are screened for prompt injection before any agent ever sees them.

Execution isolation

  • Third-party code never runs in the API service. Installs and dry-runs happen in dedicated sandbox workers.
  • Sandboxes run with no real secrets, no write mounts, bounded CPU/memory/time, and network disabled by default.
  • Probes and canaries are read-only by design: they never mutate state, place orders, or spend money.

High-risk action policy

  • Destructive or transactional actions are never auto-recommended unless evidence level is E4 or higher AND the action declares requires_user_confirmation.
  • Lower-evidence high-risk actions appear, at most, as explicitly labeled fallbacks.
  • Schema drift on a remote endpoint without a version bump drops the capability out of the routeable set until re-verified.

Privacy minimization

  • We never collect prompts, user files, tokens, cookies, or environment variables — from agents or from providers.
  • Outcome reports are structurally validated and rejected if flagged as containing raw user content or PII.
  • Request logs redact authorization headers and secrets by default.
  • API keys are stored as salted hashes only.

Accountability

  • Every score carries evidence_level, confidence, valid_until, and reason_codes — auditable end to end.
  • Every conclusion traces to sources: which registry, which repo, which probe, which outcomes.
  • Blocked capabilities are reported with reasons, so filtering is inspectable rather than silent.

This is an early-stage service. We do not claim certifications we do not hold, and the demo registry contains labeled sample data. Security questions or disclosures: see the contact page.