Context
Trust scores are currently per-deployment. An agent that builds strong security-review trust in one CaseHub deployment starts from Beta(1,1) = 0.5 in every other deployment. TrustExportService enables deployments to publish their trust data so other deployments can import it.
Part of: #51 (Group C epic)
Best after: Group B (#60, #61, #62) to export capability-scoped and multi-dimensional scores
Blocks: C2 (TrustImportService), D1 (trust bootstrapping)
What to implement
Canonical export format
{
"exportedAt": "2026-04-28T14:30:00Z",
"exportingDeployment": "acme-corp-prod",
"actors": [
{
"actorId": "claude:security-reviewer@v1",
"actorType": "AGENT",
"globalScore": {
"alpha": 47.3,
"beta": 8.1,
"trustScore": 0.853,
"attestationCount": 55
},
"capabilityScores": [
{
"capabilityTag": "security-review",
"alpha": 38.2,
"beta": 4.1,
"trustScore": 0.903,
"attestationCount": 42
}
],
"dimensionScores": [
{
"dimension": "review-thoroughness",
"score": 0.78,
"sampleCount": 42
}
]
}
]
}TrustExportService CDI bean
@ApplicationScoped
public class TrustExportService {
/** Export all actors with scores above a minimum threshold. */
public TrustExportPayload exportAll(double minTrustScore) { ... }
/** Export a specific actor. */
public Optional<TrustExportPayload> exportActor(String actorId) { ... }
/** Export actors with changes since a given timestamp (delta export). */
public TrustExportPayload exportDelta(Instant since) { ... }
}Optional REST endpoint
GET /ledger/trust/export?minScore=0.5&format=json (full export)
GET /ledger/trust/export/delta?since=2026-04-01T00:00:00Z (delta)
GET /ledger/trust/export/actor/{actorId}
Config: casehub.ledger.trust.export.rest-enabled=true
Tests
- Export includes all actors meeting minScore threshold
- Export excludes actors below threshold
- Delta export only includes actors with score changes since
since
- Format is valid JSON matching the canonical schema
- Capability and dimension scores included when present
Acceptance criteria
Refs #51
Context
Trust scores are currently per-deployment. An agent that builds strong
security-reviewtrust in one CaseHub deployment starts from Beta(1,1) = 0.5 in every other deployment.TrustExportServiceenables deployments to publish their trust data so other deployments can import it.Part of: #51 (Group C epic)
Best after: Group B (#60, #61, #62) to export capability-scoped and multi-dimensional scores
Blocks: C2 (TrustImportService), D1 (trust bootstrapping)
What to implement
Canonical export format
{ "exportedAt": "2026-04-28T14:30:00Z", "exportingDeployment": "acme-corp-prod", "actors": [ { "actorId": "claude:security-reviewer@v1", "actorType": "AGENT", "globalScore": { "alpha": 47.3, "beta": 8.1, "trustScore": 0.853, "attestationCount": 55 }, "capabilityScores": [ { "capabilityTag": "security-review", "alpha": 38.2, "beta": 4.1, "trustScore": 0.903, "attestationCount": 42 } ], "dimensionScores": [ { "dimension": "review-thoroughness", "score": 0.78, "sampleCount": 42 } ] } ] }TrustExportService CDI bean
Optional REST endpoint
Config:
casehub.ledger.trust.export.rest-enabled=trueTests
sinceAcceptance criteria
TrustExportPayloadrecord matching canonical formatTrustExportServicewith full, delta, and per-actor exportRefs #51