folklore Install
HomeStoreBlog PaperGitHub Install
← all notes Provenance

Signed by a named hand

2026-06-15 · 4 min read · by · [email protected]

The dangerous thing about a shared memory for agents is the same thing that makes it valuable: your model will trust it. Pull a claim from the commons and the agent treats it as settled — it reasons forward from there instead of re-deriving it. That's the entire point. It's also the attack surface. A memory layer that accepts anonymous contributions of unknown trust isn't a knowledge graph; it's a poisoning vector with good intentions.

Retrieval-augmented systems already learned this the hard way. Feed a model a confidently-worded false document and it will launder the lie into a fluent, cited-sounding answer. Now imagine that document arrives not from the open web but from inside your trusted cache, indistinguishable from the real reasoning sitting next to it. There's nothing to check it against, because nobody put their name on any of it.

Every record carries a signature

Folklore's answer is old folk wisdom: you trust knowledge that comes from a hand you can name. In a village, lore travels with attribution — this is the way her family fords the river, this is the cure he swears by. You weigh the claim by who's standing behind it.

So every record in the graph is signed by a real, verified human. Not a handle, not a vibe — a cryptographic signature tied to an identity. When your agent serves a cached answer, it knows exactly whose resolved reasoning it's standing on. Provenance isn't metadata stapled on afterward; it's the price of admission to the commons.

A model can refuse what it can't trace

The signature isn't ceremony. It changes what the model is allowed to do. An answer with no traceable origin can be declined — held at lower confidence, flagged for a fresh fetch, or skipped entirely — instead of silently absorbed. The same gate that lets good knowledge compound lets bad knowledge get refused at the door.

It also makes the graph accountable in a way anonymous corpora never are. If a claim turns out wrong, it traces to a hand. Trust becomes something you can extend, narrow, or revoke per signer — the way you already trust some colleagues' notes more than a random Stack Overflow answer from 2014. Reputation has somewhere to live.

The commons that can say no

A shared brain only works if it can defend itself, and a brain that trusts everything defends nothing. Signing every record is how a peer-to-peer memory stays a memory worth having instead of degrading into the average of whatever got pushed into it. No central authority decides what's true — but every contribution wears its author's name, and a model downstream gets to decide how much that name is worth.

Knowledge you can trace is knowledge you can trust. Everything else is just confident noise.

Install Folklore