metafactory is a trusted, public marketplace for agentic components. Trust is earned progressively — never automated.
Every published package has a named human sponsor.
Every package declares its capabilities. When the scanner sees more than the manifest claims, the publish is refused.
Tamper evidence via SHA-256 + content-addressed install.
The validation pipeline emits an HMAC-chained audit log.
Publishing requires an active sponsor at a higher trust tier. Sponsors put their reputation on the line for what they sponsor.
When scanner-detected capabilities are submitted alongside the manifest, the publish-pipe drift gate (FR-7) refuses the submission and emits `audit.capability_drift_blocked`. Submissions without scanner output pass the gate today; the server-side scanner that closes the last hop ships in F3-307.
Every artifact ships with the SHA-256 of the bytes the steward signed off on. arc verifies the hash before install. A single byte change = different hash = different version (DD-78).
F3-309 single-writer DO + R2 chunks + HMAC chain + sigstore Rekor witness. Stewards can verify any entry; the chain detects tampering.
Every package declares capabilities across five dimensions. The publish-pipe drift gate (FR-7) refuses any publish where the scanner output disagrees with the manifest. The server-side scanner that produces that output ships in F3-307; until then, only submissions that include scanner data exercise the gate.