What you're trying to do
Once #6 lands, every response should surface the trust state the call was treated as — so clients can detect when they're being confined and surface that in their own UI. gbrain's _meta.brain_hot_memory shows the same shape: server-attached, opt-in to render, never authoritative.
Suggested shape
- Every kb.* response carries
_meta.vouch_trust: {remote: bool, caller_kind: str, auth_subject: str | null}.
- The block is read-only metadata; client mutations are ignored.
- Documented under the JSONL request/response shape section of README.
Acceptance
- An HTTP-MCP call surfaces
remote: true, caller_kind: "mcp_http"; a CLI call surfaces remote: false, caller_kind: "cli".
- Test asserts the field appears on every read response.
Out of scope
- Cryptographic signing of the trust block.
What you're trying to do
Once #6 lands, every response should surface the trust state the call was treated as — so clients can detect when they're being confined and surface that in their own UI. gbrain's
_meta.brain_hot_memoryshows the same shape: server-attached, opt-in to render, never authoritative.Suggested shape
_meta.vouch_trust: {remote: bool, caller_kind: str, auth_subject: str | null}.Acceptance
remote: true, caller_kind: "mcp_http"; a CLI call surfacesremote: false, caller_kind: "cli".Out of scope