The AgentNode Trust Model: Tiers, Scores, and What They Mean
Unverified, Partial, Verified, Gold — what does each tier mean for you as a user? How does the platform decide which packages to trust?
Every package on AgentNode has a verification tier. This tier tells you — as a user or as an AI agent — how much evidence exists that this package works correctly and safely.
This article explains the full trust model: what each tier means, how packages move between tiers, and how the system uses tiers to make decisions.
The Four Tiers
| Tier | What It Means | Badge |
|---|---|---|
| Gold | Verified by platform with publisher-declared test cases. All quality criteria met. | Gold shield |
| Verified | Installs, imports, and runs without errors. Basic functionality confirmed. | Blue checkmark |
| Partial | Installs and imports, but couldn't be fully tested (credential boundary, missing system deps). | Yellow half-check |
| Unverified | Verification failed or hasn't run yet. | Gray dash |
What Gold Actually Proves
A Gold package has passed all of the following:
- Installation —
pip installsucceeds in a clean container - Import — the tool entrypoint can be imported without errors
- Smoke test — the tool was called with publisher-declared inputs and returned a valid result
- Contract — the return value is JSON-serializable, non-None, and type-stable
- Reliability — 3 identical calls all succeed (≥ 90% pass rate)
- Determinism — outputs are consistent across runs
- Explicit cases — the publisher declared specific test inputs (not auto-generated)
All of this runs in a sandboxed container with no network access (unless VCR cassettes replay recorded responses). The platform controls the environment — not the publisher.
What Verified Means
Verified is the most common tier. It means:
- The package installs correctly
- The tool entrypoint imports without errors
- Basic smoke tests passed (with auto-generated or limited inputs)
Verified does not mean the tool was tested with meaningful inputs. It means the tool exists, installs, and doesn't crash on import. That's significant — many packages in other registries can't even guarantee that — but it's not Gold.
What Partial Means
Partial means verification hit a legitimate limitation:
- Tool needs API credentials the sandbox doesn't have
- Tool needs system dependencies (ffmpeg, tesseract) not in the base container
- Tool needs specific binary input files
The package isn't broken — it just can't be fully verified in the current sandbox. Publishers can upgrade from Partial to Gold by adding verification cases with VCR cassettes or appropriate test fixtures.
Tier vs. Score
The score (0-100) and the tier are related but not the same thing:
Score ≥ 90 → Base tier: Gold
Score 70-89 → Base tier: Verified
Score 50-69 → Base tier: Partial
Score < 50 → Base tier: Unverified
BUT: Hard caps can override downward.
A score of 95 with no explicit cases → Verified (not Gold).The score measures how well verification went. The tier represents the confidence level the platform assigns. Hard caps ensure that certain minimum quality standards are met regardless of numeric score.
Publisher Trust Levels
Separate from package tiers, each publisher has a trust level:
| Trust Level | How You Get It | What It Unlocks |
|---|---|---|
unverified | Default for new accounts | First publish is quarantined |
verified | 2FA enabled + 1 published package | Skip quarantine on publish |
trusted | 3+ packages, 50+ downloads, 0 critical findings, 30+ days active | Higher resolver priority |
curated | Admin promotion | Highest trust, featured placement |
Publisher trust and package tier are independent. A trusted publisher can have a Partial package (if it needs credentials). An unverified publisher can have a Gold package (if they added proper test cases).
How Tiers Affect the Resolver
When an AI agent requests a capability (e.g., "I need web search"), the resolver selects from matching packages. Tier factors into the resolution score:
- Gold packages are preferred over Verified
- Verified packages are preferred over Partial
- Unverified packages have the lowest priority
This means Gold packages are more likely to be installed automatically by agents. It's the primary incentive for publishers to add verification cases.
Quarantine
Quarantine is separate from tiers. A package can be quarantined for:
- Verification failure on first publish — auto-quarantined, cleared when re-verification passes
- Security scan findings — quarantined until findings are resolved
- Admin action — manual quarantine for policy violations
Quarantined packages are not visible in search and cannot be installed. Quarantine is independent of tier — a Gold package can be quarantined (e.g., if a security issue is discovered post-verification).
Tier Transitions
Tiers can move in both directions:
Upgrades
- Publisher adds
verification.cases→ Verified can become Gold - Publisher fixes a failing test → Partial can become Verified
- Admin triggers re-verification after infrastructure update → Partial can become Gold
Downgrades
- Re-verification fails (dependency broke, API changed) → Gold can drop to Verified
- Security finding discovered → tier can be overridden by admin
- New verification runner catches previously-missed issues
Tier changes only happen during verification runs. Between runs, the tier is stable.
Confidence Levels
Each verification result also carries a confidence level (high/medium/low) that indicates how much you should trust the score:
- High — smoke passed, contract valid, reliability ≥ 0.9, publisher tests passed
- Medium — most checks passed but some data is missing
- Low — smoke was inconclusive, limited evidence
Confidence is shown alongside the tier on the package detail page. A Gold package always has high confidence (it's required for Gold). A Verified package might have medium confidence if it reached that tier through score alone.
The Verification Modes
Each verification run is tagged with how it was conducted:
| Mode | What Happened | Gold Eligible |
|---|---|---|
fixture | VCR cassette replayed pre-recorded HTTP responses | Yes |
cases_real | Publisher-declared cases ran with real local execution (no network) | Yes |
real_auto | Platform auto-generated inputs (no publisher cases) | No |
limited | Blocked by missing system dep or binary input | No |
The mode is visible in the API response and helps publishers understand how their package was tested.
Summary
The trust model has three layers:
- Publisher trust — who published this? (unverified → curated)
- Package tier — how well was it verified? (unverified → gold)
- Quarantine status — is it safe to show/install? (none/quarantined/cleared)
All three are independent. Together they give the resolver and the user a complete picture of how much to trust a package.
For publishers: the fastest path to Gold is adding verification.cases to your manifest. For users: Gold means the platform tested it with real inputs in a sandbox — not just that the publisher says it works.