下方详细方法论章节为英文(与信任信号代码保持同步)。
方法论与注意事项
信任信号如何工作
用于技术栈决策的明确、有来源的启发式方法 - 不是安全认证。在解读任何工具的维护标签、来源字段或依赖扫描状态前请先阅读本文。
简要说明:我们汇总公开 GitHub 元数据以及可选的 OSV 依赖公告。信号带有日期和方法论标签,不构成安全或适用性保证。
What trust signals are
GraphCanon surfaces sourced, dated heuristics to help you compare open-source AI development tools. They are decision inputs, not certifications.
Every trust report names its methodology version, when signals were computed, and what data we actually inspected. We do not ship a composite letter grade or a black-box safety score.
Maintenance (`github_public_v1`)
Maintenance posture is derived from public GitHub repository metadata refreshed on ingest and on scheduled GitHub sync. The label and percentage signal reflect recency of activity, not code quality or security.
- Archived on GitHub → label Archived (repos marked archived are treated as unmaintained by definition).
- No `pushed_at` timestamp → label Unknown.
- Last push within 7 days → Very active; within 30 days → Active; within 90 days → Steady; within 365 days → Slowing; older → Dormant.
- When metric history exists, we also store 30-day deltas for stars and open issues alongside the push recency signal.
- Discovery surfaces may show the persisted label or the same heuristic when trust metadata has not been computed yet.
Provenance (`github_public_v1`)
Provenance fields identify the upstream repository and basic lineage from GitHub's public API. They help spot forks and account type; they do not verify maintainer identity or organizational endorsement.
- `github_id` - stable numeric id for the repository on GitHub.
- `is_fork` and `parent_repo` - whether the catalog entry points at a fork and, when known, the parent `owner/repo`.
- `owner_type` - GitHub account class (`Organization` vs `User`) when returned by the API.
- `computed_at` - ISO timestamp when these fields were last merged into stored trust metadata.
Security scans (Phase 2 - dependency advisories)
When enabled for a tool, security status comes from an automated dependency advisory lookup against lockfiles present in the default branch. This is intentionally narrow: known CVEs in declared dependencies, not a review of application code.
If no supported lockfile is found, status is No lockfile and we do not infer a clean bill of health.
- Scanner: OSV (`osv@v1`) batch queries against declared package versions.
- Lockfiles tried (up to three per repo): `package-lock.json`, `pnpm-lock.yaml`, `poetry.lock`, `requirements.txt`, `go.sum`.
- At most 150 unique package coordinates are queried per scan to bound cost and latency.
- Findings list severity, advisory title, package coordinate, and CVE alias when OSV provides one.
- A status of No criticals means no critical-severity advisories matched scanned packages on the scan date - not that the project is secure.
MCP code scan (Phase 4 - Semgrep-style heuristics)
For MCP server repos, we optionally run static pattern checks on a small set of source files (not full dependency advisories). Findings are heuristic regex matches, not a Semgrep CLI run or penetration test.
Critical and high findings enter an admin review queue before surfacing broadly. Expect false positives on legitimate subprocess or HTTP usage.
- Scanner: semgrep_mcp@v1 rule pack (SSRF, subprocess, auth-disabled, transport patterns).
- Eligibility: MCP topic/manifest heuristics or admin-flagged repos only.
- Worker: npm run trust-scan:semgrep (async, daily cap via SEMGREP_DAILY_CAP) - not inline Vercel cron.
- Admin queue: GET /api/admin/trust-scan-reviews (graphcanon_admin_users role).
Verified publisher claims (M3)
A verified publisher badge means a signed-in GitHub user with repo admin access claimed the listing. It is distinct from the owner_type heuristic (Organization vs User) which comes from GitHub metadata alone.
Abuse: claims can be disputed or revoked. Spoofing an org you do not admin requires compromising GitHub OAuth or our verification path - report suspicious badges via contact.
- Claim flow: POST /api/graphcanon/tools/{slug}/claim (GitHub OAuth required).
- Verification: GitHub login matches personal owner, or collaborator permission admin/maintain/write via GITHUB_TOKEN.
- Stored in graphcanon_tool_claims and metadata.trust.provenance.verified_publisher.
What we never claim
Trust signals must not be read as warranties. GraphCanon does not run penetration tests, code audits, or maintainer background checks.
- We do not claim a tool is safe, production-ready, or verified secure.
- We do not claim pen-test coverage, SOC 2 compliance, or supply-chain certification.
- We do not endorse maintainers, organizations, or downstream use in regulated environments.
- Absence of findings in a dependency scan is not proof of absence of vulnerabilities (unscanned lockfiles, private deps, runtime-only risk, etc.).
- Maintenance labels describe GitHub activity heuristics, not whether you should adopt the software.
Freshness and limits
Trust metadata is recomputed when a tool is ingested or synced from GitHub. Security scans run on that same cadence when the scanner is enabled for the corpus.
GitHub facts can lag reality (force-pushes, mirror delays, archived state changes). Always confirm critical decisions against the live repository and your own security process.
单工具报告:打开任意工具页并查看完整信任报告,或请求 /api/graphcanon/tools/{slug}/trust。