The trust ledger: institutional memory for an immune system
Every accept and refuse, per source, append-only. Trust with memory changes attacker economics — and gives auditors the artifact they actually want.
Stateless security checks share a weakness: every attempt is a fresh coin flip, so attackers iterate freely until one lands. The trust ledger makes Crowkis's write pipeline stateful — every accept and refuse is appended per writing source, and source trust (weighted 0.30) reads that history on every new write. A source that shipped garbage yesterday faces a higher composite bar today.
The economics this imposes on attackers are pleasingly hostile: probing the pipeline burns the prober's own standing, so iteration — the attacker's core tool — becomes self-defeating. Meanwhile honest-but-flaky sources (an agent with a hallucination habit, a webhook with a bug) get gracefully quarantined rather than catastrophically trusted.
Five stages score every write before it can ever be served.
Append-only is the auditor-grade property: the ledger records what happened, in order, without edits — the provenance chain for any answer the cache ever served. Enterprise's persistent audit export turns 'why did the bot say that, and since when?' from an investigation into a query with a timestamp.
The bottom line
Immune systems work because they remember. A cache that stores model output without remembering who to trust isn't defended — it's just organized.