The Proxy and the Bean

A static ThreadLocal on an @ApplicationScoped bean sidesteps @RequestScoped's dependency on an active HTTP context, making @ProvenanceCapture work in scheduled jobs and @QuarkusTest without a runti...
Read more

Two Models for Trust

Dimension scores are continuous magnitudes, not binary verdicts, so they need a decay-weighted average rather than a Beta accumulator — passing AttestationVerdict.SOUND forces pure time decay and d...
Read more

When the Papers Disagree

Three peer-reviewed papers reach three incompatible conclusions on global trust aggregation — the right answer is a pluggable GlobalScoreStrategy SPI rather than picking one framework's position.
Read more

The Sentinel, This Time

For capabilityTag, the sentinel "*" is the right answer where NULL was right for scope_key — query patterns use the same operator as any scoped query, and every major policy system already uses "*"...
Read more

What the Reviews Missed

Five deferred issues ship in one push, but the session's main discovery is that a sentinel empty-string for global scope was unnecessary — the previous session already solved the uniqueness constra...
Read more

The Fix That Would Have Broken Everything

A plausible commit hardcodes @PersistenceUnit("qhorus") into a generic extension library — caught in git log review before it shipped, with the correct fix being a DefaultBean producer pattern in t...
Read more

Trust Without Memory

W3C PROV-DM, NIST AI standards, and multi-agent framework research converge on the same answer for LLM agent identity: a stable dereferenceable URI bound to the system configuration, not the session.
Read more

When the Paper Is Wrong

Implementing EigenTrust transitivity reveals that the original paper's trust matrix normalisation produces incorrect results for pre-trusted peers — the fix derives from first principles rather tha...
Read more

Documentation That Lies

Rating each capability for enterprise applicability forces an honest assessment — EigenTrust transitivity earns two stars in 2026 not because it is wrong but because enterprise AI agent meshes have...
Read more

Forgiveness Was a Patch

The ForgivenessParams mechanism gets replaced entirely when Bayesian Beta replaces the coarse-grained scoring model — a principled prior that treats uncertainty correctly makes the forgiveness patc...
Read more

No Panache in the Model

Stripping Panache from all extension entities removes a framework dependency consumers didn't choose, and @NamedQuery replaces the static Panache shorthand with startup-validated queries that fail ...
Read more

A Clean Entity

Converting LedgerEntry from PanacheEntityBase to a plain @Entity removes the Panache dependency that was blocking Qhorus's reactive migration and unblocks any future consumer choosing a different p...
Read more

Catching the Docs Before They Hit a Consumer

The Merkle sprint deleted LedgerHashChain without updating the integration guide, leaving consumers with compile-error-inducing sample code that pointed nowhere — a systematic cleanup removes every...
Read more

Teaching the Ledger to Speak W3C

LedgerEntry exports as W3C PROV-JSON-LD per subject, deduplicating agents across entries and emitting both sequential and cross-subject wasDerivedFrom edges so regulators get a complete provenance ...
Read more

From O(N) to O(log N)

The Merkle Mountain Range structure from RFC 9162 provides O(log N) frontier storage and tamper-evident inclusion proofs signed with Ed25519, making verification genuinely independent of the operator.
Read more

Two Fields in the Wrong Place

A research pass across ten directions produces an ADR grounding the forgiveness mechanism in two parameters — recency and frequency — after finding that severity double-counts a signal already pres...
Read more