Trust is a formula.
Datumline publishes evidence-based counterparty grades on the software AI agents connect to — starting with MCP servers, the layer through which agents are granted access to mail, files, payments, and enterprise systems.
One scale. Calibrated meaning.
Every grade maps to an expected incident rate over the surveillance window — and every grade is backtested against documented failures. A rating you can't calibrate is an adjective.
Modifiers: u identity unverified · w on watch — a trigger has fired and surveillance is elevated. Entities with insufficient history are listed NR, not rated.
Five questions. Any counterparty.
Every Datumline grade answers the same five questions from machine-gathered evidence — registry histories, sandboxed behavioral analysis, vulnerability records — scored on fixed bands, composited under calibrated weights, and subject to hard caps for non-negotiable failures.
Identity
Is it who it says it is? Provenance, verifiability, authenticity of its ecosystem footprint.
Conduct
Does it do what it declares — and only that? Claims tested against observed behavior.
Continuity
Will it stay what it is? Ownership transfers, behavioral drift, update integrity over time.
Soundness
Can it be broken — or is it already? Vulnerability profile, authentication, exposure.
Stewardship
Who answers when it fails? Remediation speed, disclosure practice, maintenance reality.
How ratings work
Built the way rating agencies have worked for a century — rebuilt for counterparties that are software, and consumers that are machines.
Machine-checkable
Grades are designed to be consumed at decision time — by an agent's spending policy, a CI pipeline, or a gateway — via API and MCP lookup, not just read by people.
Continuous surveillance
Ratings don't expire into stale PDFs. Triggers fire on ownership transfers, behavioral diffs, and new disclosures; downgrades publish immediately.
Right of reply
Before an adverse rating publishes, the rated party receives notice and a response window. Corrections follow a published procedure.
Institutional authorship
All grades are issued by Datumline under its Analyst Independence Policy — no individual authorship, so no analyst can be pressured or courted by a rated entity.
The inaugural MCP server cohort is under evaluation: a 12-month historical backtest against documented incidents, followed by a live observation window. First ratings — and the backtest results behind them — publish with the methodology.
Datumline Watch
A short digest of grade actions, watch flags, and what changed in the trust picture of the agent ecosystem. No noise; only actions.
Subscribe by emailOne email opens a draft to watch@datumline.dev — send it and you're on the list.