Integration Guide
Add ISNAD trust checks to your AI agent or application.
Quick Integration
The simplest integration: check trust before loading any external resource.
01async function loadSkillWithTrustCheck(skillUrl) {
02 // 1. Fetch the skill content
03 const content = await fetch(skillUrl).then(r => r.text());
04
05 // 2. Compute content hash
06 const hash = await crypto.subtle.digest(
07 "SHA-256",
08 new TextEncoder().encode(content)
09 );
10 const hashHex = "0x" + [...new Uint8Array(hash)]
11 .map(b => b.toString(16).padStart(2, "0")).join("");
12
13 // 3. Check trust score
14 const trust = await fetch(
15 `https://api.isnad.md/api/v1/trust/${hashHex}`
16 ).then(r => r.json());
17
18 // 4. Enforce minimum tier
19 if (trust.trustTier === "UNVERIFIED") {
20 throw new Error("Skill not verified - refusing to load");
21 }
22
23 return { content, trust };
24}
OpenClaw Integration
For OpenClaw agents, add trust checks to your skill loader:
01# In your AGENTS.md or skill loading logic
02
03Before loading any skill:
041. Compute SHA-256 hash of SKILL.md content
052. Query api.isnad.md/api/v1/trust/{hash}
063. Require tier >= COMMUNITY for execution
074. Log trust score for audit trail
On-Chain Integration
For trustless verification, read directly from the smart contract:
01import { createPublicClient, http } from "viem";
02import { baseSepolia } from "viem/chains";
03import { ISNADStakingABI } from "@isnad/contracts";
04
05const client = createPublicClient({
06 chain: baseSepolia,
07 transport: http(),
08});
09
10const trustScore = await client.readContract({
11 address: STAKING_ADDRESS,
12 abi: ISNADStakingABI,
13 functionName: "getTrustScore",
14 args: [resourceHash],
15});
16
17const tier = await client.readContract({
18 address: STAKING_ADDRESS,
19 abi: ISNADStakingABI,
20 functionName: "getTrustTier",
21 args: [resourceHash],
22});
Trust Policy Examples
Configure trust requirements based on your risk tolerance:
Conservative (High Security)
01const POLICY = {
02 minTier: "TRUSTED",
03 minScore: 10000,
04 minAuditors: 3,
05 allowUnverified: false,
06};
Standard (Balanced)
01const POLICY = {
02 minTier: "VERIFIED",
03 minScore: 1000,
04 minAuditors: 2,
05 allowUnverified: false,
06};
Permissive (Development)
01const POLICY = {
02 minTier: "COMMUNITY",
03 minScore: 100,
04 minAuditors: 1,
05 allowUnverified: true, // with warning
06};
Best Practices
- Cache trust scores — Refresh every few minutes, not every request
- Log decisions — Record what was loaded and its trust level for auditing
- Fail closed — If the API is unavailable, don't load unverified resources
- Pin content hashes — Store the hash you verified, not just the URL
- Monitor for slashing — Subscribe to contract events for resources you use