Context
Currently trust decay is uniform — exponential decay is applied equally over time regardless of whether the agent has recent failures. A FLAGGED attestation (missed security issue, failed obligation) should steepen the decay curve, reducing trust faster after a negative outcome. This improves the signal quality of the trust model.
Part of: #49 (Group A epic)
Current behaviour
TrustScoreComputer applies exponential decay weighting to attestations by recency. All decay is time-based. A FLAGGED attestation from yesterday has the same decay weight as a SOUND attestation from yesterday — only time distinguishes them, not the valence of the outcome.
What to implement
In TrustScoreComputer (find it: find ~/claude/quarkus-ledger -name "TrustScoreComputer.java"):
Introduce a valence multiplier on the decay weight. FLAGGED attestations decay slower (persist longer as negative evidence); SOUND attestations decay normally.
Rationale: Trust is asymmetric. A single serious failure (missed security vulnerability shipping to production) should have lasting impact. Recovering from a FLAGGED attestation requires a sustained run of SOUND attestations, not just the passage of time.
// Conceptual change to decay weight calculation:
// Current: weight = exp(-lambda * ageInDays)
// New: weight = exp(-lambda * ageInDays * valenceMultiplier(verdict))
private double valenceMultiplier(AttestationVerdict verdict) {
return switch (verdict) {
case FLAGGED, CHALLENGED -> config.decay().flaggedPersistenceMultiplier(); // default: 0.5 (slower decay = more persistent)
case SOUND, ENDORSED -> 1.0; // normal decay
};
}A flaggedPersistenceMultiplier of 0.5 means FLAGGED attestations take twice as long to decay as SOUND ones — they persist in the model longer.
Configuration
Add to LedgerConfig:
quarkus.ledger.decay.flagged-persistence-multiplier=0.5
Default: 0.5. Range: 0.1 (very persistent) to 1.0 (same as SOUND, no change from current behaviour).
Tests
- Agent with one FLAGGED + three SOUND attestations at equal age has lower score than agent with four SOUND (no change from current)
- At
flaggedPersistenceMultiplier=1.0, behaviour is identical to current (regression test)
- At
flaggedPersistenceMultiplier=0.5, FLAGGED attestation retains 50% more influence after same elapsed time
- Config key is honoured
Motivating use case
An agent approves a PR that ships a security vulnerability. A FLAGGED attestation is written. The agent continues doing good work and accumulates SOUND attestations. With normal decay, the FLAGGED attestation fades quickly. With acceleration, the failure persists in the trust calculation — the agent's security-review score recovers more slowly, reflecting that security failures warrant sustained scrutiny before full trust is restored.
Acceptance criteria
Refs #49
Context
Currently trust decay is uniform — exponential decay is applied equally over time regardless of whether the agent has recent failures. A FLAGGED attestation (missed security issue, failed obligation) should steepen the decay curve, reducing trust faster after a negative outcome. This improves the signal quality of the trust model.
Part of: #49 (Group A epic)
Current behaviour
TrustScoreComputerapplies exponential decay weighting to attestations by recency. All decay is time-based. A FLAGGED attestation from yesterday has the same decay weight as a SOUND attestation from yesterday — only time distinguishes them, not the valence of the outcome.What to implement
In
TrustScoreComputer(find it:find ~/claude/quarkus-ledger -name "TrustScoreComputer.java"):Introduce a valence multiplier on the decay weight. FLAGGED attestations decay slower (persist longer as negative evidence); SOUND attestations decay normally.
Rationale: Trust is asymmetric. A single serious failure (missed security vulnerability shipping to production) should have lasting impact. Recovering from a FLAGGED attestation requires a sustained run of SOUND attestations, not just the passage of time.
A
flaggedPersistenceMultiplierof 0.5 means FLAGGED attestations take twice as long to decay as SOUND ones — they persist in the model longer.Configuration
Add to
LedgerConfig:quarkus.ledger.decay.flagged-persistence-multiplier=0.5Default: 0.5. Range: 0.1 (very persistent) to 1.0 (same as SOUND, no change from current behaviour).
Tests
flaggedPersistenceMultiplier=1.0, behaviour is identical to current (regression test)flaggedPersistenceMultiplier=0.5, FLAGGED attestation retains 50% more influence after same elapsed timeMotivating use case
An agent approves a PR that ships a security vulnerability. A FLAGGED attestation is written. The agent continues doing good work and accumulates SOUND attestations. With normal decay, the FLAGGED attestation fades quickly. With acceleration, the failure persists in the trust calculation — the agent's security-review score recovers more slowly, reflecting that security failures warrant sustained scrutiny before full trust is restored.
Acceptance criteria
valenceMultiplierapplied inTrustScoreComputerdecay weight calculationquarkus.ledger.decay.flagged-persistence-multiplierwith default 0.5Refs #49