Trust policy
Trust signals help users inspect whether a rule is suitable for reuse. Scores are guidance, not a replacement for local review.
Ranking signals
- Verified license and source/provenance metadata
- OpenGrep compatibility and validation status
- Maintainer review and Provally official labels where applicable
- Authenticated stars and community feedback
- Recent fetch and pack download activity
- Deprecation status and abuse or spam penalties
Official and community rules
Provally official rules are labeled as Provally Curated and are not presented as community submissions. Community rules, indexed rules, and agent-generated rules keep their own source type, author, license, and validation signals.
What stays private
Detailed abuse-prevention thresholds and spam detection internals may remain private so the hosted service can protect the registry. The public policy still identifies the categories of signals used for ranking and trust decisions.