Documentation
How the certified organization labeler merges profile and organization records, then scores and labels the organization record on AT Protocol.
How it works
- 1.The certified organization labeler uses Tap — Bluesky's official sync tool — to monitor the AT Protocol network for both app.certified.actor.profile and app.certified.actor.organization records. Tap automatically discovers repos, backfills historical records from each PDS, and streams live events with cryptographic verification. The sidecar merges those records by DID so the dashboard can show the profile alongside the organization context. When a profile record needs fallback handling, the usable core fields are kept and malformed optional fields are ignored.
- 2.When a record is detected it is written to the log, scored, and then shown in the dashboard with its final tier.
- 3.The scoring engine separates hard test signals from softer validation notes. Records with test signals are labeled ⚠ Likely Test. Records without test signals receive the 100-point completeness score and are labeled standard or high-quality from that score.
- 4.A signed AT Protocol label is applied to the organization record URI based on the score tier. When a record is rescored, the previous label is negated and replaced with the new one.
Scoring criteria
Each organization record is evaluated on 13 completeness criteria for a maximum of 100 completeness points, plus a configurable actor-PDS trust bonus. The rubric gives less credit to basic identity fields and more weight to harder-to-fake credibility signals like website resolution, location, and visual/profile completeness. Hard test signals override the score to likely-test; validation notes are informational only, and labels stay attached to the organization record URI.
| Criterion | Description | Max pts |
|---|---|---|
| Display name | Awards a small amount when the display name comes from profile data or organization type instead of the DID-derived fallback. | 5 |
| Description | Awards points when the profile description is present; generic words like test, testing, or tested are allowed in descriptions. | 10 |
| Organization type | Awards partial points for only `other`, full points for a specific organization type. | 5 |
| Profile website present | Awards points when profile.website is filled in. | 10 |
| Profile website resolves | Awards stronger points when profile.website is a valid public HTTP(S) URL. | 15 |
| Profile website matches name | Awards a small amount when the display name matches the profile.website domain stem. | 5 |
| Organization URLs (small bonus) | Awards a small amount when the organization has at least one URL. | 5 |
| Organization URLs resolve | Awards a small amount when at least one organization URL is a valid public HTTP(S) URL. | 5 |
| Location valid | Awards stronger points when the location is a valid certified location reference. | 10 |
| Founded date valid | Awards points for a valid, non-future foundedDate. | 5 |
| Founded date age bonus | Awards bonus points when the founded date is at least a year old. | 5 |
| Avatar | Awards meaningful points when the profile has an avatar. | 10 |
| Banner | Awards meaningful points when the profile has a banner. | 10 |
| Trusted PDS bonus | Awards the configured trusted-PDS bonus when the actor DID resolves to certified.one or gainforest.id by default. | 10 |
| Total | 100 + trusted PDS bonus |
Test signals and validation notes
Matching a hard test signal forces ⚠ Likely Test. Validation notes are softer data-quality issues shown to operators, but they do not change the tier.
Hard test signal patterns
- • Actors hosted on configured TEST_PDS_HOSTS.
- • Placeholder display names such as test org, demo, dev, staging, qa, e2e, sandbox, fixture, obvious glued test fixtures like tobytest, generic names like org/org 1/first org/new org, and workflow states like published, unpublished, or changes requested.
- • Obvious junk descriptions such as lorem ipsum or a description that is only placeholder text. Generic words like test, testing, or tested are allowed in descriptions.
- • Placeholder domains such as example.com, example.org, example.net, and reserved .test/.example/.invalid hostnames.
- • Repeated-character runs in display names.
Validation notes
These are informational only. They can appear when fallback handling keeps usable profile fields, optional fields are malformed, short metadata fields such as organization type or URL label contain placeholder/test words, or the record has very little metadata. They do not imply suspicious activity or affect tiering.
Quality tiers
Scores map to standard or high-quality unless a hard test signal is present. Test signals override the numeric score and produce a ⚠ Likely Test label. Validation notes do not change the tier.
Strong merged profile + organization record with broad completeness across the rubric.
Non-test merged record with anything below the high-quality threshold.
Contains hard test evidence, such as a configured test PDS, placeholder display name, or placeholder domain.
API endpoints
The certified organization labeler exposes a small REST API for the dashboard as well as the standard AT Protocol labeler XRPC endpoint. Labels are still published against the organization record URI.
Dashboard statistics — total records, tier breakdown, 24h/7d record counts.
curl "https://orglabeler.hypercerts.dev/api/stats"
Recent organization records with pagination, tier filtering, AI-only filtering (hf=true), and text search (q=...). Valid tier values: all, likely-test, standard, high-quality.
curl "https://orglabeler.hypercerts.dev/api/recent?limit=20&offset=0&tier=high-quality"
Query AT Protocol labels via the standard labeler endpoint. Use uriPatterns with a full URI, a trailing-prefix wildcard, or * for all labels; sources scopes the label source.
curl "https://orglabeler.hypercerts.dev/xrpc/com.atproto.label.queryLabels?uriPatterns=*"
AT Protocol integration
The certified organization labeler is a fully compliant AT Protocol labeler. Any app that supports the labeler protocol can subscribe to or query its labels.
Labeler DID
did:plc:pswneepkd5lesumj7ejmkbal
Handle
orglabeler.certified.one
- —Labels are served via the standard com.atproto.label.queryLabels XRPC endpoint and can be queried by any AT Protocol client.
- —Each label is signed with ed25519 and includes: source DID, record URI, label value, timestamp, and a cryptographic signature.
- —Apps can subscribe to the labeler to automatically receive organization quality signals for app.certified.actor.organization records and filter or sort them by tier. The related profile record is used for merged actor context, not for the label target.
- —Only one quality label is active per record URI at a time. When a record is updated and re-scored, the previous label is negated before the new one is applied.