Documentation
How the certified organization labeler merges profile and organization records, then scores and labels the organization record on AT Protocol.
How it works
- 1.The certified organization labeler uses Tap — Bluesky's official sync tool — to monitor the AT Protocol network for both app.certified.actor.profile and app.certified.actor.organization records. Tap automatically discovers repos, backfills historical records from each PDS, and streams live events with cryptographic verification. The sidecar merges those records by DID so the dashboard can show the profile alongside the organization context. When a profile record needs fallback handling, the usable core fields are kept and malformed optional fields are ignored.
- 2.When a record is detected it is written to the log, scored, and then shown in the dashboard with its final tier.
- 3.The scoring engine checks an authenticity gate first. Records with authenticity failures are labeled⚠ Likely Test before completeness scoring begins. Validation notes are shown separately and do not affect tiering. Passing records then receive the 100-point completeness score.
- 4.A signed AT Protocol label is applied to the organization record URI based on the score tier. When a record is rescored, the previous label is negated and replaced with the new one.
Scoring criteria
Each passing organization record is evaluated on 13 completeness criteria for a maximum of 100 points. The rubric now gives less credit to basic identity fields and more weight to harder-to-fake credibility signals like website resolution, location, and visual/profile completeness. The authenticity gate runs first, validation notes are informational only, and labels stay attached to the organization record URI.
| Criterion | Description | Max pts |
|---|---|---|
| Display name | Awards a small amount when the display name comes from profile data or organization type instead of the DID-derived fallback. | 5 |
| Description | Awards points when the profile description is present and not obvious test data. | 10 |
| Organization type | Awards partial points for only `other`, full points for a specific organization type. | 5 |
| Profile website present | Awards points when profile.website is filled in. | 10 |
| Profile website resolves | Awards stronger points when profile.website is a valid public HTTP(S) URL. | 15 |
| Profile website matches name | Awards a small amount when the display name matches the profile.website domain stem. | 5 |
| Organization URLs (small bonus) | Awards a small amount when the organization has at least one URL. | 5 |
| Organization URLs resolve | Awards a small amount when at least one organization URL is a valid public HTTP(S) URL. | 5 |
| Location valid | Awards stronger points when the location is a valid certified location reference. | 10 |
| Founded date valid | Awards points for a valid, non-future foundedDate. | 5 |
| Founded date age bonus | Awards bonus points when the founded date is at least a year old. | 5 |
| Avatar | Awards meaningful points when the profile has an avatar. | 10 |
| Banner | Awards meaningful points when the profile has a banner. | 10 |
| Total | 100 |
Authenticity gate
Matching any gate failure forces ⚠ Likely Test. These are authenticity failures, not validation notes, and there are no separate numeric deductions.
Authenticity gate failure patterns
- • Common junk values: test, asdf, lorem ipsum, placeholder, delete me, ignore, todo, foo, bar, abc, wip, sample, and example.
- • Empty-style values: n/a, none, null, undefined, blank, draft, temp, and tmp.
- • Single-word greetings, repeated characters, and numeric-only values are also treated as test data.
Validation notes
These are informational only. They can appear when fallback handling keeps usable profile fields and drops malformed optional fields, and they do not imply suspicious activity or affect tiering.
Quality tiers
Scores map to three tiers. Authenticity gate failures override the numeric score and always produce a⚠ Likely Test label. Validation notes do not change the tier.
Strong merged profile + organization record with broad completeness across the rubric.
Decent merged record with some useful metadata, but not full rubric coverage.
Contains authenticity gate failures, or falls below the standard threshold.
API endpoints
The certified organization labeler exposes a small REST API for the dashboard as well as the standard AT Protocol labeler XRPC endpoint. Labels are still published against the organization record URI.
Dashboard statistics — total records, tier breakdown, 24h/7d record counts.
curl "https://orglabeler-production.up.railway.app/api/stats"
Recent organization records with pagination, tier filtering, AI-only filtering (hf=true), and text search (q=...). Valid tier values: all, likely-test, standard, high-quality.
curl "https://orglabeler-production.up.railway.app/api/recent?limit=20&offset=0&tier=high-quality"
Query AT Protocol labels via the standard labeler endpoint. Use uriPatterns to filter record URIs and sources to scope the label source.
curl "https://orglabeler-production.up.railway.app/xrpc/com.atproto.label.queryLabels?uriPatterns=at://did:plc:*/app.certified.actor.organization/*"
AT Protocol integration
The certified organization labeler is a fully compliant AT Protocol labeler. Any app that supports the labeler protocol can subscribe to or query its labels.
Labeler DID
did:plc:pswneepkd5lesumj7ejmkbal
Handle
orglabeler.certified.one
- —Labels are served via the standard com.atproto.label.queryLabels XRPC endpoint and can be queried by any AT Protocol client.
- —Each label is signed with ed25519 and includes: source DID, record URI, label value, timestamp, and a cryptographic signature.
- —Apps can subscribe to the labeler to automatically receive organization quality signals for app.certified.actor.organization records and filter or sort them by tier. The related profile record is used for merged actor context, not for the label target.
- —Only one quality label is active per record URI at a time. When a record is updated and re-scored, the previous label is negated before the new one is applied.