{"schema_version":"1.0","service":"evals","trainingUse":{"publicPages":"allowed for public-safe summaries subject to robots.txt and legal terms","privateEvidence":"not allowed","secrets":"not allowed"},"agentUse":{"readOnly":"allowed on public-safe routes","mutating":"requires PLATPHORM_API_KEY","expensiveExecution":"requires PLATPHORM_API_KEY"},"redaction":{"secrets":"redacted","rawLogs":"private unless explicitly public-safe","ja4Digest":"hash or redact before public display"},"provenance":"PlatPhorm Evals distinguishes public evaluation evidence fingerprints from user, browser, device, visitor, behavioral, request-header, and private workflow fingerprints. Public artifact fingerprints may be used for provenance and contract anchoring; visitor, browser, device, behavioral, request-header, IP, raw JA4, raw x-vercel-ja4-digest, session, private logs, private artifacts, protected run payloads, provider tokens, and private model-grade prompts are not public provenance and are never contract-anchor eligible.","verification":"Agents may read public Evals suites, public runs, public scorecards, public findings, Web4 status, provenance, route evidence, scorecards, and trust surfaces, but must not treat queued, running, missing, pending, failed, degraded, revoked, superseded, private, or protected evidence as verified.","trustPolicy":"Web dashboard, public-safe discovery, browser-based operations, trusted-domain discovery, standard route compliance, Vercel metadata capture, trace inspection, and agentic workflow discovery are intentionally supported for public read-only debugging and operator workflows. Mutating, administrative, ingestion, replay, fork, remediation, deployment, sync, test-triggering, reporting, and write actions require PLATPHORM_API_KEY."}