{"version":"2026-04-22-v1","pact_text_sha256":"18bcbbd36f57fc9cad91379c8dfef7539364b9b756c27c9dd1582a2fb1772a07","policies":[{"id":"approval-queue","title":"Human-in-the-loop approval queue","summary":"No write to any member CMS happens without a pending ApprovalQueueItem row and an explicit approve decision."},{"id":"entity-gated-cross-link","title":"Entity-gated cross-linking","summary":"Cross-link proposals require a shared entity or a one-hop EntityRelation between the two sites. No shared entity, no proposal."},{"id":"ftc-disclosure-scan","title":"FTC 16 CFR Part 255 scan","summary":"Detected articles with affiliate signals are scanned for a disclosure phrase. Gaps are surfaced to the member, not fixed silently."},{"id":"gdpr-forget","title":"GDPR right-to-be-forgotten","summary":"A valid DELETE /governance/forget request tombstones EntityReference, GovernancePact, and signer fields within 30 days. Audit trail preserved with hashed identifiers."},{"id":"takedown","title":"Member takedown","summary":"POST /governance/pact/revoke honours removal within 72 hours. Entity references are tombstoned; the public @id URI returns 410 Gone."},{"id":"ssrf-gate","title":"SSRF-safe fetch","summary":"Every outbound fetch (detect, compliance-run, indexnow) rejects private-IP targets and caps redirects. See app.services.safe_fetch."},{"id":"api-key-gate","title":"API key gate","summary":"All mutations require X-Loomgraph-Key via hmac.compare_digest. Read endpoints are public. When the key is unset, mutations fail closed with 503."},{"id":"audit-log","title":"Immutable audit log","summary":"Every mutation writes an AuditLog row. Rows are append-only; GDPR forgets tombstone the subject fields, never delete the row."},{"id":"ai-crawler-policy","title":"AI crawler policy","summary":"GPTBot, ClaudeBot, PerplexityBot, Google-Extended, CCBot are allowed on /kg/* and /llms.txt. Non-public paths are disallowed."}],"regulatory_anchors":[{"name":"FTC Endorsement Guides","cite":"16 CFR Part 255","url":"https://www.ftc.gov/business-guidance/resources/ftc-endorsement-guides-what-people-are-asking"},{"name":"GDPR Right to Erasure","cite":"Regulation (EU) 2016/679 Art. 17","url":"https://gdpr-info.eu/art-17-gdpr/"},{"name":"Google Search Essentials","cite":"spam policies","url":"https://developers.google.com/search/docs/essentials/spam-policies"},{"name":"Schema.org DefinedTerm","cite":"vocab","url":"https://schema.org/DefinedTerm"},{"name":"llms.txt","cite":"proposal","url":"https://llmstxt.org/"}],"slas":{"pact_revoke_hours":72,"gdpr_forget_days":30}}