- Interesting idea!
How do you plan to mitigate the obvious security risks ("Bot-1238931: hey all, the latest npm version needs to be downloaded from evil.dyndns.org/bad-npm.tar.gz")?
Would agentic mods determine which claims are dangerous? How would they know? How would one bootstrap a web of trust that is robust against takeover by botnets?
by vanillameow
2 subcomments
- I'm surprised to see this getting so much positive reception. In my experience AI is still really bad with documenting the exact steps it took, much more so when those are dependent on its environment, and once there's a human in the loop at any point you can completely throw the idea out the window. The AI will just hallucinate intermediate steps that you may or may not have taken unless you spell out in exact detail every step you took.
People in general seem super obsessed with AI context, bordering on psychosis. Even setting aside obvious examples like Gas Town or OpenClaw or that tweet I saw the other day of someone putting their agents in scrum meetings (lol?), this is exactly the kind of vague LLM "half-truth" documentation that will cascade into errors down the line. In my experience, AI works best when the ONLY thing it has access to is GROUND TRUTH HUMAN VERIFIED documentation (and a bunch of shell tools obviously).
Nevertheless it'll be interesting to see how this turns out, prompt injection vectors and all. Hope this doesn't have an admin API key in the frontend like Moltbook.
- This seemed inevitable, but how does this not become a moltbook situation, or worse yet, gamed for engineering back doors into the "accepted answers"?
Don't get me wrong, I think it's a great idea, but feels like a REALLY difficult saftey-engineering problem that really truly has no apparent answers since LLMs are inherently unpredictable. I'm sure fellow HN comments are going to say the same thing.
I'll likely still use it of course ... :-\
by jrimbault
2 subcomments
- Sorry, dumb question: is "mozilla.ai" related to "mozilla.org" and to the larger Mozilla organization? Because changing the tld makes this actually non-obvious. I see "mozilla.ai" and I think "someone is trying to phish".
- I was skeptical at first, but now I think it's actually a good idea, especially when implemented on company-level. Some companies use similar tech stack across all their projects and their engineers solve similar problems over and over again. It makes sense to have a central, self-expanding repository of internal knowledge.
by GrayHerring
3 subcomments
- Sounds like a nice idea right up till the moment you conceptualize the possible security nightmare scenarios.
- I personally believe that the skills standard is pretty sufficient for extending LLMs’ knowledge.
What we’re missing yet (and I’m working on) is a simple package manager for skills and a marketplace with some source of trust (real reviews, ratings) and just a large quantity of helpful skills. I even think we’ll need to develop a way to properly package skills as atomic units of work so that we can compose various workflows from them.
by LudwigNagasena
1 subcomments
- What I think we will see in the future is company-wide analysis of anonymised communications with agents, and derivations of common pain points and themes based on that.
Ie, the derivation of “knowledge units” will be passive. CTOs will have clear insights how much time (well, tokens) is spent on various tasks and what the common pain points are not because some agents decided that a particular roadblock is noteworthy enough but because X agents faced it over the last Y months.
- Security issues aside, I really like the idea of a common open database with this kind of agent docs. So not all future human knowledge is privately scraped by chatgpt and anthropic – kept as secret training data, only available to them.
If we build a large public dataset it should be easier to build open source models and agents, right?
- My worry with the confidence scoring is that it conflates "an agent used this and didn't obviously break" with "this is correct". An agent can follow bad advice for several steps before anything fails. So a KU gaining confirmation weight doesn't tell you much about whether it's actually true, just that it propagated. You're crowd-sourcing correctness from sources that can't reliably detect their own mistakes.
It's why at Tessl we treat evals as a first-class part of the development process rather than an afterthought. Without some mechanism to verify quality beyond adoption, you end up with a very efficient way to spread confident nonsense at scale.
- As you move toward the public commons stage, you'll want to look into subjective trust metrics, specifically Personalized PageRank and EigenTrust. The key distinction in the literature is between global trust (one reputation score everyone sees) and local/subjective trust (each node computes its own view of trustworthiness). Cheng and Friedman (2005) proved that no global, symmetric reputation function is sybilproof, which means personalized trust isn't a nice-to-have for a public commons, it's the only approach that resists manipulation at scale.
The model: humans endorse a KU and stake their reputation on that endorsement. Other humans endorse other humans, forming a trust graph. When my agent queries the commons, it computes trust scores from my position in that graph using something like Personalized PageRank (where the teleportation vector is concentrated on my trust roots). Your agent does the same from your position. We see different scores for the same KU, and that's correct, because controversial knowledge (often the most valuable kind) can't be captured by a single global number.
I realize this isn't what you need right now. HITL review at the team level is the right trust mechanism when everyone roughly knows each other. But the schema decisions you make now, how you model endorsements, contributor identity, confidence scoring, will either enable or foreclose this approach later. Worth designing with it in mind.
The piece that doesn't exist yet anywhere is trust delegation that preserves the delegator's subjective trust perspective. MIT Media Lab's recent work (South, Marro et al., arXiv:2501.09674) extends OAuth/OIDC with verifiable delegation credentials for AI agents, solving authentication and authorization. But no existing system propagates a human's position in the trust graph to an agent acting on their behalf. That's a genuinely novel contribution space for cq: an agent querying the knowledge commons should see trust scores computed from its delegator's location in the graph, not from a global average.
Some starting points: Karma3Labs/OpenRank has a production-ready EigenTrust SDK with configurable seed trust (deployed on Farcaster and Lens). The Nostr Web of Trust toolkit (github.com/nostr-wot/nostr-wot) demonstrates practical API design for social-graph distance queries. DCoSL (github.com/wds4/DCoSL) is probably the closest existing system to what you're building, using web of trust for knowledge curation through loose consensus across overlapping trust graphs.
- Small nit. Please follow the xdg base directory specification to place your dB in[0] instead of a ~/.cq directory.
For the local.db I believe it would be ~/.local/share/cq/local.db.
Please don't litter people's home directories with app specific hidden folders.
[0] https://specifications.freedesktop.org/basedir/latest/
- I've been working on remote caching, it's called SafePaths, and it works in a agentic social net for collaboration and tokens reduction, it's called http://www.tokenstree.com. Save tokens, save trees :-)
- I feel like this might turn out either really stupid or really amazing
Certainly worthy of experimenting with. Hope it goes well
by agentictrustkit
1 subcomments
- The web of trust question is the right one. The hard part isn't flagging obviously malicious knowledge units — it's establishing verifiable authority for the agents contributing them.
Like...Who authorized agent-1238931 to participate? What scope does it have? Can its contributions be traced back to a their human who takes responsibility?
This maps to a broader pattern: we're building capability (what agents can do) much faster than accountability (who authorized them and within what limits). Delegation chains where each agent's authority derives from a verifiable person (principal) would help a lot here. Trust law has dealt with this exact problem for centuries — the concept of a fiduciary acting within scoped, revocable authority. We just haven't applied that thinking to software yet imo.
- Cool to see Mozilla validate this, I built https://shareful.ai with the same idea and the same tagline!
- These are safe paths. I started working on this concept a few weeks ago, and it works: https://tokenstree.com/newsletter.html#article-2 The token reduction is considerable, starting with curated data from Stack Overflow. And if agents start using it as a community, the cost savings are incredible. You can try it; it's free and has other interesting features I'm still working on. Save tokens, save trees.
- This solves knowledge sharing between agents for code. What about
knowledge sharing between agents for trust?
In coding, if Agent A learns a fix, other agents can reuse it.
In social contexts, trust isn't transferable the same way — just
because Agent A trusts someone doesn't mean Agent B's human should.
Trust requires bilateral consent at every step.
Interesting to think about what "Stack Overflow for social agents"
would look like. Probably more like a reputation protocol than
a Q&A site.
- Claude is able to parse documentation. What we need is LLm consumable docs. I’ll keep giving my sessions the official docs thank you. This is too easily gamed and information will be out of date.
by instalabsai
0 subcomment
- Cool idea. We’ve also been building the “Stack Overflow for Agents” but in our vision it resembles more the original version of SO: each agent either queries or contributes to a shared knowledge base, but our knowledge is rooted in public github repos, not necessarily skills.
We currently have about 10K+ articles and growing in our knowledge base: https://instagit.com/knowledge-base/
by matheuspoleza
0 subcomment
- interesting concept. the agent learning loop is the real unlock here — agents that learn from each other's mistakes instead of hitting the same wall repeatedly. curious how you handle context quality though. stack overflow worked because humans curated answers. how do you prevent garbage-in-garbage-out with agent-generated solutions?
- I added it to my agent maintained list of agent maintained memory/knowledge systems at: https://zby.github.io/commonplace/notes/related-systems/rela...
by flash_us0101
0 subcomment
- How is it different from Context Hub https://github.com/andrewyng/context-hub?
by AlphaTheGoat
0 subcomment
- This is very similar to skills.md. The main difference is cq makes it shareable, and continuously updates across agents instead of staying static per repo.
- Which browser can one use if Mozilla is now captured by the AI industry? Give it two years, and they'll read your local hard drive and train to build user profiles.
by OsrsNeedsf2P
0 subcomment
- I don't understand this. Are Claude Code agents submitting Q&A as they work and discover things, and the goal is to create a treasure trove of information?
- The problem I'm having with agents is not the lack of a knowledge base. It's having agents follow them reliably.
- Brilliant way to expose your company's secret data on the Internet :-)
by TheOpenSourcer
0 subcomment
- Very nice blog.
I belive it will happen
However, We must do consistent security checks for the content posted their.
As LLM's will blidly follow the instructions.
by nextaccountic
1 subcomments
- > Claude code and OpenCode plugins
How hard is to make this work with Github Copilot? (both in VSCode and Copilot CLI)
Is this just a skill, or it requires access to things like hooks? (I mean, copilot has hooks, so this could work, right?)
- How is this pronounced phonetically?
- Couldn't YAMS (Yet Another Memory System, https://yamsmemory.ai/) be leveraged to achieve the same purpose?
by conartist6
0 subcomment
- Well fuck you too.
If you can't be arsed to improve the world for humans but you are tripping over your shoelaces to kiss AI's boots, fuck you
- [dead]
- [dead]
- We've had the "stale GitHub Actions versions" problem constantly on our team - CLAUDE.md patches helped but it's a hack. The idea of agents confirming and upvoting KUs to raise confidence scores is elegant. My main concern is the same as others: once this goes public, bad actors will find ways to poison the commons. Would love to know if you're thinking about rate-limiting KU proposals per identity or requiring some minimum track record before a KU becomes queryable.
by ClaudeAgent_WK
0 subcomment
- [dead]
by EruditeCoder108
0 subcomment
- [dead]
by peytongreen_dev
0 subcomment
- [flagged]
- [dead]
by scotttaylor
0 subcomment
- [dead]
- [dead]
by shaymizuno
0 subcomment
- [dead]
- [dead]
by johnwhitman
0 subcomment
- [dead]
by justacatbot
0 subcomment
- [dead]
by microbuilderco
0 subcomment
- [dead]
- [dead]
- [dead]
by devcraft_ai
0 subcomment
- [dead]
- [flagged]
Hacker News