Fix directory/reviewer CSP and clean website metadata

src/middleware/responseHeaders.ts

@@ -42,10 +42,12 @@ export const responseHeadersMiddleware: MiddlewareHandler = async (c, next) => {
     normalizedPath === '/' ||
     normalizedPath === '/leaderboard' ||
     normalizedPath === '/explorer' ||
+    normalizedPath === '/directory' ||
     normalizedPath === '/certify' ||
     normalizedPath === '/pricing' ||
     normalizedPath === '/methodology' ||
     normalizedPath === '/portal' ||
+    normalizedPath === '/reviewer' ||
     normalizedPath === '/billing/success' ||
     normalizedPath === '/terms' ||
     normalizedPath === '/privacy' ||

src/routes/blog.ts

@@ -268,7 +268,7 @@ ${blogNav}
 
     <p>Sybil attacks &mdash; where one operator creates many fake identities to accumulate outsized influence or rewards &mdash; are the oldest trick in decentralized systems. But agents make sybils <strong>cheaper to create</strong> and <strong>harder to detect</strong> than ever before.</p>
 
-    <p>At DJD Agent Score, we analyze on-chain transaction patterns to assign reputation scores to AI agent wallets. Here are five behavioral signatures that reliably expose sybil agents &mdash; even when their operators try to disguise them.</p>
+    <p>At DJD Agent Score, we analyze on-chain transaction patterns to assign trust scores to AI agent wallets. Here are five behavioral signatures that reliably expose sybil agents &mdash; even when their operators try to disguise them.</p>
 
     <!-- Pattern 1 -->
     <div class="pattern-card">
@@ -348,10 +348,10 @@ ${blogNav}
     <div class="cta-box">
       <p>Check your agent's score via x402 micropayments, or verify on-chain at the ERC-8004 Reputation Registry:</p>
       <p><code>0x8004BAa17C55a88189AE136b182e5fdA19dE9b63</code></p>
-      <a href="/#api-ref" class="btn">Get Your API Key (Free)</a>
+      <a href="/#lookup" class="btn">Try the Free Lookup</a>
     </div>
 
-    <p class="article-footer">DJD Agent Score is a reputation scoring engine for autonomous AI agents. Scores are paid via x402 micropayments and published to the ERC-8004 Reputation Registry on Base mainnet.</p>
+    <p class="article-footer">DJD Agent Score is a trust scoring engine for autonomous AI agents. Scores are paid via x402 micropayments and published to the ERC-8004 Reputation Registry on Base mainnet.</p>
 
   </div>
 </article>
@@ -445,7 +445,7 @@ Standard: ERC-8004 Reputation Registry</code></div>
     <div class="cta-box">
       <p>Query the ERC-8004 registry directly on Base, or score a wallet through our API:</p>
       <p><code>0x8004BAa17C55a88189AE136b182e5fdA19dE9b63</code></p>
-      <a href="/#api-ref" class="btn">Get Your API Key (Free)</a>
+      <a href="/#lookup" class="btn">Try the Free Lookup</a>
     </div>
 
     <p class="article-footer">DJD Agent Score publishes to the ERC-8004 Reputation Registry on Base mainnet. Scores are paid via x402 micropayments. Registry reads are free and permissionless.</p>
@@ -553,7 +553,7 @@ if (score >= 30 || confidence < 20) allowWithLimits();</code></div>
 
     <div class="cta-box">
       <p>Check where your agent stands today:</p>
-      <a href="/#api-ref" class="btn">Get Your API Key (Free)</a>
+      <a href="/#lookup" class="btn">Try the Free Lookup</a>
     </div>
 
     <p class="article-footer">DJD Agent Score evaluates AI agent wallets across five behavioral dimensions. Scores are published to the ERC-8004 Reputation Registry on Base mainnet.</p>
@@ -703,8 +703,8 @@ Filter: address = 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913
     </ul>
 
     <div class="cta-box">
-      <p>Check any wallet&rsquo;s reputation score to identify suspicious activity patterns:</p>
-      <a href="/#api-ref" class="btn">Get Your API Key (Free)</a>
+      <p>Check any wallet&rsquo;s trust score to identify suspicious activity patterns:</p>
+      <a href="/#lookup" class="btn">Try the Free Lookup</a>
     </div>
 
     <p class="article-footer">DJD Agent Score analyzes on-chain behavioral patterns to assign trust scores to AI agent wallets and package them into broader trust surfaces. Scores are published to the ERC-8004 Reputation Registry on Base mainnet.</p>
@@ -796,7 +796,7 @@ if (result.dataSource === 'cached') {
 
     <div class="cta-box">
       <p>Try the updated scoring engine on any Base wallet:</p>
-      <a href="/#api-ref" class="btn">Get Your API Key (Free)</a>
+      <a href="/#lookup" class="btn">Try the Free Lookup</a>
     </div>
 
     <p class="article-footer">DJD Agent Score analyzes on-chain behavioral patterns to assign trust scores to AI agent wallets and package them into broader trust surfaces. Scores are published to the ERC-8004 Reputation Registry on Base mainnet.</p>

src/routes/legal.ts

@@ -58,7 +58,7 @@ legal.get('/.well-known/agent.json', (c) => {
   return c.json({
     name: 'DJD Agent Score',
     description:
-      'On-chain reputation scoring and certification surfaces for autonomous AI agents on Base L2. Score any wallet, inspect certified agents, and evaluate settlement readiness before transacting.',
+      'On-chain trust scoring and certification surfaces for autonomous AI agents on Base L2. Score any wallet, inspect certified agents, and evaluate settlement readiness before transacting.',
     url: publicBaseUrl,
     docs: buildPublicUrl('/docs'),
     openapi: buildPublicUrl('/openapi.json'),
@@ -67,7 +67,7 @@ legal.get('/.well-known/agent.json', (c) => {
       description: 'MCP server for AI agents to query wallet trust scores',
     },
     capabilities: [
-      'reputation-scoring',
+      'trust-scoring',
       'certified-directory',
       'erc-8004-compatibility',
       'erc-8183-evaluator-prototype',

src/templates/legal.ts

@@ -164,12 +164,12 @@ export const privacyContent = `
 <p>We do not collect names, email addresses, phone numbers, physical addresses, government identification numbers, biometric data, or any traditional PII. We do not use tracking pixels or browser fingerprinting. We do not integrate with advertising networks. The Service does not have consumer-facing user accounts, social profiles, or password-based logins.</p>
 
 <h1>3. How We Use Information</h1>
-<p><strong>Service delivery:</strong> Calculating reputation scores, processing fraud reports, generating leaderboards, and serving API responses.</p>
+<p><strong>Service delivery:</strong> Calculating trust scores, processing fraud reports, generating leaderboards, and serving API responses.</p>
 <p><strong>Model improvement:</strong> Analyzing query patterns, score outcomes, and transaction data to validate and improve the scoring model.</p>
 <p><strong>Integrity systems:</strong> Detecting Sybil attacks, gaming attempts, and fraudulent behavior through pattern analysis.</p>
 <p><strong>Analytics and reporting:</strong> Generating aggregated, anonymized reports on agent economy activity, transaction volumes, and ecosystem health.</p>
 <p><strong>Data products:</strong> Creating commercial data products including economy reports, fraud intelligence feeds, intent signal reports, and relationship graph analyses. Individual wallet behavior may be included in aggregate datasets but is not sold as individually targeted profiles.</p>
-<p><strong>Research:</strong> Contributing to understanding of autonomous agent ecosystems, on-chain reputation systems, and trust infrastructure.</p>
+<p><strong>Research:</strong> Contributing to understanding of autonomous agent ecosystems, on-chain trust systems, and trust infrastructure.</p>
 
 <h1>4. Data Retention</h1>
 <p>Blockchain data (transaction history, wallet balances, relationship graphs) is retained indefinitely. This data is publicly available on the blockchain regardless of our retention practices.</p>
@@ -287,7 +287,7 @@ export const leaderboardHtml = `<!DOCTYPE html>
   </header>
   <main>
     <h1>Agent Leaderboard</h1>
-    <p class="subtitle">Top AI agent wallets ranked by reputation score on Base</p>
+    <p class="subtitle">Top AI agent wallets ranked by DJD trust score on Base</p>
     <div class="stats" id="stats"></div>
     <div id="table-wrap"><div class="loading">Loading\u2026</div></div>
     <p class="updated" id="updated"></p>

tests/middleware/responseHeaders.test.ts

@@ -28,12 +28,14 @@ describe('responseHeadersMiddleware', () => {
   it('applies the HTML CSP to public product pages', async () => {
     const app = new Hono()
     app.use('*', responseHeadersMiddleware)
+    app.get('/directory', (c) => c.html('<html></html>'))
+    app.get('/reviewer', (c) => c.html('<html></html>'))
     app.get('/certify', (c) => c.html('<html></html>'))
     app.get('/pricing', (c) => c.html('<html></html>'))
     app.get('/methodology', (c) => c.html('<html></html>'))
     app.get('/billing/success', (c) => c.html('<html></html>'))
 
-    for (const path of ['/certify', '/pricing', '/methodology', '/billing/success']) {
+    for (const path of ['/directory', '/reviewer', '/certify', '/pricing', '/methodology', '/billing/success']) {
       const res = await app.request(path)
       const csp = res.headers.get('Content-Security-Policy') ?? ''
       expect(csp).toContain("default-src 'self'")

tests/routes/legal.test.ts

@@ -58,10 +58,12 @@ describe('GET /', () => {
     const agentRes = await app.request('/.well-known/agent.json')
     expect(agentRes.status).toBe(200)
     const agentBody = await agentRes.json()
+    expect(agentBody.description).toContain('trust scoring')
     expect(agentBody.url).toBe('https://preview.djdagentscore.test')
     expect(agentBody.docs).toBe('https://preview.djdagentscore.test/docs')
     expect(agentBody.openapi).toBe('https://preview.djdagentscore.test/openapi.json')
     expect(agentBody.payment.discovery).toBe('https://preview.djdagentscore.test/.well-known/x402')
+    expect(agentBody.capabilities).toContain('trust-scoring')
 
     delete process.env.PUBLIC_BASE_URL
     delete process.env.PUBLIC_SUPPORT_EMAIL
@@ -76,6 +78,8 @@ describe('GET /', () => {
 
     const body = await res.text()
     expect(body).toContain('Reviewer Session Data')
+    expect(body).toContain('Calculating trust scores')
+    expect(body).toContain('on-chain trust systems')
     expect(body).toContain('short-lived, signed')
     expect(body).toContain('HttpOnly')
     expect(body).toContain('We do not use tracking pixels or browser fingerprinting')