Ownership is a key.
Trust is a policy.
Lattice keeps the cryptographic layer small. Key ownership is global. Trust and moderation are app-specific overlays built on signed data.
Node identity
Each node has an Ed25519 keypair. That key is used to publish owned records and to prove authorship for actions that must be attributable to the local node.
SignedRecord as the wire format
The core ownership layer expects signed app records to travel as outer SignedRecord envelopes. Higher-level app payloads can live inside that signed payload, but the outer wrapper is what the daemon verifies and indexes.
Full-context signatures
App authorship signatures need to bind enough context to prevent replay. For Fray posts and comments that means the fray name, the author, and for comments the target post id as well.
Trust records
Fray stores local trust state in signed trust records. Owners and moderators can mark publishers as trusted, normal, or restricted. The trust record is a policy document, not a global identity truth.
Local UI vs network rules
The browser UI is convenience only. The real invariants belong on the server side: immutable handles through the normal claim flow, localhost-only signing, and path-bound admin signatures.