Conduit

Data Governance

Conduit enforces data sovereignty for MLS data. Every query is stateless-by-default, anti-training headers are applied, and field sensitivity levels control what data vendors can access.

Data sovereignty model

The MLS retains full control over their data at all times:

  • -MLS owns the policy. Field access, rate limits, and governance flags are controlled by the MLS.
  • -MLS controls vendor access. Every vendor must be explicitly approved. Access can be suspended or revoked at any time.
  • -MLS sees everything. Complete audit trail of every query, response, and field served.
  • -Conduit never stores query data. The gateway processes responses in-flight and does not persist listing content.

Stateless processing

When require_stateless is enabled in the governance policy (default for Standard and Restricted templates), the gateway:

  • -Adds X-Conduit-Stateless: true header
  • -Signals that vendors should not persist query results
  • -Each request is independent — no session state assumed

Anti-training headers

When anti_training_enabled is set (default for Standard and Restricted templates), the gateway adds:

X-Robots-Tag: noai, noimageai
X-Conduit-Anti-Training: true

These headers signal to AI systems that the response data must not be used for model training, fine-tuning, or embedding generation. This is a binding directive — vendors that violate it risk access revocation.

No-cache enforcement

When no_cache_headers is enabled, the gateway adds:

Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache

This prevents intermediary caches (CDNs, proxies, browsers) from storing governed MLS data. Every request must go through the gateway for fresh policy evaluation.

Field sensitivity levels

Each RESO field has a base sensitivity level from the field registry:

SensitivityCountDescription
public42Address, property details, listing status, media, compliance fields
restricted14ClosePrice, financial data, agent MLS IDs
private4Agent emails, agent direct phone numbers

MLS policies can override base sensitivity. A field marked public in the registry can still be hidden by policy, and a restricted field can be made visible to trusted vendors.

Governance enforcement pipeline

Request arrives at gateway
    │
    ├── 1. Authenticate (API key or OAuth token)
    ├── 2. Resolve governance context
    │       └── Vendor profile → MLS access → Policy → Field rules
    ├── 3. Check rate limits (per-minute → per-hour → per-day)
    ├── 4. Forward to upstream MLS data feed
    ├── 5. Buffer response
    ├── 6. Apply field filtering (visible / masked / hidden)
    ├── 7. Enforce max_results_per_query
    ├── 8. Add governance headers
    ├── 9. Log to audit trail
    └── 10. Return governed response

Governance context is cached for 120 seconds. Policy changes take effect within 2 minutes.

Next: Certificates →
Trust ScoringCertificates