Resolution Engine

How Gao Browser resolves .gao domains — natively, without DNS, and with verifiable trust signals at every step.

Overview#

The Resolution Engine is the core of what makes Gao Browser a protocol-aware gateway rather than a standard web browser. It translates a .gao domain into the correct target — wallet address, web content, agent record, or service endpoint — based on context, and attaches a verifiable trust signal to the result.

Resolution Flow#

User types: merchant.gao  
        ↓  
Browser normalizes: "merchant.gao" (lowercase, trim)  
        ↓  
Resolution Engine queries: GET /v1/resolve/merchant.gao?purpose=browse  
        ↓  
┌─────────────────────────────────────────────┐  
│           Gao Resolver Network              │  
│  ├── Registry: is domain registered?        │  
│  ├── Resolver record: retrieve              │  
│  ├── Apply privacy rules                    │  
│  └── Return structured response + TTL       │  
└──────────────────────┬──────────────────────┘  
        ↓  
Trust Engine assigns badge (0–3)  
        ↓  
Browser renders:  
  ├── Address bar: domain + trust badge  
  ├── Content: web endpoint loaded  
  └── Context panel: domain metadata

---

### Resolution Contexts

The browser uses different resolution purposes depending on what the user is doing:

User Action

Resolution Purpose

Returns

Type domain in address bar

`browse`

Web content endpoint

Initiate payment to domain

`payment`

Proxy address + trust level

Interact with agent

`agent`

Agent authority record

View domain identity

`identity`

Trust level + display info

The resolver returns different data for each purpose. The browser never requests more than it needs for the current context.

---

### Address Bar Trust Display

The address bar displays the trust badge for every `.gao` domain. This is rendered **before** the page loads — the trust signal is never delayed or shown after the fact.

Address bar states:

⚠️ suspicious.gao
color: #F59E0B (amber)
label: Unverified
action: Show warning before any interaction

✓ alex.gao — Alex Nguyen
color: #6B7280 (grey)
label: Identity Verified

✅ clinic.gao — City Dental Clinic
color: #2563EB (blue)
label: Business Verified · Houston, TX

🏛 nikecompany.gao — Official: Nike Inc.
color: #D97706 (gold)
label: Official


**Rules:**

-   Trust level is always queried fresh — never served from stale cache beyond TTL
    
-   Level 0 (Unverified) always shows amber warning; cannot be suppressed or deprioritized
    
-   Display name and location are shown for Level 2+
    
-   “Official” label is only shown for Level 3
    

---

### Unverified Domain Warning

When a user navigates to a Level 0 (Unverified) domain, the browser shows an interstitial before loading:

┌─────────────────────────────────────────────┐
│ ⚠️ Unverified Domain │
│ │
│ suspicious-site.gao has not been verified │
│ by Gao. Anyone can register an unverified │
│ domain. │
│ │
│ Do not share wallet credentials or send │
│ payments from this page. │
│ │
│ [Go back] [Continue at own risk] │
└─────────────────────────────────────────────┘


“Continue at own risk” is a secondary, non-default action. It does not dismiss future warnings for the same domain in the current session.

---

### Resolution Path A — Native (Gao Browser)

When operating within the Gao ecosystem:

User types: shop.gao
↓
Gao Browser resolver (native)
↓
On-chain Registry + Resolver record
↓
Returns: wallet / endpoint / metadata
↓
Content loaded directly


No DNS. No registrar. No ICANN dependency.

---

### Resolution Path B — Gateway (Standard Browsers)

For access from browsers that do not have native `.gao` support, the Gao Gateway provides a bridge:

User accesses: shop.gao.global
↓
Gao Gateway (gao.global)
↓
Resolves → shop.gao identity record
↓
Proxies to registered endpoint


Gateway URL pattern: `{name}.gao.global`

Examples:

-   `shop.gao.global`
    
-   `alice.gao.global`
    
-   `assistant.shop.gao.global`
    

Note: Gateway access requires the domain owner to configure a service endpoint. Domains without an endpoint resolve identity records only.

---

### Web Content Types

`.gao` domains can resolve to three types of web content:

Type

Format

Notes

Traditional web

`https://...`

Standard redirect

IPFS

`ipfs://Qm...`

Decentralized, content-addressed

Arweave

`ar://...`

Permanent storage

Gao-native

`gao://workspace/...`

Native Workspace page

The browser handles all four natively. The user sees the domain name in the address bar — not the underlying content URL.

---

### TTL and Caching

Resolution results are cached with respect to TTL:

Record type

TTL

Trust level

3600s

Web endpoint

3600s

Agent records

60s

Wallet/proxy

300s

The browser always re-queries before showing a trust badge in a payment or agent context — even within the TTL window. TTL caching applies to content loading only, not to trust signal rendering for consequential actions.

---

### Resolver Confidence Levels

The browser displays different trust signal treatments based on resolver confidence:

Confidence

Meaning

Browser treatment

`verified`

Merkle proof + on-chain anchor confirmed

Normal display

`anchored`

Merkle proof valid; anchor not re-verified this session

Normal display

`signed`

Record signature valid; no Merkle verification

Subtle indicator shown

`unverified`

No verification performed

Warning shown

For payment and agent contexts, the browser requires `verified` or `anchored` confidence before proceeding.

---

### Reverse Resolution

The browser can also resolve a wallet address back to a `.gao` domain (for Public mode domains):

0x9a2f...c3d4 → resolve → vitalik.gao ✓ Identity Verified


This surfaces in payment confirmation screens — when a user is about to send to a raw address that has a known `.gao` identity, the browser shows the identity and trust level.

---

_The Resolution Engine is the core of Gao Browser’s identity-aware navigation. See Payment Integration for how resolution feeds into the payment flow and Agent Execution Surface for agent identity resolution._