Lists
Your own block/allow/watch list, layered on top of KaizoCore's shared bad-actor registry.
Why this isn't just "view the bad-actor registry"
KaizoCore's cross-customer bad-actor registry is genuinely global — it has no per-customer visibility at all, by design. Showing it to you directly would mean showing you signal derived from other customers' traffic. Instead, Lists is your own private overlay: a block/allow/watch list scoped entirely to fingerprints you choose to act on, layered on top of (never a replacement for) the shared registry's silent background protection.
The three actions
| Action | Effect on your traffic |
|---|---|
block | Always denies this fingerprint, regardless of the shared registry or anything else about the session. |
allow | Explicitly trusts this fingerprint — overrides the shared registry's flag for your traffic specifically, even if it's independently flagged elsewhere. |
watch | A note only. No effect on scoring — useful for tracking a fingerprint you're monitoring without acting on it yet. |
Finding a fingerprint to add
Rather than requiring you to copy a raw 64-character hash from somewhere else, the dashboard's Lists page lets you search your own recent flagged decisions — by IP, country, or fired reason — and pick directly from the results. Manual hash entry is still available as a fallback.
What you'll see per entry
Alongside your own action and note, each entry shows read-only, already- anonymized context if the same fingerprint also happens to appear in the shared registry: a risk score and how many customers total have seen it. It never shows which other customers — only an aggregate count.
API
GET /v1/lists # your current entries
POST /v1/lists # { fingerprint_hash, action, note }
DELETE /v1/lists/{fingerprint_hash} # removes only your own entry
GET /v1/lists/candidates?q=&decision= # search your recent flagged sessionsDELETE never touches the shared registry — removing your own note can
never affect another customer's protection from a genuinely bad actor.