Trust infrastructure for repo networks.
Append-only ledger, signed events, multi-dimensional trust scoring, and XRPL anchoring. Every release is verifiable. Every attestation is signed. Every score is earned.
Browse Trust Index · Dashboard · Anchor Explorer
Join
node tools/repomesh.mjs init --repo your-org/your-repo
Verify
node tools/repomesh.mjs verify-release --repo org/repo --version 1.0.0 --anchored
Score
node registry/scripts/verify-trust.mjs --repo org/repo
How It Works
Four layers of trust, each independently verifiable.
Signed Ledger
Every event is Ed25519-signed by a registered node. Append-only. Schema-validated. Tamper-evident.
Independent Verifiers
License audits, security scans, and reproducibility checks run by separate attestor nodes with consensus scoring.
XRPL Anchoring
Merkle roots of ledger partitions are posted to the XRP Ledger testnet. Cryptographic proof that history wasn't rewritten.
Trust Profiles
Choose the level of evidence your project needs.
Quick Start
1. Initialize your node
# generates node.json, profile, workflow, and signing keypair
node tools/repomesh.mjs init --repo your-org/your-repo --profile open-source2. Add two secrets and release
# add to your repo settings:
# REPOMESH_SIGNING_KEY — your private key PEM
# REPOMESH_LEDGER_TOKEN — PAT with contents:write + pull-requests:write
# cut a release — trust converges automatically
gh release create v1.0.0 --generate-notesVerification
Every claim is checkable. No trust required.
Release Verification
Verify any release with one command: signature, attestations, and XRPL anchor inclusion.
Trust Badges
Embed integrity, assurance, and anchored badges in your README. Scores update automatically.
CI Gates
Use --json output to gate deployments on trust scores. Zero dependencies beyond Node.js.
Live Network
Real-time stats from the registry, updated on every push.