CodeQuill is memory infrastructure for software. It preserves verifiable, immutable evidence of what source code existed at a given point in time, and under whose authority.
Evidence is anchored to EVM blockchains (Ethereum) and stored on IPFS / Filecoin. All evidence is independently verifiable without CodeQuill's servers.
CodeQuill produces five types of verifiable evidence, each building on the previous. Together they form a complete provenance chain from source to artifact.
Register your GitHub repository on-chain, establishing your workspace as the authority over that codebase. This creates a verifiable link between your GitHub identity and your Ethereum wallet.
Create a deterministic cryptographic fingerprint (Merkle root) of your repository's source code at a specific git commit. The snapshot is anchored on-chain and the manifest is stored on IPFS.
Designate one or more snapshots as a named, versioned release. Releases have a governance lifecycle: they can be accepted, rejected, or revoked. This provides a formal decision record for your software versions.
Link your build artifacts (Docker images, npm packages, binaries) to the specific source release that produced them. This creates supply-chain provenance: anyone can verify that an artifact was built from a specific, evidenced source state.
Create an encrypted, zero-custody archive of your source code tied to a published snapshot. The archive is stored on IPFS / Filecoin and can only be decrypted by workspace members using their passkey-derived encryption keys. CodeQuill never possesses the decryption keys.
All evidence produced by CodeQuill is independently verifiable. Anyone can:
No trust in CodeQuill's servers is required. The evidence layer is designed to outlive the platform.
