Get started
About · Trust Index

Trust Index

01
Overview

What is the Trust Index?

The CodeQuill Trust Index is an evidence-based reputation signal computed from verifiable, on-chain source activity. It measures how much consistent, independently referenced evidence exists for a repository or workspace.

The Trust Index is not a security guarantee, popularity metric, or social score. It is an informational signal derived from immutable, timestamped evidence that anyone can independently verify.

02
Composition

Six factors, weighted

The Trust Index is a score from 0 to 100, computed as a weighted combination of six independent factors. Each factor captures a different dimension of verifiable software evidence.

Snapshot activity 25%

Volume of published, on-chain source snapshots. More snapshots indicate a higher commitment to verifiable evidence. Diminishing returns prevent spam.

Continuity 20%

Sustained activity over time. A repository that has consistently snapshotted for 18 months scores higher than one that did 100 in a single day.

Release governance 20%

Release publishing maturity and governance decisions. Sustained release cadence with accepted decisions matters more than volume.

Attestations 15%

Supply-chain attestations and external verification. Independent attestors carry significantly more weight than self-attestation.

Preservation coverage 10%

Percentage of snapshots preserved as encrypted, zero-custody archives. Full coverage earns the maximum score.

Dependency graph 10%

Participation in a verifiable dependency graph. When others declare yours as upstream, it signals real-world reliance.

03
Tiers

At-a-glance reputation

Scores are mapped to tiers that provide an at-a-glance reputation signal.

0 — 20 New Recently started publishing evidence. Limited history.
21 — 40 Emerging Building a track record. Some verifiable activity over time.
41 — 60 Established Consistent evidence production with governance and preservation.
61 — 80 Trusted Strong, long-lived evidence footprint with external verification.
81 — 100 Proven Exceptional evidence record with sustained external reliance.
04
Integrity

Anti-gaming design

The Trust Index is designed to resist manipulation:

  • Diminishing returns · all volume metrics use logarithmic scaling. Publishing 1,000 snapshots scores only marginally more than 100.
  • Self-only ceiling · without external attestors or downstream dependents, the maximum achievable score is approximately 70 / 100.
  • Uniqueness enforced · external signals count once per workspace. One attestor attesting 100 times counts the same as once.
  • Inactivity decay · scores gradually decrease after 6 months of no new evidence, with a floor at 50% of the computed score.
  • Deterministic · scores are computed from on-chain evidence. No manual overrides, no subjective inputs.

The CodeQuill Trust Index is an informational signal derived from verifiable source snapshots and related claims. It does not prove build correctness, artifact derivation, or supply-chain security.