Independent verification for builders

Reputation from evidence, not claims.

Proof of Ship turns public shipping evidence into a recomputable reputation and activity surface. It verifies commits, repos, and signatures against the public record, rejects self-reported prestige, and publishes public outputs anyone can inspect.

Verifies public artifacts

Commits, repos, and signatures checked against the public record.

Deterministic scoring

Lifetime reputation for humans, recency-weighted activity for freshness, and recomputable public outputs.

Strict trust boundary

If it cannot be independently verified, it earns zero reputation.

View the repo on GitHub See what is live now
Public ledger Score surfaces Repository badges
Archival documents linked by verification paths, representing public evidence and independently verified reputation.

Public evidence

Artifacts, not claims

Receipts start with real public repositories and verifiable artifacts.

Independent verification

Checked from scratch

Proof of Ship re-verifies the public record instead of trusting self-description.

Public trust surface

Scores, receipts, badges

The public site publishes machine-readable outputs anyone can inspect.

The problem

Developer profiles are still mostly self-reported.

People list their projects, describe their role, and ask everyone else to trust the story.

That was weak even before AI-assisted code. Now it is trivial to inflate, fabricate, or blur what someone actually built.

Proof of Ship is the counter-move: independent verification, public evidence, and transparent scoring.

How it works

Proof → Verify → Reputation.

A builder ships work, a local tool produces evidence, Proof of Ship re-verifies everything, and only then does reputation accrue.

01

Ship work

A builder commits code to a public repository.

02

Generate a receipt

A local tool creates a proof envelope with artifact reference, actor identity, and cryptographic hash.

03

Verify independently

Proof of Ship checks commits, repo visibility, access authority, and signature evidence against GitHub.

04

Score and publish

Verified receipts contribute to deterministic public score outputs anyone can recompute.

Trust model

What “verified” actually means

Not all receipts are equal. Verification depth is explicit, visible, and tied to what actually got checked.

0.0 — Not verified

No independent evidence yet.

0.2 → 0.6 — Partial verification

Schema validity, artifact confirmation, and cryptographic evidence accumulate by stage.

Recent activity

365 / 90

Human recent activity defaults to a 365-day half-life. Non-human actors keep the stricter 90-day default.

Hard rule

No self-reported prestige

If Proof of Ship cannot independently verify the artifact, it earns zero reputation.

What we do not verify

Proof of Ship can verify that artifacts exist in public repositories and that the actor has write access. It does not prove code quality, impact, or that the actor personally authored every line.

Public surfaces

Machine-readable contracts, not vibes.

The public repo exposes concrete payload shapes for scores, receipts, linked repositories, and public-facing trust surfaces.

It also serves badge assets for third-party repos and a first-party docs hub for the public surfaces.

Payload

score.json

Deterministic score output with lifetime reputation, recent activity, and canonical URLs.

Payload

receipts.json

Public receipt list surface for profile consumers and auditors.

Auth contract

GitHub account

Public schema for authenticated GitHub identity, profile URL, and repo-linking capability.

Linking contract

GitHub auth + linked repos

Public guide to OAuth identity, repo-linking rules, and the trust boundary around public profile evidence.

Two tools, one trust boundary

ship-receipts records evidence. Proof of Ship re-verifies everything.

The local tool and the global verifier are intentionally separate. ship-receipts owns repo-local evidence capture. Proof of Ship owns independent verification and the public trust surface.

ship-receipts

  • • local evidence recorder
  • • single-repo scope
  • • generates proof envelopes
  • • owns repo-local evidence capture
  • • does not verify or score globally

Proof of Ship

  • • independent verifier
  • • cross-repo, cross-actor scope
  • • distrusts embedded scores and claims
  • • publishes verified public trust surfaces
  • • does not own repo-local UX

Live now

What exists today, with no costume jewelry.

These are the surfaces and capabilities that already exist right now.

Verification engine

  • ✓ Envelope validator
  • ✓ Append-only ledger
  • ✓ GitHub-backed artifact verification
  • ✓ Lifetime reputation score
  • ✓ Recent-activity score output
  • ✓ Lifetime score output

Public surfaces

  • ✓ Public profiles at /u/<handle>
  • ✓ Public ledger at /ledger
  • ✓ Actor-kind views at /scoreboard
  • score.json payload surface
  • receipts.json payload surface
  • ✓ Public schemas, examples, and badges in the repo

Service reality

  • ✓ Public landing page
  • ✓ Human / bot / org scoreboard filters
  • ✓ Linked public-repo contract
  • ✓ Sybil-resistance account age gate
  • ✓ Sealed-claims support
  • ✓ Optional OpenTimestamps anchoring on ingest
Browse docs and schemas Open the repo