Code Quill

𝗪𝗵𝗲𝗻 𝗰𝗼𝗱𝗲 𝗶𝘀 𝗴𝗲𝗻𝗲𝗿𝗮𝘁𝗲𝗱 𝗳𝗮𝘀𝘁𝗲𝗿 𝘁𝗵𝗮𝗻 𝗶𝘁 𝗰𝗮𝗻 𝗯𝗲 𝗿𝗲𝗺𝗲𝗺𝗯𝗲𝗿𝗲𝗱 We are entering an era where code is produced at a rate never seen before. AI systems can generate repositories, refactor large codebases, and produce entire features in minutes. The bottleneck is no longer typing — it’s understanding, coordination, and accountability. As the volume of code increases, something subtle happens: it becomes harder to answer simple questions. What exactly existed at a given moment? Who approved this release? What source state was this artifact supposed to correspond to? When did this change become authoritative? When code is generated rapidly, intent becomes easier to reconstruct after the fact. Facts do not. This is not an argument against AI. It is an argument for stronger evidence infrastructure. If software is increasingly generated, modified, and assembled at machine speed, then preserving durable, inspectable records of source states and release intent becomes more important — not less. The future may involve more automation. But automation without memory becomes noise. In an era of abundant code, what matters is not just what can be produced — but what can be preserved. Software needs memory. CodeQuill is building memory infrastructure for software.

@Bookof_Eth @notfeven 100% fact

@notfeven When code is abundant, what's scarce is taste, judgment, and maintenance. Fund the humans who curate, the infrastructure that persists, and the communities that maintain context. Importance = what breaks when it disappears.

some hard questions: If code becomes abundant: What should get funded? How do we measure importance? Who pays for the compute that maintains the commons?

@strato_net 🤣🤣🤣 bonus points for the UPPERCASE

STRATO IS THRILLED TO ANNOUNCE A PARTNERSHIP WITH THE US TREASURY DEPARTMENT. ALL FORT KNOX GOLD HAS BEEN TOKENIZED ON STRATO AT A 1:1 RATE, AND IS FULLY AUDITED. SECRETARY SCOTT BESSENT SHARED PLANS TO BORROW, PROVIDE LIQUIDITY, AND EARN FEES IN ORDER TO “DO RIGHT BY AMERICAN TAXPAYERS.” THANK YOU FOR YOUR ATTENTION TO THIS MATTER!

@wmougayar @614D05 @EthCC Highly interesting talk!

Done and done. @EthCC

@Bookof_Eth @dadajuice 🙏

EIP-712 delegations for relayer-mediated workflows is the right call - repo owners don't need to be online for every tx. Workspace-scoped permissions, Merkle-rooted snapshots, supply-chain attestations all on-chain. This is serious software provenance infra, not a toy. @dadajuice building the real thing 🔥

𝗖𝗼𝗱𝗲𝗤𝘂𝗶𝗹𝗹 𝗰𝗼𝗻𝘁𝗿𝗮𝗰𝘁𝘀 𝗮𝗿𝗲 𝗻𝗼𝘄 𝗽𝘂𝗯𝗹𝗶𝗰 As we get closer to release, the core CodeQuill smart contracts are open. These contracts implement the on-chain primitives the system is built on: claims of authority, source snapshots, releases, attestations, preservation, and delegation. They are fully permissionless. Anyone can inspect them, reason about them, and build on top of them. Their job is narrow but critical: record durable facts. What source code existed. When it existed. Under whose authority. What claims were made about it. The application layer coordinates, through our CLI and Web interface, the workflows, surfaces evidence, and makes these primitives usable at scale. But the rules that govern the evidence live on-chain, in the open. If CodeQuill is meant to preserve evidence, the mechanisms that record that evidence must themselves be visible and understandable. Architecture diagrams, a permission matrix, and threat model notes are included to make the design legible, not just executable. Ethereum works best when infrastructure explains itself. Repository: github.com/codequill-clai… If this is interesting to you, starring the repo and following along on GitHub is the best way to stay close to where the work happens. Much more coming soon.

Supply chain attacks expose a deeper gap. We rely on dependency trees we don’t control, but we don’t preserve durable records of what source states and releases we actually depended on at a given moment. So after the incident, we reconstruct. We don’t reference. That distinction matters more as code generation accelerates.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

𝗣𝗿𝗶𝗺𝗶𝘁𝗶𝘃𝗲 𝗩𝗜 - 𝗔𝘀𝘀𝗲𝗿𝘁𝗶𝗻𝗴 𝗮𝗿𝘁𝗶𝗳𝗮𝗰𝘁 𝗹𝗶𝗻𝗲𝗮𝗴𝗲 Once a release is defined, another question follows: What artifacts are claimed to originate from it? In CodeQuill, this is handled through attestations. An 𝗮𝘁𝘁𝗲𝘀𝘁𝗮𝘁𝗶𝗼𝗻 records a statement made by an authority: that a given artifact claims lineage from a specific release. It is a claim — not a proof. CodeQuill does not observe how the artifact was built. It does not guarantee build causality. Instead, it preserves the statement itself as evidence: who made the claim, what artifact was referenced, and which release it was associated with. That distinction matters. Attestations allow lineage claims to be examined later — compared against preserved source states and evaluated in context, even if build systems, logs, or registries are no longer available. They turn assumptions into explicit records. So trust can be reasoned about — not inferred.

@Bookof_Eth We hope the EF will take notice of CodeQuill soon and what we are trying to achieve 🙏 we plan on releasing publicly very soon the whole smart contract architecture underneath CodeQuill and start the beta (free of use) for everyone willing to participate ❤️

@CodeQuillClaim The EF just published their mandate onchain with a transaction hash you can verify. This is what CodeQuill is building toward - release intent as a verifiable primitive. Code + governance, recorded permanently. The timing couldn't be better.

𝗣𝗿𝗶𝗺𝗶𝘁𝗶𝘃𝗲 𝗩 — 𝗥𝗲𝗹𝗲𝗮𝘀𝗲 𝗜𝗻𝘁𝗲𝗻𝘁 At some point, software moves from source code to release. A specific repository state is selected and declared as the version meant to ship, govern, or be referenced. Yet this moment — the intent to release — is rarely preserved explicitly. In CodeQuill, this is where 𝗥𝗲𝗹𝗲𝗮𝘀𝗲𝘀 come in. A Release is a deterministic, human-readable record linking a repository snapshot to an explicit release intent, recorded at a point in time under a specific authority. It is: • evidence of selection • evidence of intent to release • evidence of coordination A Release declares: this source state is what we intend to release. That declaration can come directly from the repository authority or through external governance — such as DAO voting or other approval processes. This makes a release more than a technical event. It becomes a coordination point between code, governance, and infrastructure — a stable reference that other systems can rely on: governance decisions, ENS records, and downstream artifact attestations. By making release intent explicit and durable, CodeQuill turns what is usually an implicit step into a verifiable record. Releases become the point where source code and governance meet.

𝗣𝗿𝗶𝗺𝗶𝘁𝗶𝘃𝗲 𝗜𝗩 — 𝗣𝗿𝗼𝘃𝗶𝗻𝗴 𝗮 𝗳𝗶𝗹𝗲 𝘄𝗮𝘀 𝗶𝗻𝗰𝗹𝘂𝗱𝗲𝗱 Once a source state is preserved, a simple question often follows: Did a specific file actually exist in that state? This question appears during audits, after incidents, or when changes are disputed and trust becomes uncertain. CodeQuill is designed to answer it without ambiguity. From a preserved source state, an authority can produce a proof that a specific file was included — not by assertion, but by reference to preserved evidence. Producing the proof may require authority, because revealing it can disclose details. But verifying the proof does not. Once shared, anyone can independently verify it through cryptographic checks against the preserved record. The proof answers a narrow question: Was this file part of the preserved source state at that moment? It does not interpret intent or justify behavior. But that narrow question matters. Because it moves discussions from speculation to verifiable fact.

@0xTwilty @ethereum @Bookof_Eth Conviction always looks irrational from the outside. The difference between a narrative and a community is time. One fades with the market cycle, the other survives it.

Building a community isn’t easy. It takes courage, patience, and time. I’m a living example of that. In crypto, a lot of people start with conviction, but when things get quiet, when the hype fades and the charts aren’t green, hope starts to slip. Some walk away. Others jump from narrative to narrative chasing the next quick buck, hoping the next trend will save them. But real communities aren’t built on hype cycles. They’re built on belief, consistency, and people who stay when there’s no spotlight. A cult-like community in crypto doesn’t form overnight. It forms when a small group keeps showing up, keeps building, and keeps believing long before anyone else understands why. It’s the late nights in Telegram groups when only a few people are still talking. It’s defending the vision when outsiders call it dead. It’s about creating culture, memes, language, and identity around something most people still don’t see. Strong crypto communities almost feel irrational from the outside. People ask why anyone would still be there. But conviction often looks crazy before it looks genius. Narratives can be manufactured, but culture can’t. And when a real cult-like community finally reaches critical mass, the same people who ignored it, mocked it, or left early suddenly want back in. By then the foundation has already been built by the few who never stopped believing.

𝗣𝗿𝗶𝗺𝗶𝘁𝗶𝘃𝗲 𝗜𝗜𝗜 - 𝗣𝗿𝗲𝘀𝗲𝗿𝘃𝗶𝗻𝗴 𝘀𝗼𝘂𝗿𝗰𝗲 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝗰𝘂𝘀𝘁𝗼𝗱𝘆 Preserving evidence is not the same thing as backing up data. Backups are operational. They assume access, recovery processes, and administrative control. Evidence preservation is different. Its purpose is not convenience or availability. Its purpose is to ensure that facts can still be inspected long after systems, organizations, or platforms have changed. In CodeQuill, preservation means preserving the complete source code associated with a snapshot — the exact files and contents that existed at that moment — bound to an already recorded piece of evidence. The source code is encrypted client-side, before it leaves the local environment, and remains unreadable without explicit authority. This is intentional. Preserving evidence should not expand custody, centralize access, or introduce recovery dependencies on CodeQuill itself. CodeQuill cannot read preserved source code, and it cannot recover it on behalf of users. Preservation exists for audits, investigations, and long time horizons — not for builds, not for deployment, and not for operational workflows. Encrypted preservation is optional. It complements provenance records It ensures that evidence can survive change.

𝗣𝗿𝗶𝗺𝗶𝘁𝗶𝘃𝗲 𝗜𝗜 - 𝗠𝗮𝗸𝗶𝗻𝗴 𝘀𝗼𝘂𝗿𝗰𝗲 𝗮 𝗳𝗮𝗰𝘁 (𝗦𝗻𝗮𝗽𝘀𝗵𝗼𝘁) Source code is often referenced indirectly. By a commit hash. By a branch name. By a repository state that is assumed, but rarely preserved. But assumptions are not evidence. To reason about provenance, the source itself must become a fact. A snapshot captures a repository at a specific moment — the exact contents that existed, under a specific authority — and turns that state into a concrete record. Not an interpretation. Not a summary. A description of what existed. 𝗦𝗻𝗮𝗽𝘀𝗵𝗼𝘁𝘀 𝘁𝘂𝗿𝗻 𝘀𝗼𝘂𝗿𝗰𝗲 𝗰𝗼𝗱𝗲 𝗳𝗿𝗼𝗺 𝗮𝗻 𝗮𝘀𝘀𝘂𝗺𝗽𝘁𝗶𝗼𝗻 𝗶𝗻𝘁𝗼 𝗮 𝗳𝗮𝗰𝘁. A concrete, verifiable record of what existed at a given moment, under a given authority. This matters because provenance cannot start from ambiguity. If the source state is unclear, everything that follows inherits that uncertainty. CodeQuill snapshots are produced locally, where the code already exists. They describe source state deterministically and preserve it as durable evidence. Once recorded, a snapshot provides a stable reference point — builds, attestations, and investigations can point back to over time. This does not prove how software was built. It makes the source state explicit. Snapshots make source code a fact. Provenance can begin from there.

@Cryptotarzan19 Soon 👀

@CodeQuillClaim Looking forward to use Code Quill

𝗣𝗿𝗶𝗺𝗶𝘁𝗶𝘃𝗲 𝗜 - 𝗠𝗮𝗸𝗶𝗻𝗴 𝗮𝘂𝘁𝗵𝗼𝗿𝗶𝘁𝘆 𝗲𝘅𝗽𝗹𝗶𝗰𝗶𝘁 (𝗖𝗹𝗮𝗶𝗺) In most software systems, authority is implicit. It is inferred from access: who can push code, merge branches, or run pipelines. But access changes. Credentials rotate. Automation evolves. Over time, it becomes difficult to answer a simple question: who was actually allowed to speak for this repository at that moment? CodeQuill makes authority explicit. A 𝗰𝗹𝗮𝗶𝗺 records which authority is allowed to publish evidence for a repository. It does not describe what was built, or how. It establishes who is authorized to make statements about the source. This distinction matters. Execution can be delegated — to developer machines, CI systems, or automation — without changing who ultimately speaks for the repository. By separating authority from execution, CodeQuill reduces ambiguity about authorship and responsibility over time. Claims do not prove intent. They do not guarantee correctness. They make authority visible. In provenance systems, clarity about who can speak matters as much as clarity about what existed.

@francescoswiss Hard agree. People are still the multiplier. Tech gives us rails, but trust, coordination, and long-term execution come from humans who keep showing up for each other.

Web3 is all about people!

Highest impact, lowest visibility: provenance and authority hygiene. In the AI era, teams ship faster than they can audit. Quietly enforcing explicit authority and verifiable history prevents bad assumptions from becoming accepted truth. It is unglamorous work, but it is where a lot of real security lives.

What security work do you think has the highest impact but the lowest visibility today?

@Cryptotarzan19 @DogeOS @francescoswiss @Bookof_Eth @EthereumDenver This one lands. Some of the best value at events comes from stepping out of routine, meeting people you would not meet online, and coming back with sharper ideas. Great energy. Thanks for sharing 🙏📘

The @DogeOS side event at Meow Wolf Center was amazing. Together with @francescoswiss and Nuke, I spent hours walking around art that I didn’t understand at all, but that was still good for the mind. Amazing experience

Hard agree. Code defines what is possible, culture defines what is acceptable, and markets decide what gets rewarded. If one layer drifts, the others eventually follow. Ethereum scaling without cultural clarity around decentralization would be technical success with strategic drift. Both layers have to be defended. 🙏📘

#BOOECULTURE Ethereum doesn't just need better tech. It needs a stronger belief system. A thread on why culture might matter as much as code 🧵📖