The Problem

Software development moves fast. Code is generated, modified, and deployed at machine speed. But when something goes wrong, a simple question becomes surprisingly hard to answer: what source code actually existed at that moment, and who was responsible for it?

This isn't a theoretical concern. Incidents happen. Audits are required. Legal proceedings demand evidence. And when you go looking for that evidence, it's often gone. Logs have rotated. CI systems were temporary. The platform changed ownership. The organization restructured.

Git helps, but git is a version control system, not an evidence system. Histories can be rewritten. Commits can be amended. Force pushes happen. Git tracks changes for developers. It doesn't preserve facts for third parties.

Source Is Evidence, Not Intent

This distinction is at the core of CodeQuill. We don't try to prove how software was built, or guarantee that a build is correct, or replace your CI pipeline. Those are important problems, but they're not our problem.

CodeQuill does one thing: it preserves verifiable, immutable evidence of what source code existed at a given point in time, and under whose authority.

Not a promise. Not a narrative. Evidence.

Six Primitives

CodeQuill is built around six core primitives, each anchored on-chain via Ethereum smart contracts:

Claims establish authority. They link a repository to a workspace and its authorized wallets. A claim says "this entity has the right to speak for this codebase."

Snapshots capture source state. They produce a deterministic cryptographic fingerprint of your repository at a specific commit. Snapshots are created locally on your machine. Nothing is uploaded to CodeQuill.

Releases declare intent. They are named, versioned references to snapshots with a full governance lifecycle: draft, publish, accept, revoke, supersede. A release says "we intend to ship this."

Attestations record lineage. They are on-chain statements that a build artifact claims origin from a specific published release. An attestation says "this binary came from that source."

Preservations store encrypted archives. Source code is encrypted client-side and tied to published snapshots. CodeQuill never sees plaintext. A preservation ensures the evidence remains available long-term.

Proofs enable verification. Cryptographic Merkle proofs verify that specific files existed in a preserved source state. A proof lets anyone check, independently, without trusting CodeQuill.

Architecture

CodeQuill separates authority from execution:

The web application (app.codequill.xyz) is where you configure trust: workspaces, wallets, collaborators, DAO governance, encryption, and subscription plans. It surfaces evidence and provides public views, but it doesn't generate evidence.

The CLI (codequill) is where evidence is produced. It runs locally on developer machines or in CI runners. Snapshots, attestations, preservations, and proofs are all created by the CLI.

The smart contracts on Ethereum are the immutable record layer. No admin keys. No pause mechanisms. Fully permissionless once deployed. Even if CodeQuill's servers were compromised, the evidence layer remains independently verifiable.

This separation is deliberate. The entity that configures trust is not the same entity that produces evidence. And neither of them controls the record layer.

What CodeQuill Is Not

We are explicit about what CodeQuill does not do:

  • It does not prove how software was built
  • It does not guarantee build causality or correctness
  • It does not replace CI systems, artifact signing, or reproducible builds
  • It does not provide end-to-end supply-chain security
  • It does not validate code quality or safety

CodeQuill supplies evidence infrastructure. How you use that evidence in audits, governance, incident response, or compliance is up to you.

Why This Matters

Every serious software organization will eventually face a moment where they need to answer: "What was running in production on that date?" or "Who authorized this release?" or "Can you prove this artifact came from that source?"

Today, answering those questions relies on narratives reconstructed from fragile, centralized systems. CodeQuill replaces narratives with facts, stored on infrastructure that is durable, inspectable, and independent of any single organization.

That's the thesis. Source is evidence, not intent. And evidence should be preserved on infrastructure worthy of it.

CodeQuill is live at codequill.xyz. Documentation is available at docs.codequill.xyz.