- did:
did:repo:69c8659959f1a6aa281bdc1b8653b381e741b3f6/blob/main/README.md- github:
https://github.com/OpenIntegrityProject/core/blob/main/README.md- updated: 2025-03-04 by Christopher Allen ChristopherA@LifeWithAlacrity.com
Cryptographic Roots of Trust for Open Source Development
Open Integrity is an initiative by Blockchain Commons to integrate cryptographic trust mechanisms into Git repositories. By leveraging Git's native SSH signing capabilities and structured verification processes, we ensure transparency, provenance, and immutability for software projects.
Whether you're a developer, security researcher, or open-source maintainer, Open Integrity provides the tools to:
- Provide a developer-friendly framework for cryptographic integrity.
- Establish verifiable proof-of-origin for commits and code artifacts through direct verification by inception key holder.
- Expand that proof-of-origin through a chain of trust that allows delegated verification of authorized signers.
- Detect tampering or unauthorized modifications in repository history.
- Enable cross-platform trust verification across Git hosting services
- 🛡 Immutable Proof-of-Origin – Verify the authenticity of software artifacts
- 🔏 Signed Commits & Tags – Ensure authorship integrity through SSH signatures (~128-bit security).
- 🔍 Tamper Detection – Maintain verifiable repository history.
- 🔗 Trust Delegation – Enable controlled transition from inception key to authorized signers.
- 🌍 Platform-Agnostic Validation – Work across GitHub, GitLab, and self-hosted solutions.
- Inception Commits – Immutable starting points that combine:
- Empty commit for SHA-1 collision resistance
- Ricardian Contract defining trust rules
- SSH signature providing strong cryptographic proofs
- Trust Models:
- Direct inception key verification
- Delegated verification through authorized signers
- Automated Tamper Detection – Integrity checks throughout history
- Audit Tools – Comprehensive repository inspection
- Cross-Platform Trust – GitHub, GitLab, P2P, or self-hosted support
This repository contains the core implementation and documentation for the Open Integrity Project, offering both conceptual guidance and practical tools for establishing and maintaining cryptographic trust using Git repositories.
- 📜 Problem Statement – Challenges & solutions for cryptographic roots of trust using Git repositories
- 📟 Script Snippets – Practical command-line shortcuts for Open Integrity
- 📂 Repository Structure – Open Integrity repository structure reference
- 🛣️ Project Roadmap – Development milestones and plans
- 🤝 Contributing Guidelines – How to contribute
- 🔒 Security Policy – Reporting vulnerabilities
- 🚀 [Getting Started Guide] – Step-by-step guide to set up your first Open Integrity repository
- 🏛 [Architecture Documentation] – System design & implementation details
- ⚙️ Source Code – Essential Open Integrity Project tools & automation scripts
- 📜 Requirements – Requirements documents for Open Integrity Project scripts
- ❗ Issues – Tracks known issues and planned improvements
- 🔎 Tests – Comprehensive regression tests
- 🤖 Main Scripts – Implementation of Open Integrity functionality:
- 🔍
audit_inception_commit-POC.sh- Audit repositories for compliance - 🏗️
create_inception_commit.sh- Create repositories with inception commits - 🪪
get_repo_did.sh- Retrieve repository DIDs
- 🔍
Get started with Open Integrity by:
- Set up your development environment for signing
- Create a repository with an inception commit establishing your root of trust
- Choose your trust model:
- Direct verification using the inception key
- OR delegated verification through authorized signers
- Run Open Integrity audits on your repositories
# Example: Create a repository with a signed inception commit
./src/create_inception_commit.sh -r my_new_repo
# Example: Audit a repository's inception commit
./src/audit_inception_commit-POC.sh -C /path/to/repo
# Example: Get a repository's DID
./src/get_repo_did.sh -C /path/to/repoFor a deeper dive, check out our Problem Statement and documentation.
🔹 Core concepts & initial implementation complete 🔹 Seeking community feedback for improvements 🔹 Developing integration with CI/CD & key management solutions 🔹 Not yet production-ready
📍 See our ROADMAP.md for detailed development plans and our Development Phases for general approach.
We track issues in two complementary ways:
-
Repository-specific issues are tracked directly in the src/issues/ directory with detailed context and proposed solutions.
-
General project issues start in GitHub's 💬 Community Discussions to encourage open dialogue before they are moved to our ❗ Initial Issue Tracker.
This dual approach aligns with our commitment to decentralized repository management, allowing issues to be tracked both in version control and across multiple Git hosting platforms, ensuring greater resilience and accessibility beyond any single platform.
- ⭐ Star our repositories to show support
- 📢 Sharing your discoveries with your network
- 💬 Ask a question or engage in discussions in our Community Discussions
- ✍️ Report an issue in our Initial Issue Tracker
- 🔎 Find Good First Issues to get started
- 💰 Become a financial patron to our host Blockchain Commons via GitHub Sponsors
For commercial support, visit: Blockchain Commons Support.
We welcome contributions from developers, researchers, and security experts!
- Read our Contributing Guide
- Fork the repository & create a feature branch
- Implement your feature or fix
- Digitally sign all your commits with an SSH signing key (
gitc commit -S) and attribute authorship (git commit --signoff). - Submit a Pull Request for review
All contributors must adhere to our Code of Conduct.
Christopher Allen (@ChristopherA), <ChristopherA@LifeWithAlacrity.com/>
For a full list of contributors, see CONTRIBUTORS.md.
Ensuring security is a top priority for the Open Integrity Project. If you discover a security vulnerability, please report it responsibly:
- Email: team@BlockchainCommons.com
- GPG Encrypted Reports: See SECURITY.md for responsible disclosure guidelines
| Name | GPG Fingerprint | |
|---|---|---|
| Christopher Allen | ChristopherA@LifeWithAlacrity.com | FDFE 14A5 4ECB 30FC 5D22 74EF F8D3 6C91 3574 05ED |
- Security Issues: team@BlockchainCommons.com
- General Questions: Community Discussions
- Bug Reports: Initial Issue Tracker
Unless otherwise noted, all files are ©2025 Open Integrity Project / Blockchain Commons LLC., and licensed under the BSD 2-Clause Pluse Patent License – See LICENSE for details.
The Open Integrity Project is an Open Development initiative hosted by Blockchain Commons, dedicated to advancing open, interoperable, secure & compassionate digital infrastructure, and embracing the Gordian Principles of independence, privacy, resilience, and openness.