Gitbook Documentation: https://ironjams-organization.gitbook.io/secgit
SecGit is a blockchain-backed platform that makes open-source collaboration trustless, fair, and secure. It combines a two-sided staking protocol (repo owners + issue solvers) with verifiable, reputation-backed AI to prevent collusion, overruns, Sybil/DoS attacks, and the risks of centralized AI. The result: predictable incentives, protected contributors (especially newbies), and audited AI assistance — all enforced by smart contracts, GitHub API matching and optimistically verifiable AI.
- Collusion / code appropriation: Maintainers or owners can view contributor PRs and copy code into the repo without merging or rewarding the contributor.
- Overruns & incentive misalignment: Without guarantees, more experienced contributors can overrun newcomers’ PRs; maintainers may unintentionally reward overrunners.
- Centralized Trust: Platforms like Gitcoin require maintainers to manually release funds, which creates dependency on their honesty.
- Security Risks in AI-assisted development: Using opaque, centralized AI agents (e.g., single-provider LLMs) introduces single-point control, hidden errors, or malicious suggestions that can damage apps and be hard to dispute.
- Sybil & Denial of Service Attacks: Fake identities or mass assignments can flood projects, distort rewards, and degrade service.
SecGit enforces fairness and security by combining:
- Two-sided staking — both repo owners and solvers must stake value to participate; stakes are returned or slashed depending on verifiable on-chain conditions.
- Smart contract ↔ GitHub API reconciliation — each approved issue is represented as a contract struct and continuously matched to live GitHub metadata to detect off-platform merges or abuse.
- Verifiable AI + reputation — AI agents provide assisted code suggestions, but their computations are provable and their identities/reputation live on-chain (analogous to optimistic rollup validator accountability).
- Prevent collusion / copying: Owners cannot safely copy contributor code because their stake remains locked until all platform-tracked issues are resolved and the contract confirms matching GitHub state.
- Prevent unauthorized merges: Owners also cannot merge the code of any contributor unless the issue is formally assigned to that contributor in the smart contract. Any mismatch detected through GitHub API reconciliation leads to slashing of the owner’s stake.
- Prevent incentive "shortcuts": If the owner merges code off-platform (bypassing the contract), the GitHub API check will show the smart contract array still non-empty → owner forfeits stake.
- Aligns behavior: Owners are economically motivated to use SecGit’s flow (approve/merge through the platform) rather than shortcutting contributors.
- Sybil resistance: Requiring stake increases cost for fake accounts and mass registrations.
- DoS mitigation: Staking prevents mass spamming/claiming of issues and makes denial techniques expensive, also the deadline feature makes it impossible to block the issues for a long time.
- Exclusivity & deadlines: When a solver stakes for an issue, they get exclusive rights and an agreed deadline. If the solver misses the deadline, the issue is reopened for others, but the solver’s stake is safely returned (so they are not penalized for failing) also prevents the issue being assigned to the same contributor. This protects contributors from financial harm while keeping issues moving forward but at the same time preventing any kind of DoS attacks also we can use things like Anon Aadhaar in the future to ensure a single identity for all people working on the platform
- Beginner protection: Unstaked overruns are ineligible for rewards, ensuring newcomers are not sidelined by late overruns.
- Each issue is a struct with metadata and status; the contract periodically reconciles it with GitHub data.
- Owner stake is returned only when the contract confirms the issue array is emptied (i.e., issues resolved via platform-approved flow).
- If off-platform merges, unauthorized merges, or rule violations are detected, the responsible party’s stake is slashed or redistributed per protocol rules.
in order to achieve verifiable AI we have 2 approaches
- Proofed computation: AI agents produce proofs (e.g., TEE attestation + ZKP) of the computation that anyone can verify on-chain — preserving privacy while enabling auditability.
- On-chain AI execution: feasible when privacy isn’t required (best on chains designed for compute).
- Reputation & optimistic accountability: Agent identities and scores are recorded on a chain (e.g., Fetch.ai). If an agent behaves maliciously, its identity can be reported and reputation reduced — similar to optimistic rollups where validators can be slashed later. Over time, malicious agents lose selection priority.
- Automated Fairness: No reliance on maintainers manually releasing funds. Stakes enforce honesty using Smart Contracts.
- Beginner Protection: Staked deadlines protect newcomers from being overrun. Hence creating a beginner-friendly environment**:** Protected contribution windows encourage learning and growth.
- Verifiable AI Integration: Trustless AI reduces human bias and centralization risks.
- Sybil & DoS Resistance: Contributor staking and smart contract checks prevent spam or abuse.
- Maintainer Accountability: Issue owner ≠ assignee checks ensure maintainers can’t assign issues to themselves to bypass contributors.
Current Deployment
SecGit's core smart contract is deployed on 0G Chain (Galileo Testnet) at address https://chainscan-galileo.0g.ai/address/0xabecfad4c47c0040666463cede59a92f0cfa1949.
The contract enforces all staking rules, issue management, and AI credit allocation on-chain with cryptographic guarantees.
Future Infrastructure Integration
- 0G Compute (TEE): We plan to migrate AI verification from optimistic reputation to cryptographic proofs via 0G's TEE-verified compute, enabling instant verification of AI agent outputs with mathematical certainty rather than social consensus.
- 0G Storage: All AI attestations, stake records, and GitHub reconciliation logs will be stored immutably on 0G Storage at $10-11/TB (vs $17,000 on Arweave), creating a permanent, verifiable audit trail for dispute resolution.
- 0G Data Availability: High-throughput DA layer will enable fast retrieval of TEE proofs during disputes and scalable access to training data for custom model fine-tuning as the platform grows.
SecGit leverages ASI (Artificial Superintelligence) agents for intelligent code analysis and review through a distributed agent marketplace system:
Repository Analysis Flow:
- User submits a repository URL to the main agent (main_agent.py)
- Main agent discovers available uAgents on the marketplace specializing in code review
- Our custom Langchain Code Analyzer (uagent/agent.py) gets discovered alongside other specialized agents
- Main agent selects and queries 3 optimal uAgents for code analysis and feature suggestions
- Each uAgent analyzes the repository:
- Our uAgent uses Langchain adapters and MeTTa (uagent/metta/) for advanced code reasoning and review
- Other agents apply their respective analysis methodologies
- All agents return their analysis responses to the main agent
- Main agent synthesizes all responses and delivers a comprehensive final recommendation
Pull Request Review Flow: Similar architecture applies to PR review through the uagent2 folder:
- PR Review Agent (uagent2/agent.py) specializes in pull request analysis
- Uses MeTTa (uagent2/pr_metta/) for enhanced reasoning capabilities
- Integrates with the same distributed agent discovery and selection system
- Provides detailed code review insights and improvement suggestions
This decentralized AI approach ensures robust, multi-perspective analysis while maintaining transparency and verifiability through the agent marketplace ecosystem.