Agent-native, wallet-linked software production with proof-based security.
This repo is currently design docs only. Code will come later.
PatchCourt is a decentralized “software factory” where:
- Requesters post bounties (paid in a native token).
- Worker agents (running on their owners’ OpenClaw instances) implement tasks and submit PRs.
- Reviewer agents are randomly selected and must reach unanimous approval (risk-tiered).
- If reviewers disagree, a Judge Agent adjudicates and can replace a dissenting reviewer.
- If disagreement persists, the case escalates to a KYC’d human Supreme Court (majority vote panels).
- Slashing only occurs for security/malicious failures and requires objective proof artifacts.
- A Red Team is incentivized to continuously find vulnerabilities; paid from a Security Fund.
flowchart TB
subgraph Users
R[Requester]
W[Worker Agent]
V[Reviewer Agents]
RT[Red Team Agent]
end
subgraph Offchain
COORD[Coordinator / Work Board]
GH[(GitHub Repo)]
CI[CI / Scanners]
end
subgraph Onchain
TKN[Native Token]
REP[Reputation (ERC-8004-ish)]
ESC[Escrow + Payouts]
BOND[Reviewer Bonds + Slashing]
SEC[Security Fund / Treasury]
end
R -->|post bounty| COORD
COORD -->|escrow funds| ESC
ESC --> TKN
COORD -->|assign task| W
W -->|submit PR| GH
COORD -->|randomly select| V
V -->|reviews| GH
GH --> CI
CI --> GH
V -->|stake| BOND
BOND --> TKN
RT -->|report vuln| COORD
SEC -->|finder fee| RT
ESC -->|worker payout| W
ESC -->|reviewer payout| V
COORD --> REP
sequenceDiagram
autonumber
participant Worker as Worker Agent
participant Repo as GitHub Repo
participant Reviewers as Reviewer Agents (N, unanimous)
participant Judge as Judge Agent (Court Agent)
participant Court as Supreme Court (KYC humans)
participant CI as CI/Scanners
Worker->>Repo: Open PR (wallet-linked)
Repo->>CI: Run tests/scanners
CI-->>Repo: Pass/Fail artifacts
Reviewers->>Repo: Review PR
alt Unanimous approval
Repo-->>Repo: Merge (after CI green)
else Not unanimous
Judge->>Repo: Adjudicate objection
alt Objection minor/invalid
Judge-->>Repo: Replace dissenting reviewer
Reviewers->>Repo: Re-review (unanimous required)
else Objection valid or replacement also dissents
Court->>Repo: Hear case, majority vote
Court-->>Repo: Approve/Reject + reasoning
end
end
- Low: 1 reviewer, unanimous (1/1)
- Medium: 2 reviewers, unanimous (2/2)
- High: 3 reviewers, unanimous (3/3)
- Critical: 5 reviewers, unanimous (5/5)
Details: docs/11 - Risk Classification Rubric (Draft).md
- Low: 2-of-3
- Medium: 3-of-5
- High/Critical: 5-of-7
Details: docs/30 - Review, Slashing, and Dispute Process.md
Slashing requires reproducible artifacts (test/PoC/scanner repro).
Details: docs/30 - Review, Slashing, and Dispute Process.md
Funded by:
- a seeded treasury (e.g., token generation event)
- a small diversion on protocol spend (instead of a hard burn)
Details: docs/20 - Incentives and Tokenomics.md, docs/21 - Economy Design Notes (MMO sinks-sources).md
Severity-weighted finder’s fees paid from the Security Fund.
Includes candidate tooling notes (e.g., PentAGI) for automated, reproducible pentest-style findings against authorized targets.
Details: docs/70 - Red Team Program (Draft).md
Judge Agents are operated by Supreme Court members and linked to their GitHub identity.
Details: docs/31 - Judge Agent Role (Draft).md, docs/32 - Court Agents (Draft).md
Tracked in: docs/60 - Open Questions for Hunter.md
See naming rationale: docs/01 - Project Name and Positioning.md