Public and private repositories
WalletWall is operated as a hosted product. Some of its work is published as open, inspectable artifacts; the production application and its operational internals are private. This page explains, plainly, which is which — and, just as importantly, what you can and cannot conclude from the public parts.Repository visibility and production readiness are separate dimensions. A repository being public does not make it the production product, and a capability being private does not put it beyond scrutiny — the public docs, research artifacts, and reproducibility container exist precisely so the product’s behavior can be examined.
The short version
| Area | Publicly visible | Purpose | Production status | Appropriate use |
|---|---|---|---|---|
| Public documentation (this site) | Yes | Explain product behavior and its limits | Public product reference | User and developer understanding |
| Public research & demo repositories | Yes | Research, prototypes, fixtures, reviewable artifacts | Not automatically production | Research and technical review |
| Production application source | No | Operate the hosted product | Production | Product operation (private) |
| Internal operations & secrets | No | Run the service securely | Internal | Not public |
Trust boundary
Public artifacts are open for review, reproduction, and reporting. The production application, infrastructure, secrets, and any key material stay private. Public research can inform product planning — but it does not automatically become production behavior. This mirrors the WalletWall organization security policy.What is public
TheWallet-Wall GitHub organization publishes a small, deliberately-scoped set of repositories. The production monorepo is not among them.
| Repository | Purpose | License | Type | Production status |
|---|---|---|---|---|
walletwall-vault | Hybrid ECDSA + post-quantum (ML-DSA) withdrawal-authorization prototype: contracts, verifier interfaces, threat model | Source-available (no OSI license) | Research prototype | Not production — testnet/local only, not audited |
walletwall-evidence-simulator | Deterministic, fixture-only container that rehearses the evidence-normalization pipeline; no secrets, no live data, no Dune execution | MIT | Reproducibility artifact | Not a product surface |
walletwall-whale-watcher | Read-only wallet-activity demo UI | MIT | Fixture-only demo | Not production — static fixtures |
walletwall-holder-wall | Read-only holder-distribution demo UI | MIT | Fixture-only demo | Not production — static fixtures |
walletwall-stable-seer | Read-only stablecoin peg-monitor demo UI | MIT | Fixture-only demo | Not production — static fixtures |
walletwall-coinstellation | Read-only wallet relationship-graph demo UI | MIT | Fixture-only demo | Not production — static fixtures |
.github | Organization profile and security policy | — (profile) | Metadata | N/A |
Licenses differ per repository. Five repositories are MIT. The flagship research repo,
walletwall-vault, is source-available with no OSI license — you can read it, but it is not “open source” in the reuse-rights sense. The .github profile carries no software license. Do not describe WalletWall — or the organization — as “fully open source.”What you can inspect — and what you cannot infer
You can inspect
- How the documented product behaves and where its limits are (this site).
- The vault research design: contracts, verifier interfaces, and threat model.
- The evidence-normalization shape, reproducibly, via the fixture-only simulator.
- The read-only, fixture-based demo UIs.
- The organization’s public security policy and reporting path.
You cannot infer
- That the public repos are the deployed production system — they are not.
- The production scoring weights, Dune query text, or provider configuration — these are private.
- That a fixture demo reflects live production data — demos use static fixtures.
- That prototype or mock verification is production-grade security.
- That publishing research means a capability is shipped, audited, or supported.
Common misconceptions this page exists to prevent
These are stated in the open, not tucked away, because getting them wrong has real consequences.Private source does not put the product beyond scrutiny. The documentation states the product’s methodology and limits; the evidence simulator lets anyone reproduce the evidence-normalization logic; and public claims here are meant to be checkable against observable, public on-chain data. Private production code is a moat, not a shield against questions.
How public research relates to the product
WalletWall’s public research can inform what the product does, but it does not silently become production. The maturity of each capability is distinct: This is a status map, not a roadmap with dates. “Proposed” items are explicitly not started and carry no delivery commitment; the mainnet-custody gates are enumerated in Vault Boundaries & Disclosures.Where to engage
Public repositories
Read the code, open issues, and file pull requests on any public repository in the organization.
Security reporting
Follow the organization’s published security policy for the responsible-disclosure path. WalletWall will never ask you for a seed phrase, private key, or unsafe signature.
Why keep a public/private split at all?
Why keep a public/private split at all?
Publishing the documentation, the vault research, and a reproducible evidence container lets researchers and users review WalletWall’s methodology, cryptographic direction, and evidence handling — without exposing the production application’s scoring weights, query logic, provider credentials, or operational internals, which are both sensitive and easy to abuse. The split is what lets WalletWall be transparent about how it reasons while keeping the operational surface small and safe.
Is any public repository archived or unsupported?
Is any public repository archived or unsupported?
Repository status can change. Treat a repository’s own README and its GitHub activity as the source of truth for whether it is actively maintained — an experimental or research repository is not a supported product, even while it is public and readable.
Related
What is WalletWall?
The product overview, audiences, and the read-only data posture.
Vault Boundaries & Disclosures
Custody, financial, testnet, and quantum-security boundaries for the vault research prototype.

