Skip to main content

Public and private repositories

WalletWall is operated as a hosted product. Some of its work is published as open, inspectable artifacts; the production application and its operational internals are private. This page explains, plainly, which is which — and, just as importantly, what you can and cannot conclude from the public parts.
Repository visibility and production readiness are separate dimensions. A repository being public does not make it the production product, and a capability being private does not put it beyond scrutiny — the public docs, research artifacts, and reproducibility container exist precisely so the product’s behavior can be examined.

The short version

AreaPublicly visiblePurposeProduction statusAppropriate use
Public documentation (this site)YesExplain product behavior and its limitsPublic product referenceUser and developer understanding
Public research & demo repositoriesYesResearch, prototypes, fixtures, reviewable artifactsNot automatically productionResearch and technical review
Production application sourceNoOperate the hosted productProductionProduct operation (private)
Internal operations & secretsNoRun the service securelyInternalNot public

Trust boundary

Public artifacts are open for review, reproduction, and reporting. The production application, infrastructure, secrets, and any key material stay private. Public research can inform product planning — but it does not automatically become production behavior. This mirrors the WalletWall organization security policy.

What is public

The Wallet-Wall GitHub organization publishes a small, deliberately-scoped set of repositories. The production monorepo is not among them.
RepositoryPurposeLicenseTypeProduction status
walletwall-vaultHybrid ECDSA + post-quantum (ML-DSA) withdrawal-authorization prototype: contracts, verifier interfaces, threat modelSource-available (no OSI license)Research prototypeNot production — testnet/local only, not audited
walletwall-evidence-simulatorDeterministic, fixture-only container that rehearses the evidence-normalization pipeline; no secrets, no live data, no Dune executionMITReproducibility artifactNot a product surface
walletwall-whale-watcherRead-only wallet-activity demo UIMITFixture-only demoNot production — static fixtures
walletwall-holder-wallRead-only holder-distribution demo UIMITFixture-only demoNot production — static fixtures
walletwall-stable-seerRead-only stablecoin peg-monitor demo UIMITFixture-only demoNot production — static fixtures
walletwall-coinstellationRead-only wallet relationship-graph demo UIMITFixture-only demoNot production — static fixtures
.githubOrganization profile and security policy— (profile)MetadataN/A
Licenses differ per repository. Five repositories are MIT. The flagship research repo, walletwall-vault, is source-available with no OSI license — you can read it, but it is not “open source” in the reuse-rights sense. The .github profile carries no software license. Do not describe WalletWall — or the organization — as “fully open source.”

What you can inspect — and what you cannot infer

You can inspect

  • How the documented product behaves and where its limits are (this site).
  • The vault research design: contracts, verifier interfaces, and threat model.
  • The evidence-normalization shape, reproducibly, via the fixture-only simulator.
  • The read-only, fixture-based demo UIs.
  • The organization’s public security policy and reporting path.

You cannot infer

  • That the public repos are the deployed production system — they are not.
  • The production scoring weights, Dune query text, or provider configuration — these are private.
  • That a fixture demo reflects live production data — demos use static fixtures.
  • That prototype or mock verification is production-grade security.
  • That publishing research means a capability is shipped, audited, or supported.

Common misconceptions this page exists to prevent

These are stated in the open, not tucked away, because getting them wrong has real consequences.
The public vault repo is not the whole product, and its contracts are not deployed production. walletwall-vault is an unaudited testnet/local research prototype. Its post-quantum authorization uses a trusted attestation path and a mock verifier — that is not on-chain, production-grade cryptographic verification. No production custody path exists; see Vault Boundaries & Disclosures.
A public artifact does not guarantee identical production behavior. The demos are fixture-only; the simulator rehearses data shapes, not live results. Treat them as illustrations, not as the live service.
Private source does not put the product beyond scrutiny. The documentation states the product’s methodology and limits; the evidence simulator lets anyone reproduce the evidence-normalization logic; and public claims here are meant to be checkable against observable, public on-chain data. Private production code is a moat, not a shield against questions.

How public research relates to the product

WalletWall’s public research can inform what the product does, but it does not silently become production. The maturity of each capability is distinct: This is a status map, not a roadmap with dates. “Proposed” items are explicitly not started and carry no delivery commitment; the mainnet-custody gates are enumerated in Vault Boundaries & Disclosures.

Where to engage

Public repositories

Read the code, open issues, and file pull requests on any public repository in the organization.

Security reporting

Follow the organization’s published security policy for the responsible-disclosure path. WalletWall will never ask you for a seed phrase, private key, or unsafe signature.
Publishing the documentation, the vault research, and a reproducible evidence container lets researchers and users review WalletWall’s methodology, cryptographic direction, and evidence handling — without exposing the production application’s scoring weights, query logic, provider credentials, or operational internals, which are both sensitive and easy to abuse. The split is what lets WalletWall be transparent about how it reasons while keeping the operational surface small and safe.
Repository status can change. Treat a repository’s own README and its GitHub activity as the source of truth for whether it is actively maintained — an experimental or research repository is not a supported product, even while it is public and readable.

What is WalletWall?

The product overview, audiences, and the read-only data posture.

Vault Boundaries & Disclosures

Custody, financial, testnet, and quantum-security boundaries for the vault research prototype.