> ## Documentation Index
> Fetch the complete documentation index at: https://docs.walletwall.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Public and private repositories

> What WalletWall makes public and what stays private — the open research artifacts, the private production system, and why repository visibility is not the same thing as production readiness.

# Public and private repositories

WalletWall is operated as a **hosted product**. Some of its work is published as open, inspectable artifacts; the production application and its operational internals are **private**. This page explains, plainly, which is which — and, just as importantly, what you can and cannot conclude from the public parts.

<Note>
  **Repository visibility and production readiness are separate dimensions.** A repository being public does not make it the production product, and a capability being private does not put it beyond scrutiny — the public docs, research artifacts, and reproducibility container exist precisely so the product's behavior can be examined.
</Note>

## The short version

| Area                                | Publicly visible | Purpose                                              | Production status                | Appropriate use                  |
| ----------------------------------- | ---------------- | ---------------------------------------------------- | -------------------------------- | -------------------------------- |
| Public documentation (this site)    | Yes              | Explain product behavior and its limits              | Public product reference         | User and developer understanding |
| Public research & demo repositories | Yes              | Research, prototypes, fixtures, reviewable artifacts | **Not** automatically production | Research and technical review    |
| Production application source       | No               | Operate the hosted product                           | Production                       | Product operation (private)      |
| Internal operations & secrets       | No               | Run the service securely                             | Internal                         | Not public                       |

## Trust boundary

```mermaid theme={null}
flowchart TD
    accTitle: WalletWall public and private trust boundary
    accDescr: Public artifacts (documentation, research repository, fixture demos, org profile) are open to safe public review. The private production application, infrastructure, secrets, and any key material are not publicly disclosed. Public research can inform product planning but does not automatically become production behavior.
    subgraph PUBLIC["Public — github.com/Wallet-Wall"]
      docs["Documentation<br/>(docs.walletwall.org)"]:::process
      research["Vault research repo<br/>(walletwall-vault)"]:::process
      sim["Evidence simulator<br/>(fixture-only)"]:::process
      demos["Fixture demo UIs<br/>(holder-wall, whale-watcher,<br/>stable-seer, coinstellation)"]:::process
      profile["Org profile & security policy<br/>(.github)"]:::process
    end
    subgraph PRIVATE["Private — production moat"]
      app["Production app, scoring weights,<br/>Dune queries, provider keys"]:::security
      infra["Infrastructure & secrets"]:::security
      custody["Key material / custody"]:::risk
    end
    PUBLIC --> review["Safe public review<br/>(read, reproduce, report)"]:::output
    research -. "informs planning<br/>(does not auto-ship)" .-> app
    PRIVATE -. "not publicly disclosed" .-> restricted["Out of public scope"]:::datastore
    custody -. "never requested from users" .-> restricted
    classDef process fill:#B84923,stroke:#6B2412,color:#FFF7E8,stroke-width:1.5px;
    classDef output fill:#9AAB89,stroke:#526246,color:#172014,stroke-width:1.5px;
    classDef security fill:#5A2418,stroke:#2B110B,color:#FFF7E8,stroke-width:1.5px;
    classDef risk fill:#8F2F1D,stroke:#5E1D12,color:#FFF7E8,stroke-width:1.5px;
    classDef datastore fill:#6F7068,stroke:#3C3D38,color:#FFF7E8,stroke-width:1.5px;
```

*Public artifacts are open for review, reproduction, and reporting. The production application, infrastructure, secrets, and any key material stay private. Public research can inform product planning — but it does not automatically become production behavior. This mirrors the [WalletWall organization security policy](https://github.com/Wallet-Wall/.github).*

## What is public

The [`Wallet-Wall` GitHub organization](https://github.com/Wallet-Wall) publishes a small, deliberately-scoped set of repositories. The production monorepo is **not** among them.

| Repository                                                                                      | Purpose                                                                                                                               | License                           | Type                     | Production status                                    |
| ----------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | ------------------------ | ---------------------------------------------------- |
| [`walletwall-vault`](https://github.com/Wallet-Wall/walletwall-vault)                           | Hybrid ECDSA + post-quantum (ML-DSA) withdrawal-authorization prototype: contracts, verifier interfaces, threat model                 | Source-available (no OSI license) | Research prototype       | **Not** production — testnet/local only, not audited |
| [`walletwall-evidence-simulator`](https://github.com/Wallet-Wall/walletwall-evidence-simulator) | Deterministic, fixture-only container that rehearses the evidence-normalization pipeline; no secrets, no live data, no Dune execution | MIT                               | Reproducibility artifact | **Not** a product surface                            |
| [`walletwall-whale-watcher`](https://github.com/Wallet-Wall/walletwall-whale-watcher)           | Read-only wallet-activity demo UI                                                                                                     | MIT                               | Fixture-only demo        | **Not** production — static fixtures                 |
| [`walletwall-holder-wall`](https://github.com/Wallet-Wall/walletwall-holder-wall)               | Read-only holder-distribution demo UI                                                                                                 | MIT                               | Fixture-only demo        | **Not** production — static fixtures                 |
| [`walletwall-stable-seer`](https://github.com/Wallet-Wall/walletwall-stable-seer)               | Read-only stablecoin peg-monitor demo UI                                                                                              | MIT                               | Fixture-only demo        | **Not** production — static fixtures                 |
| [`walletwall-coinstellation`](https://github.com/Wallet-Wall/walletwall-coinstellation)         | Read-only wallet relationship-graph demo UI                                                                                           | MIT                               | Fixture-only demo        | **Not** production — static fixtures                 |
| [`.github`](https://github.com/Wallet-Wall/.github)                                             | Organization profile and security policy                                                                                              | — (profile)                       | Metadata                 | N/A                                                  |

<Info>
  Licenses differ per repository. Five repositories are **MIT**. The flagship research repo, `walletwall-vault`, is **source-available with no OSI license** — you can read it, but it is not "open source" in the reuse-rights sense. The `.github` profile carries no software license. Do not describe WalletWall — or the organization — as "fully open source."
</Info>

## What you can inspect — and what you cannot infer

<Columns cols={2}>
  <Card title="You can inspect" icon="magnifying-glass">
    * How the documented product behaves and where its limits are (this site).
    * The vault research design: contracts, verifier interfaces, and threat model.
    * The evidence-normalization *shape*, reproducibly, via the fixture-only simulator.
    * The read-only, fixture-based demo UIs.
    * The organization's public security policy and reporting path.
  </Card>

  <Card title="You cannot infer" icon="circle-xmark">
    * That the public repos are the deployed production system — they are not.
    * The production scoring weights, Dune query text, or provider configuration — these are private.
    * That a fixture demo reflects live production data — demos use static fixtures.
    * That prototype or mock verification is production-grade security.
    * That publishing research means a capability is shipped, audited, or supported.
  </Card>
</Columns>

## Common misconceptions this page exists to prevent

These are stated in the open, not tucked away, because getting them wrong has real consequences.

<Warning>
  **The public vault repo is not the whole product, and its contracts are not deployed production.** `walletwall-vault` is an **unaudited testnet/local research prototype**. Its post-quantum authorization uses a *trusted attestation* path and a **mock verifier** — that is **not** on-chain, production-grade cryptographic verification. No production custody path exists; see [Vault Boundaries & Disclosures](/vault/boundaries).
</Warning>

<Warning>
  **A public artifact does not guarantee identical production behavior.** The demos are fixture-only; the simulator rehearses data *shapes*, not live results. Treat them as illustrations, not as the live service.
</Warning>

<Note>
  **Private source does not put the product beyond scrutiny.** The documentation states the product's methodology and limits; the evidence simulator lets anyone reproduce the evidence-normalization logic; and public claims here are meant to be checkable against observable, public on-chain data. Private production code is a moat, not a shield against questions.
</Note>

## How public research relates to the product

WalletWall's public research can inform what the product does, but it does not silently become production. The maturity of each capability is distinct:

```mermaid theme={null}
timeline
    title WalletWall capability maturity (status, not a delivery schedule)
    Production (live) : Wallet intelligence surfaces : Exposure scoring and shared risk tiers : Read-only vault-readiness assessment
    Public research : walletwall-vault (hybrid ECDSA + ML-DSA prototype) : Evidence simulator (fixture-only)
    Validated prototype : Sepolia testnet vault rehearsal
    Experimental : SP1 / ZK proof-artifact scaffold (no prover wired to the app)
    Proposed (not started) : On-chain PQ verification : Any mainnet custody path (gated behind G1-G6)
```

*This is a **status map, not a roadmap with dates.** "Proposed" items are explicitly not started and carry no delivery commitment; the mainnet-custody gates are enumerated in [Vault Boundaries & Disclosures](/vault/boundaries).*

## Where to engage

<Columns cols={2}>
  <Card title="Public repositories" icon="github" href="https://github.com/Wallet-Wall">
    Read the code, open issues, and file pull requests on any public repository in the organization.
  </Card>

  <Card title="Security reporting" icon="shield-halved" href="https://github.com/Wallet-Wall/.github">
    Follow the organization's published security policy for the responsible-disclosure path. WalletWall will never ask you for a seed phrase, private key, or unsafe signature.
  </Card>
</Columns>

<AccordionGroup>
  <Accordion title="Why keep a public/private split at all?">
    Publishing the documentation, the vault research, and a reproducible evidence container lets researchers and users review WalletWall's methodology, cryptographic direction, and evidence handling — without exposing the production application's scoring weights, query logic, provider credentials, or operational internals, which are both sensitive and easy to abuse. The split is what lets WalletWall be transparent about *how it reasons* while keeping the operational surface small and safe.
  </Accordion>

  <Accordion title="Is any public repository archived or unsupported?">
    Repository status can change. Treat a repository's own README and its GitHub activity as the source of truth for whether it is actively maintained — an experimental or research repository is not a supported product, even while it is public and readable.
  </Accordion>
</AccordionGroup>

## Related

<Columns cols={2}>
  <Card title="What is WalletWall?" icon="shield-halved" href="/concepts/what-is-walletwall">
    The product overview, audiences, and the read-only data posture.
  </Card>

  <Card title="Vault Boundaries & Disclosures" icon="vault" href="/vault/boundaries">
    Custody, financial, testnet, and quantum-security boundaries for the vault research prototype.
  </Card>
</Columns>
