SecGit

SecGit - a highly automated and secure version of gitcoin

SecGit is a blockchain-backed platform that makes open-source collaboration trustless, fair, and secure. It combines a two-sided staking protocol (repo owners + issue solvers) with verifiable, reputation-backed AI to prevent collusion, overruns, Sybil/DoS attacks, and the risks of centralized AI. The result: predictable incentives, protected contributors (especially newbies), and audited AI assistance — all enforced by smart contracts, GitHub API matching and optimistically verifiable AI.

The Problem Collusion / code appropriation: Maintainers or owners can view contributor PRs and copy code into the repo without merging or rewarding the contributor. Overruns & incentive misalignment: Without guarantees, more experienced contributors can overrun newcomers’ PRs; maintainers may unintentionally reward overrunners. Centralized Trust: Platforms like Gitcoin require maintainers to manually release funds, which creates dependency on their honesty. Security Risks in AI-assisted development: Using opaque, centralized AI agents (e.g., single-provider LLMs) introduces single-point control, hidden errors, or malicious suggestions that can damage apps and be hard to dispute. Sybil & Denial of Service Attacks: Fake identities or mass assignments can flood projects, distort rewards, and degrade service. High-level solution SecGit enforces fairness and security by combining:

Two-sided staking — both repo owners and solvers must stake value to participate; stakes are returned or slashed depending on verifiable on-chain conditions. Smart contract ↔ GitHub API reconciliation — each approved issue is represented as a contract struct and continuously matched to live GitHub metadata to detect off-platform merges or abuse. Verifiable AI + reputation — AI agents provide assisted code suggestions, but their computations are provable and their identities/reputation live on-chain (analogous to optimistic rollup validator accountability). How staking works (mechanics & guarantees) Why project owners stake Prevent collusion / copying: Owners cannot safely copy contributor code because their stake remains locked until all platform-tracked issues are resolved and the contract confirms matching GitHub state. Prevent unauthorized merges: Owners also cannot merge the code of any contributor unless the issue is formally assigned to that contributor in the smart contract. Any mismatch detected through GitHub API reconciliation leads to slashing of the owner’s stake. Prevent incentive "shortcuts": If the owner merges code off-platform (bypassing the contract), the GitHub API check will show the smart contract array still non-empty → owner forfeits stake. Aligns behavior: Owners are economically motivated to use SecGit’s flow (approve/merge through the platform) rather than shortcutting contributors. Why solvers (issue assignees) stake Sybil resistance: Requiring stake increases cost for fake accounts and mass registrations. DoS mitigation: Staking prevents mass spamming/claiming of issues and makes denial techniques expensive, also the deadline feature makes it impossible to block the issues for a long time. Exclusivity & deadlines: When a solver stakes for an issue, they get exclusive rights and an agreed deadline. If the solver misses the deadline, the issue is reopened for others, but the solver’s stake is safely returned (so they are not penalized for failing) also prevents the issue being assigned to the same contributor. This protects contributors from financial harm while keeping issues moving forward but at the same time preventing any kind of DoS attacks also we can use things like Anon Aadhaar in the future to ensure a single identity for all people working on the platform Beginner protection: Unstaked overruns are ineligible for rewards, ensuring newcomers are not sidelined by late overruns. Release / slashing rules (smart-contract logic) Each issue is a struct with metadata and status; the contract periodically reconciles it with GitHub data. Owner stake is returned only when the contract confirms the issue array is emptied (i.e., issues resolved via platform-approved flow). If off-platform merges, unauthorized merges, or rule violations are detected, the responsible party’s stake is slashed or redistributed per protocol rules. SecGit approach towards verifiable AI in order to achieve verifiable AI we have 2 approaches

Proofed computation: AI agents produce proofs (e.g., TEE attestation + ZKP) of the computation that anyone can verify on-chain — preserving privacy while enabling auditability. On-chain AI execution: feasible when privacy isn’t required (best on chains designed for compute). Reputation & optimistic accountability: Agent identities and scores are recorded on a chain (e.g., Fetch.ai). If an agent behaves maliciously, its identity can be reported and reputation reduced — similar to optimistic rollups where validators can be slashed later. Over time, malicious agents lose selection priority. Why It’s Better Than Gitcoin Automated Fairness: No reliance on maintainers manually releasing funds. Stakes enforce honesty using Smart Contracts. Beginner Protection: Staked deadlines protect newcomers from being overrun. Hence creating a beginner-friendly environment**:** Protected contribution windows encourage learning and growth. Verifiable AI Integration: Trustless AI reduces human bias and centralization risks. Sybil & DoS Resistance: Contributor staking and smart contract checks prevent spam or abuse. Maintainer Accountability: Issue owner ≠ assignee checks ensure maintainers can’t assign issues to themselves to bypass contributors. Tech Stack ASI Integration SecGit leverages ASI (Artificial Superintelligence) agents for intelligent code analysis and review through a distributed agent marketplace system:

Repository Analysis Flow:

User submits a repository URL to the main agent Main agent discovers available uAgents on the marketplace specializing in code review Our custom Langchain Code Analyzer gets discovered alongside other specialized agents Main agent selects and queries 3 optimal uAgents for code analysis and feature suggestions Each uAgent analyzes the repository: Our uAgent uses Langchain adapters and MeTTa for advanced code reasoning and review Other agents apply their respective analysis methodologies All agents return their analysis responses to the main agent Main agent synthesizes all responses and delivers a comprehensive final recommendation

Pull Request Review Flow: Similar architecture applies to PR review:

PR Review Agent specializes in pull request analysis Uses MeTTa for enhanced reasoning capabilities Integrates with the same distributed agent discovery and selection system Provides detailed code review insights and improvement suggestions This decentralized AI approach ensures robust, multi-perspective analysis while maintaining transparency and verifiability through the agent marketplace ecosystem.

ASI Integration Architecture We built SecGit around ASI's agentic capabilities to create a fully automated, multi-agent code analysis pipeline. The core innovation is using ASI One's agentic LLM as an intelligent router that discovers, selects, and orchestrates specialized agents from the Agentverse marketplace.

Repository Analysis Flow: When a user submits a GitHub repository, our main agent (main_agent.py) queries ASI One to search the Agentverse for code analysis specialists. Our custom Langchain Code Analyzer (uagent/agent.py) gets discovered alongside other agents. ASI One selects the optimal 3 agents, each analyzing different aspects - our agent uses MeTTa knowledge graphs for advanced symbolic reasoning, while others apply their specialized methodologies. The main agent then synthesizes all responses into comprehensive feature recommendations.

Technical Implementation:

ASI One API handles agent discovery and selection logic Custom uAgents built with Fetch.ai framework for specialized analysis MeTTa integration enables structured knowledge representation and symbolic reasoning Multi-agent composition provides diverse perspectives and reduces single-point-of-failure risks Optimistically Verifiable AI Traditional AI services introduce centralization risks - no way to verify outputs are correct or unbiased. We solve this using Fetch.ai's reputation-based verification model:

Every agent has an on-chain identity and reputation score Outputs are assumed valid by default (optimistic verification) Community can challenge malicious outputs, reducing agent reputation Bad actors lose selection priority over time (similar to optimistic rollup slashing) Future Upgrade Path: We plan to migrate to 0G's TEE-based compute for cryptographic verification, where every AI computation generates mathematical proofs of correctness, eliminating trust assumptions entirely.

MeTTa Knowledge Graphs MeTTa enables our agents to organize repository data as logical graphs supporting symbolic reasoning and pattern matching. Instead of pure NLP analysis, agents can query structured knowledge about code relationships, dependencies, and patterns. This dramatically improves reasoning quality for complex code review tasks.

Smart Contract Architecture Deployed on 0G Chain, our contracts enforce trustless collaboration through:

Two-Sided Staking:

Organizations stake 0.000001 ETH minimum to register repositories Contributors stake 5-20% of bounty value for exclusive assignment rights Automatic slashing on rule violations, safe returns on completion GitHub API Reconciliation:

Continuous sync between smart contract state and GitHub metadata Detects unauthorized merges and off-platform code appropriation Mathematically prevents maintainer cheating through stake mechanisms AI Credit System:

Organizations pre-fund AI computation pools (0.0000001 ETH per operation) Agents consume credits for analysis requests Built-in cost controls prevent abuse Notable Technical Innovations Hacky but Effective Solutions:

Agent Discovery Hack: We use ASI One's natural language understanding to interpret repository contexts and match them with agent capabilities described in natural language.

GitHub-Smart Contract Bridge: We built a continuous reconciliation system that detects off-platform activity by comparing GitHub commit hashes with smart contract expected states - any mismatch triggers automatic enforcement.

MeTTa Integration Pattern: We created a hybrid architecture where traditional LLMs handle natural language tasks while MeTTa handles structured reasoning, combining the best of both paradigms.

0G Infrastructure Integration Current: Smart contracts on 0G Chain testnet with optimistic AI verification

Planned Migration: Full TEE-verified compute using 0G's infrastructure will provide cryptographic proofs for every AI computation, making verification mathematical rather than social. Cost advantage: $0.003 per 1K tokens vs much higher rates from centralized providers.

Storage: 0G's decentralized storage ($10-11/TB vs $17,000 on Arweave) will maintain immutable audit trails of all AI computations and stake events.

This architecture creates the first truly trustless open-source collaboration platform where neither maintainers, contributors, nor AI agents can cheat without immediate cryptographic detection.