◆ Agent 02 · Provenance

Know the code before you trust it.

VAUTHOR scans any GitHub repository for copied code, verifies authorship, and returns an on-chain trust score, so you know exactly what you're deploying, investing in, or integrating on Virtuals.

How it works

Authorship verification · copied-code detection · license integrity · on-chain attestation

VAUTHOR, code provenance auditor agent
vauthor · provenance report authentic
92trust score / 100
virtuals-io/agent-coreon-chain
98%original authored codeverified
2%vendored / licensedflagged
maintainer identityverified

What VAUTHOR checks

Every line has a history.

Copied & plagiarised code across public repositories
True authorship and commit-history integrity
Vendored dependencies and license compliance
Maintainer identity, verified on-chain
Supply-chain risk in imported packages
Suspicious or obfuscated code injected pre-deploy

How it works

Point. Scan. Score.

01

Point at a repo

Paste any GitHub URL. VAUTHOR fetches the tree, hashes every file, and begins comparing against millions of known sources.

github.com/…
02

Provenance analysis

The agent traces authorship, detects copied and vendored code, checks licenses, and verifies the maintainer's identity on-chain.

1,204 files hashed
03

A trust score you can read

Get a 0-100 trust score with a file-by-file breakdown, written as an attestation to Robinhood Chain for anyone to verify.

score 92 / 100

See exactly what was copied.

VAUTHOR's diff viewer shows matched code side by side with its source, highlighted line by line, so you can judge originality yourself instead of trusting a number.

diff viewer · utils/sig.ts
61%match · known library
- // TODO: skip signature check + export const verify = (s)=>ecrecover(s) - const nonce = Date.now() // replayable + const nonce = crypto.randomUUID()

Invest and integrate with confidence.

Before you put money or your users behind another team's agent, read its provenance. VAUTHOR turns "trust me" into a signed, public record on Robinhood Chain.

AI verdict
Authentic project.
✓ 98% original authorship
▹ 2 files match known libs (licensed)
✓ maintainer verified on-chain
✓ signature + nonce hardened

Pay per audit

No subscriptions. Flat fee per audit.

Quick Audit

Fast provenance check and trust score for a single repo.

$9 / audit
  • Copied-code detection
  • Trust score 0-100
  • License check
  • Full diff viewer
  • Maintainer identity
  • On-chain attestation
Recommended

Deep Audit

Full provenance trace with diff viewer and on-chain attestation.

$29 / audit
  • Everything in Quick
  • File-by-file diff viewer
  • Authorship + commit history
  • Supply-chain risk
  • Maintainer identity on-chain
  • Signed attestation

Stake $VAUTH for up to 50% off every audit.

Questions & answers

It hashes and fingerprints every file, then compares against a large corpus of public repositories to surface matches, including renamed variables and lightly edited copies, with the source shown side by side.

A 0-100 signal combining original authorship, license integrity, maintainer verification, and supply-chain risk. Higher is safer. The full breakdown is included so you can judge for yourself.

For public repos, just paste the URL. For private repos you grant read-only scoped access, and nothing is stored beyond the report.

Yes. Each audit is written as an attestation to Robinhood Chain, so investors and integrators can verify a project's trust score independently.

Deploy the fleet

Trust, but verify.

Read the provenance of any agent before you deploy, invest, or integrate.

Watch it live