03 — The feed
Every proposal, on the table.
Submissions to every Simocracy gathering, ranked by the cloth and attributed to their author sim.
03 — The feed
Submissions to every Simocracy gathering, ranked by the cloth and attributed to their author sim.
June 23, 2026·by Filecoin PGF
ProPGF Batch 3ProPGF Batch 3 application. Requested: 210000. **Verify It Bro (VIB)** is an npm-compatible registry that uses Filecoin Onchain Cloud as a verifiable storage and provenance layer for JavaScript packages. The registry will allow developers and teams to: - publish npm-compatible packages; - store…
Mirrored from filpgf.io — ProPGF Batch 3 (Karma program 1479, application 6a31cf4cf2d3da25b237fc1d, status: pending). Contact details redacted; canonical application lives on filpgf.io. 1.1 Project Name Verify It Bro: A Filecoin-backed Verifiable npm-compatible Registry 1.2 Project Github https://github.com/axlabs (the project doesn't have an specific org for it yet) 1.3 Project Website https://verifyitbro.com 1.4 Team Lead/Point of Contact Guil / Slack or Telegram (https://t.me/gsmachado) 1.5 Category [ "RFP 1 - Customer-facing products built on Filecoin" ] 1.6 Open Source Status Partial 2.1 Project Summary **Verify It Bro (VIB)** is an npm-compatible registry that uses Filecoin Onchain Cloud as a verifiable storage and provenance layer for JavaScript packages. The registry will allow developers and teams to: - publish npm-compatible packages; - store package artifacts on Filecoin-backed storage; - attach registry signatures and optional publisher signatures; - proxy and cache upstream registries such as npmjs.org; - verify downloaded packages through a CLI. The project supports application builders, Web3 teams, AI coding agents, and Filecoin ecosystem teams that depend on JavaScript/TypeScript packages in their development workflows. **🚨 The gap we address is simple: today’s package registries are optimized for distribution, but not for long-term verifiability, tamper-evident provenance, or independent package integrity checks. Filecoin is well-positioned to fill this gap by becoming the durable, verifiable storage layer behind trusted software distribution.** VIB will also include asynchronous vulnerability scanning and AI-assisted package risk analysis, producing machine-readable trust metadata for developers, CI systems, and coding agents. **As an early adoption path, we will target dogfooding with FilOz engineering teams and Filecoin Foundation teams on selected JavaScript/TypeScript projects.** **The outcome is a practical developer product that creates real Filecoin usage while helping reduce software supply-chain risk.** The goal is to be the npm registry for Web3, where trust plays a big role. > From “trust me bro” dependencies to “Verify It Bro” software. 2.2 Who does this work support? [ "Application Builders", "Application Users" ] 2.3 Total Funding Requested (USD) 210000 2.4 Milestones & Budget [ { "title": "M1: Registry Foundation & Filecoin Storage Integration", "description": "Build the core npm-compatible registry foundation and integrate Filecoin Onchain Cloud as the storage layer for package artifacts.\n\nThis milestone establishes the basic product: users can publish npm-compatible packages, package artifacts are stored through Filecoin-backed storage, and package metadata is tracked in a way that enables later verification, signing, scanning, and provenance checks.", "dueDate": "2026-09-30", "fundingRequested": "70000", "completionCriteria": "- npm-compatible registry API supports package publish, metadata retrieval, and package download.\n- Filecoin Onchain Cloud integration stores and retrieves published package tarballs.\n- Package metadata includes content hash, storage reference, package name, version, and publication timestamp.\n- Basic user and organization model implemented.\n- Internal admin view or API for inspecting stored packages and storage references.\n- Technical documentation for architecture and storage flow delivered." }, { "title": "M2: Signing, Teams, Tokens & Upstream Proxy Cache", "description": "Add the trust and usability layer needed for real developer teams: registry-side package signing, optional publisher signatures, team management, access tokens, and proxying of upstream registries such as npmjs-compatible registries.\n\nThis milestone makes the registry usable as a drop-in npm-compatible workflow while adding stronger provenance guarantees than a normal registry.", "dueDate": "2026-11-30", "fundingRequested": "70000", "completionCriteria": "- Registry signs packages published through the platform.\n- Optional publisher-side signature metadata can be attached to package releases.\n- Users can create organizations/teams and manage package ownership.\n- Users can create and revoke access tokens for publishing/downloading packages.\n- Registry can proxy npm-compatible upstream registries and cache downloaded packages.\n- Cached packages are recorded with source registry, package version, hash, and cache timestamp.\n- Documentation explains publishing, team setup, token usage, and upstream proxy configuration." }, { "title": "M3: Security Scanning, Verification CLI & Dogfooding Launch", "description": "Add the security and verification layer: asynchronous vulnerability scanning, AI-assisted package risk analysis, and a CLI (`vib`) that allows anyone to verify downloaded packages against Filecoin-stored artifacts and registry signatures.\n\nThis milestone turns the registry into a practical supply-chain security tool for JavaScript developers and prepares it for dogfooding by Filecoin ecosystem engineering teams.", "dueDate": "2027-01-29", "fundingRequested": "70000", "completionCriteria": "- Async scanning pipeline analyzes published and cached p …[truncated] 3.1 Impact pathway ## Drive Paid Onchain Deals Published packages, package metadata, signatures, provenance manifests, and scan results will be stored through Filecoin-backed storage. Teams publishing packages are the natural paid users, especially when they need durable release history, verifiable artifacts, and long-term retention. KPIs: - At least 100 published package versions stored through Filecoin-backed storage by the end of the grant period. - At least 3 organizations or teams onboarded to publish packages or package metadata through the registry. - At least one pricing/storage model defined for paid package publishing and retention. ## Strengthen Network Profitability & Cryptoeconomics The project creates a repeatable use case for Filecoin storage: software package artifacts and provenance metadata. This is a practical, recurring storage workflow, not a one-time archival upload. KPIs: - Package artifact storage flow implemented using Filecoin Onchain Cloud. - Metadata model designed to support recurring storage for packages, scan results, signatures, and verification manifests. - Published package storage separated from unpaid upstream proxy cache, creating a credible path to paid usage. ## Scale Paid Onchain Flagship Client Adoption The registry is designed as a customer-facing product for developer teams, Web3 foundations, and engineering organizations. The strongest initial adoption target is the Filecoin ecosystem itself, but it can go beyond by also targeting software projects that need security and trustworthiness. KPIs: - At least 3 Filecoin ecosystem repositories or engineering teams onboarded to test the registry for package publishing, dependency proxying, or package verification. - At least one dogfooding workflow prepared for FilOz engineering teams or Filecoin Foundation teams. - At least one public demo showing npm-compatible install/publish workflows backed by Filecoin storage. 3.2 Verification metrics - Number of package versions stored through Filecoin-backed storage. Verified through registry metadata and Filecoin storage references. - Number of organizations/teams created in the registry. Verified through application database records or admin exports. - Number of packages scanned by the async security pipeline. Verified through scan result metadata. - Number of package verification checks performed through the CLI. Verified through local demo reports and optional anonymized telemetry. - Number of Filecoin ecosystem teams/repositories onboarded for dogfooding. Verified through repository configuration, usage logs, or written confirmation. 3.3 References The main references are: - Michael Madoff (Head of Governance @ Filecoin Foundation) - Timothy Fong (Senior Staff Tech. @ FilOz) In addition, other members would also serve as references: - Sarah Thiam (Team Lead @ FilBuilders) - Longfei Wang (Solutions Architect @ FilBuilders) - Jennifer Wang (COO @ FilOz) 4.1 Monthly Operating Burn [ "$10-$100K (small team)" ] 4.2 What % of total team monthly burn depends on this grant? 30% 4.3 If this grant is not awarded, what happens? (🚨**PLEASE READ**🚨) If this grant is not awarded, we would likely go on and start it, but the scope and timeline would change significantly. Without ProPGF funding, we'd not be able to dedicate the proposed 3.5 FTE team for 6 months. The project would probably move forward as a smaller internal R&D effort, focused first on architecture and perhaps a limited proof-of-concept around npm-compatible registry proxying and package verification. The Filecoin integration would also likely be delayed or reduced in scope, since the grant is what allows us to treat Filecoin Onchain Cloud as a core part of the product from day one rather than as a later storage backend option. In practical terms, the grant would turn VIB from an interesting product concept into a focused Filecoin-native MVP with real engineering capacity, and paving the way toward dogfooding inside the Filecoin ecosystem. :-) 4.4 Core Team Verify It Bro (VIB) is developed by [AxLabs](https://axlabs.com), a company based in Zürich, Switzerland, founded in 2018, with senior team members specialized in blockchain infra, developer tooling, privacy tech, governance systems, and DAOs. Some points about the team: - Proven experience across EVM tooling, governance systems, and **Filecoin integrations (PL Genesis hackathon prize winner, and top-2 in the Filecoin Alpha Cohort)**. - Built smart contract SDKs, compiler (Java/Kotlin to NeoVM), and other dev tooling. - Developed an asset bridge between a Non-EVM and an EVM chain. - Developed and maintains a DAO, including its governance platform and community engagement. ### **Guil. Sperb Machado (Guil)** - **Role**: CEO & PM - **Short-Bio**: Guil is an entrepreneur, researcher, and software engineer with 22+ years of experience in building software products. He holds a Ph.D. in Computer Science from the University of Zürich, where he contributed to his first Bitcoin-based project in 2013. As Founder & CEO of AxLabs and a Council Member of the Neo blockchain, he leads teams developing tools and infrastructure that power major Web3 ecosystems, with products used by Binance, OKX, and other global players. He also serves as CTO of ITEM Systems Inc., a company pioneering the connection between physical and digital assets. In the past, Guil co-founded ventures backed by the SIX Group (Swiss Stock Exchange) and VCs such as Fenbushi Capital and Accomplice. He has worked with leading Web3 investment firms, including Dialectic and APVC, and served on the advisory boards of Swiss startups, including one with a successful exit. Passionate about decentralization, sovereignty, and open protocols, Guil constantly explores new ways to merge innovation with real-world impact. - **LinkedIn**: **https://www.linkedin.com/in/guisperbmachado/** - **GitHub**: **https://github.com/gsmachado** ### **Gabriel Lopes** - **Role**: Senior Product Designer - **Short-Bio**: Senior UI/UX Designer with a passion for designing engaging and well-crafted solutions. He is an avid believer in the power of human-centered design and people-based problem-solving. Since 2017 working remotely solving problems related to *blockchain, A.I., fintechs,* and *open-source* projects. He used to be a graphic design teacher in the most important Brazilian vocational training school and international trainer in Web design and graphic design for the WorldSkills International. He experienced, first hand, the impact of education in a developing country. He also has extensive knowledge of agile methodologies and integration with dev teams. - **LinkedIn**: **https://www.linkedin.com/in/ogabriel/** - **GitHub**: **https://github.com/gabrielbr** ### **Daniel Mark** - **Role**: Lead Frontend Engineer - **Short-Bio**: Serial entrepreneur whose expertise lies in building full-s …[truncated] 4.5 Has your team received a ProPGF grant or funding from PLFIF before? [ "No" ] 5.1 Key risks & dependencies - Filecoin storage and retrieval latency may affect developer experience. We will use caching and separate hot registry access from verifiable Filecoin-backed artifacts. - AI scanning can produce false positives or false negatives. We will position it as a risk signal, not a guarantee of safety. - Publisher-side signing may require developer education. We will make registry-side signing mandatory first and publisher signing optional. - Storing all proxied npm packages would be economically unrealistic. We will separate paid published packages from unpaid cached upstream packages. - Adoption requires trust. We will prioritize documentation, CLI verification, and Filecoin ecosystem dogfooding. Any feedback you have on the application process? - Too short notice. - Lack of RFPs until the week before the deadline. Anything else you want to share that we didn't ask? ## Additional Info about Verify It Bro (VIB) VIB is intentionally scoped as a 6-month MVP, since there are A LOT of directions to explore, and it has the potential to generate serious traffic to Filecoin. The first version focuses on the high-value trust layer: - Filecoin-backed package storage; - package signatures; - provenance metadata; - upstream proxy caching; - vulnerability and AI-assisted risk scanning; - independent verification CLI; - team-based publishing workflows. **The long-term vision is larger: a safer software distribution layer for JavaScript, Web3, and AI agents.** Today, software teams install thousands of packages with very little independent verification. **VIB gives Filecoin a concrete role in improving that: durable storage, verifiable artifacts, and tamper-evident package provenance.** **From “trust me bro” dependencies to “verify it bro” software.** ## Budget Rationale The project will run for 6 months with a lean product team. Team allocation: - 1.0 FTE fullstack engineer - 1.0 FTE backend engineer - 0.5 FTE frontend engineer - 0.5 FTE project/product manager - 0.5 FTE product design / UX / marketing Total: 3.5 FTE (Full Time Equivalent) ## Previous Projects developed by AxLabs team in the Filecoin Ecosystem - Cha-Ching was developed and is live at [https://cha-ching.it](https://cha-ching.it) - A first version of Cha-Ching focusing on governance archival was presented live at FDS 7 in Buenos Aires and received strong interest from ecosystem leaders -- Michael Madoff, Head of Governance, included Cha-Ching as part of the Governance roadmap. - Cha-ching is designed to be ecosystem-agnostic but Filecoin-first, with all infrastructure centered on Filecoin Onchain Cloud. - Presentation pitch at Fil Dev Summit 7, in Buenos Aires, Argentina: https://www.youtube.com/live/7iDcHlg1hIw?t=3455s - AKINDO page (a bit outdated, though): https://app.akindo.io/communities/A8jgqVAlqtM6rqJWL/products/o64pJ2eKwSq33rWkd - Cha-ching never received funding or grants Objective 1 Direct Objective 2 Indirect Objective 3 Indirect Open Source Context VIB will be partially open source. We plan to open source the components that create public value for the Filecoin ecosystem: e.g., the Filecoin storage integration with our registry, package metadata/provenance format, verification CLI, and docs. Some hosted-service components may remain closed source, such as billing, managed dashboards, and internal deployment infrastructure. **This keeps the core trust and verification layer inspectable and reusable, while allowing the project to become a sustainable customer-facing product that drives real Filecoin-backed storage usage.**
Sign in to comment.