Code Genome
Code Genome is the Trust Graph 2.0 layer. It turns a deterministic Public Trust Network snapshot into a buyer-ready intelligence report for a repo, package, organization, team portfolio, comparison set, or dependency-alternative review.
It is designed to answer four questions:
- Should we use this? Benchmark score, rank, percentile, and market status.
- What could replace it? Dependency-alternative and peer recommendations.
- What will go wrong next? Exploit exposure, maintenance drag, ecosystem displacement, and governance drift forecasts.
- Why is this defensible? Evidence depth, graph relationships, competitive benchmarking, and predictive decision-loop signals.
What It Produces
Each Code Genome report includes:
- A 0-100 genome score, grade, and market status.
- Seven dimensions: code structure, supply chain/security, maintenance durability, adoption, governance/policy, velocity, and competitive fit.
- Benchmark position with rank, percentile, peer count, average score, leader, and gap to leader.
- Competitive positions across connected trust nodes.
- Ecosystem trends for momentum, supply-chain pressure, and market position.
- Forecasts for exploit exposure, maintenance drag, ecosystem displacement, and governance drift.
- Recommended moves for alternatives, remediation, investment, and distribution.
- Moat signals that explain why the intelligence is hard to copy.
Public API
GET /api/trust/network now returns the existing TrustNetworkSnapshot plus a codeGenome object:
GET /api/trust/network?kind=package&target=react
GET /api/trust/network?kind=comparison&target=package:react..vs..package:vue..vs..package:svelte
GET /api/trust/network?kind=dependency_alternative&target=legacy-ui&related=react,preact,solid-js
Response shape:
{
"targetKind": "package",
"targetIdentifier": "react",
"score": 88,
"status": "trusted",
"evidenceSnapshotId": "abc123",
"dimensions": [],
"relationships": [],
"codeGenome": {
"score": 91,
"grade": "A",
"status": "market_leader",
"benchmark": {
"rank": 1,
"total": 4,
"percentile": 100,
"gapToLeader": 0
},
"forecasts": [],
"recommendations": [],
"moatSignals": []
}
}
The API remains backward-compatible because the trust snapshot fields are still returned at the top level.
Public Pages
Every Public Trust Network page now renders a Code Genome section:
/trust/network/package/react
/trust/network/repo/facebook/react
/trust/network/comparison/package:react..vs..package:vue
/trust/network/dependency_alternative/legacy-ui?related=react,preact
Use package pages for adoption decisions, comparison pages for competitor-grade market positioning, and dependency-alternative pages for replacement decisions.
Implementation Contract
- The engine lives in
lib/trust/code-genome.ts. - It is deterministic and does not call an LLM.
- It derives output from
TrustNetworkSnapshot, relationships, dimensions, source evidence IDs, and reproducibility inputs. - Public pages use
components/trust/code-genome-card.tsx. - Focused coverage lives in
__tests__/lib/trust/code-genome.test.ts.
Product Strategy
Code Genome is the bridge between Reform and Code:
- REFORM can use it to decide which repos or packages are worth remixing, white-labeling, replacing, or adapting.
- CODE can use it to prioritize implementation, repair, dependency, and release work against benchmark gaps.
- Partners can embed it as portable trust and competitive proof.
- Enterprise buyers can use it as procurement evidence instead of reading raw score numbers.