Code Genome

Benchmark software with trust graph intelligence, forecasts, alternatives, and competitive positioning


Code Genome

Code Genome is the Trust Graph 2.0 layer. It turns a deterministic Public Trust Network snapshot into a buyer-ready intelligence report for a repo, package, organization, team portfolio, comparison set, or dependency-alternative review.

It is designed to answer four questions:

  • Should we use this? Benchmark score, rank, percentile, and market status.
  • What could replace it? Dependency-alternative and peer recommendations.
  • What will go wrong next? Exploit exposure, maintenance drag, ecosystem displacement, and governance drift forecasts.
  • Why is this defensible? Evidence depth, graph relationships, competitive benchmarking, and predictive decision-loop signals.

What It Produces

Each Code Genome report includes:

  • A 0-100 genome score, grade, and market status.
  • Seven dimensions: code structure, supply chain/security, maintenance durability, adoption, governance/policy, velocity, and competitive fit.
  • Benchmark position with rank, percentile, peer count, average score, leader, and gap to leader.
  • Competitive positions across connected trust nodes.
  • Ecosystem trends for momentum, supply-chain pressure, and market position.
  • Forecasts for exploit exposure, maintenance drag, ecosystem displacement, and governance drift.
  • Recommended moves for alternatives, remediation, investment, and distribution.
  • Moat signals that explain why the intelligence is hard to copy.

Public API

GET /api/trust/network now returns the existing TrustNetworkSnapshot plus a codeGenome object:

GET /api/trust/network?kind=package&target=react
GET /api/trust/network?kind=comparison&target=package:react..vs..package:vue..vs..package:svelte
GET /api/trust/network?kind=dependency_alternative&target=legacy-ui&related=react,preact,solid-js

Response shape:

{
  "targetKind": "package",
  "targetIdentifier": "react",
  "score": 88,
  "status": "trusted",
  "evidenceSnapshotId": "abc123",
  "dimensions": [],
  "relationships": [],
  "codeGenome": {
    "score": 91,
    "grade": "A",
    "status": "market_leader",
    "benchmark": {
      "rank": 1,
      "total": 4,
      "percentile": 100,
      "gapToLeader": 0
    },
    "forecasts": [],
    "recommendations": [],
    "moatSignals": []
  }
}

The API remains backward-compatible because the trust snapshot fields are still returned at the top level.

Public Pages

Every Public Trust Network page now renders a Code Genome section:

/trust/network/package/react
/trust/network/repo/facebook/react
/trust/network/comparison/package:react..vs..package:vue
/trust/network/dependency_alternative/legacy-ui?related=react,preact

Use package pages for adoption decisions, comparison pages for competitor-grade market positioning, and dependency-alternative pages for replacement decisions.

Implementation Contract

  • The engine lives in lib/trust/code-genome.ts.
  • It is deterministic and does not call an LLM.
  • It derives output from TrustNetworkSnapshot, relationships, dimensions, source evidence IDs, and reproducibility inputs.
  • Public pages use components/trust/code-genome-card.tsx.
  • Focused coverage lives in __tests__/lib/trust/code-genome.test.ts.

Product Strategy

Code Genome is the bridge between Reform and Code:

  • REFORM can use it to decide which repos or packages are worth remixing, white-labeling, replacing, or adapting.
  • CODE can use it to prioritize implementation, repair, dependency, and release work against benchmark gaps.
  • Partners can embed it as portable trust and competitive proof.
  • Enterprise buyers can use it as procurement evidence instead of reading raw score numbers.