2026 · Founder · Product · Data Architecture
Rezilience
The Assurance Layer of Solana — verifiable health scores for every program in the ecosystem.
Solana shipped thousands of programs. Capital, users, and integrators have to bet on which ones are real, maintained, and safe. Rezilience indexes every Solana program and scores it across six audited dimensions — Code, Liveness, Originality, Governance, Dependencies, and Economics — pulling from GitHub, OpenSSF Scorecard, OSV.dev, DeFiLlama, Realms, and on-chain authority. One transparent number, one explorer, one source of truth for the ecosystem.
§01 — Case study
The shape of the work.
Solana has thousands of programs and no neutral way to tell which ones are real. Rezilience scores every program across six audited dimensions — and lets builders claim their profile on-chain with their upgrade authority.
Receipts — current traction
Solana's discovery problem is a trust problem.
There are thousands of deployed programs on Solana. Most are abandoned forks. Some are real. A few are dangerous. Capital, users, and integrators currently make that distinction with Twitter, vibes, and word-of-mouth. The ecosystem ships faster than anyone can audit it — and there's no shared assurance surface to point at.
Score every program, on six dimensions, in public.
Rezilience pulls signal from the sources that already exist — GitHub for code velocity, OpenSSF Scorecard for repo posture, OSV.dev for vulnerabilities, DeFiLlama for TVL, Realms for governance follow-through, on-chain RPC for liveness — and resolves them into one transparent score across Code, Liveness, Originality, Governance, Dependencies, and Economics. The formula is published. The decay curve is published. The ecosystem can argue with it — and that's the point.
“An assurance layer only works if the math is public.”
Builders claim their profile on-chain.
Anyone could spin up a directory and call it a registry. The trust gap is provenance. Rezilience makes builders prove ownership by signing with the program's upgrade authority and linking GitHub / X via OAuth. The claim is verifiable, reversible, and lives next to the score. No gatekeeping, no impersonation — and no 'who runs this site' question to answer.
Twenty analyzers, one Program Profile.
The product looks like one page. Underneath it's twenty Supabase edge functions — analyze-github-repo, analyze-dependencies, analyze-governance, analyze-security-posture, analyze-tvl, analyze-vulnerabilities, verify-bytecode, verify-program-authority, fetch-realms-governance, refresh-tvl-realtime — orchestrated into a single normalized profile with adaptive weighting and continuity decay so abandoned projects fade and live ones stay sharp.
A public good the ecosystem can compose against.
Rezilience GPT lets anyone ask the ecosystem questions in natural language. The dependency tree explorer surfaces supply-chain risk before it propagates. Next: a Score Oracle that publishes `(program_id, score, timestamp)` on-chain so other protocols can gate yields, grants, and integrations on assurance — and an Economic Commitment Layer where builders post bonds against their own score. Assurance becomes a primitive.
§01.5 — From the product
§02 — Story
Inception → Outcome
01 · Inception
Solana has no FICO score
Capital allocators, integrators, and users were betting on Solana programs with vibes and Twitter threads. There was no neutral, verifiable answer to 'is this thing real?'
02 · Discovery
Six dimensions, one truth
Mapped what 'health' actually means for an on-chain program: shipping velocity (Code), uptime (Liveness), is-it-a-fork (Originality), DAO follow-through (Governance), supply-chain risk (Dependencies), and skin-in-the-game (Economics).
03 · Decisions
Scoring as a public formula
No black box. Hybrid weighting + continuity decay, every input source disclosed (OpenSSF, OSV.dev, DeFiLlama, Realms, GitHub, on-chain). The methodology is the moat — and it's published.
04 · Build
20 edge functions, one explorer
Built the indexing pipeline: GitHub analyzer, dependency analyzer, governance analyzer (Realms), security posture (OpenSSF), TVL (DeFiLlama), vulnerability scanner (OSV), bytecode verifier, program-authority verifier — all feeding one unified Program Profile.
05 · Ship
Claim & Verify for builders
Builders claim their profile by signing with the program's upgrade authority and linking GitHub/X via OAuth. The claim is on-chain and reversible — no impersonation, no permission required.
06 · Outcome
An assurance layer the ecosystem can compose against
Rezilience GPT for ecosystem intelligence, dependency tree explorer for supply-chain risk, grants directory, and a roadmap to a Score Oracle and Economic Commitment Layer (assurance bonds tied to score thresholds).
§03 — Outcomes
Code · Liveness · Originality · Governance · Dependencies · Economics
builders verify ownership via program upgrade authority + GitHub/X OAuth
Score Oracle on the roadmap — `(program_id, score, timestamp)` on-chain
Next