Layer 3 // not a Git replacement

SSX360 Scroll

Git-compatible governance layer — mandatory provenance on every commit. Git remains the object store; Scroll adds actor attribution, policy, and tamper-evident history.

Get API key SDK reference SLSA mapping

Ed25519

commit envelopes

offline-verifiable proof

local-only

CLI & HOOKS

repo never uploaded

Scroll Gate

PR enforcement

signed vs unsigned

SSX360

control plane

identity · billing · audit

Target flow: Developer → SSX360 Scroll → Git → SSX360 Gate → Deploy

What Scroll is

Mandatory actor attribution (human, agent, ci)
Ed25519 signed commit envelopes — emulated today, SE050 pilot
Chain-of-custody to CI steps and deploy actions
Scroll Gate blocks unsigned commits before merge

What Scroll is not

Not a Git replacement or custom DVCS
Not a full desktop client GA (Phase 3 roadmap)
Not hardware-backed every signature until SE050 GA
Not SLSA Level 3 build provenance (see /docs/slsa)

Phase 1 — install today

pip install "matrixscroll==0.4.2"
matrixscroll hook-install
matrixscroll scroll commit -m "feat: governed change"
matrixscroll envelope-publish-notes --base origin/main --head HEAD

Phase 1 — now

Post-commit hooks + signed Ed25519 envelopes
matrixscroll scroll commit thin Git wrapper
Scroll Gate hosted verify on protected branches
Universal sign-action for CI, IaC, migrations

Phase 2 — roadmap

scroll push with auto git-notes publish
Team policy registry enforcement at push
Hosted storage for non-Git action envelopes

Phase 3 — roadmap

Digital Rain desktop Scroll client
Org-wide unsigned-commit push block
Full chain-of-custody audit export