●Trust model // launch disclosure

Digital Rain trust model

A plain-language view of what runs locally, what the hosted portal stores, how release verification works, and where the security roadmap is still open.

Open downloads About SSX360

Ed25519

commit envelopes

offline-verifiable proof

local-only

signing runtime

repo never uploaded

Scroll Gate

PR enforcement

signed vs unsigned

SSX360

control plane

identity · billing · audit

security postureno hidden compliance claims

Trust starts with clear boundaries.

Digital Rain is designed around a local provenance runtime and a hosted license portal. Commit envelopes stay on your machine; the portal proves access and releases — not private source code.

What runs locally

Commit envelopes

Signed provenance artifacts are created and verified inside the desktop runtime.

Workspace binding

Digital Rain binds a local repo path before signing agent commits.

MCP preview

Config edits are shown as reviewable diffs before the app writes them.

Device activation

The desktop app requests a short-lived code and receives a signed entitlement after approval.

What the portal stores

Identity

Email magic links are handled through the hosted account portal. OAuth can be enabled after provider credentials are configured.

Billing

Stripe stores checkout, subscription, and customer-portal records.

Entitlement

The portal stores access state, license ID, and device-code lifecycle records.

Downloads

Installer links are account-gated and tied to active entitlement state.

Release verification

Release gate

Public release builds should include Windows, macOS, and Linux installer assets plus SHA256SUMS.txt from the same GitHub Release. Verify the downloaded installer against the checksum file before installation.

Windows: certutil -hashfile .\DigitalRain-Setup.exe SHA256

macOS: shasum -a 256 DigitalRain.dmg

Linux: sha256sum DigitalRain.AppImage

Compare each output with SHA256SUMS.txt from the same GitHub Release.

macOS signing and notarization are release gates for final public installers. Pilot or staging builds may ship unsigned while notarization is in progress — those builds are labeled in release notes and should not be treated as production-ready until the gate passes.

Cryptography scope

Ed25519

Digital Rain uses Ed25519-style signed entitlement material for desktop activation. The public site does not claim blanket FIPS validation for that signature layer.

License numbers are customer support identifiers. They are not secrets and do not replace signed desktop entitlements.

Security contact

Send security reports to mission@ssx360.com until a dedicated security inbox is published.

A machine-readable disclosure file is available at/.well-known/security.txt.

Privacy stance

The customer promise is local-first commit provenance. Hosted systems are for authentication, checkout, license state, activation, and downloads. Any product telemetry must be explicit, documented, and separate from source upload.

Open work

Third-party security audit and public threat model.

Software bill of materials for release artifacts.

Dedicated vulnerability disclosure policy and security inbox.

Detached signature publishing for release artifacts.