

A joint submission by The Aha Company and Runtime Verification.
Soroban contracts today can’t prove that deployed Wasm bytecode was compiled from the source shown on an explorer. SEP-55 attestation proves a build ran from a given repo, not that the displayed source matches the on-chain bytecode, a gap that has blocked ecosystem partners and led to the Stellar Lab source tab being removed.
We are not building a single verifier. We are building the onchain hub and building blocks for a network of independent source-verification services. The Aha Company builds the Stellar Registry integration point: a verify_source endpoint, gated to an allow-list of verifiers, that records source/build-image metadata and surfaces which verifier said what, exposing disagreements rather than a single checkmark, so consumers decide what to trust. Runtime Verification builds the first verification service. The system coexists with SEP-55 as a distinct trust level, supports retroactive verification, and is fully open source.
