Sovereign Bazaar
Signed, reproducible, content-addressed packages. Inspect the recipe. Rebuild the binary.
Philosophy
The Bazaar is not an app store. It is a catalog of verifiable artifacts. Every package carries:
- Variant-CID — content-addressed identifier
- Build proof — source, build, artifact, and compiler hashes
- Trust badges — signed, reproducible, audited, no-heap, no-network
- Publisher identity — DID/VC-backed or explicitly self-published
Installing Packages
Native Install
nip install <package>Resolves dependencies, verifies signatures, extracts to /Programs/Nippels/.
Grafting from Foreign Ecosystems
nexus graft pacman:<pkg>
nexus graft nix:<pkg>
nexus graft apt:<pkg>
nexus graft nix helloFetches from foreign package managers, converts to NPK, installs via CAS. The two-argument form nexus graft <source> <package> delegates to nip graft <source>:<package>.
Trust Badges
Badges are not free-form marketing labels. The Bazaar registry declares a trust_badges policy, and every package that claims a badge must attach a matching trust evidence object.
| Badge | Required evidence |
|---|---|
signed | signer, key id, signature, artifact digest, attestation time |
reproducible | artifact digest, recipe digest, rebuild count, builders, attestation time |
audited | auditor, report, scope, completion time |
no-heap | analysis tool, report, scope, attestation time |
no-network | pledge or syscall policy, scope, attestation time |
air-gap-ready | offline bundle, dependency closure, attestation time |
Validate the seed registry:
nexus bazaar validate
nexus bazaar verify-cidsThe validator checks registry shape, allowed badge names, per-package evidence, publisher identity metadata, and digest consistency. Artifact cryptographic verification still happens through nip verify or nexus verify.
verify-cids recomputes the current seed registry CIDs from explicit variant_inputs. Seed entries use input_class="seed-registry-metadata" until the local Forge path emits artifact-backed build inputs.
Publishing
To publish to the Bazaar:
- Build reproducibly
- Sign with Ed25519 key
- Submit build proof and manifest
- Pass validation checklist
See Publishing Guide for details.