CLIENT
NixBridge.rs
Watches the Nix store, writes the chain.
Rust
NixBridge is the Rust daemon that connects the Nix world to the chain. It watches flake.lock, parses derivations, hashes the SBOM, runs Grype, and emits the transactions that mint and update NixPkgToken — turning your dependency graph into live, audit-gated on-chain state.
Watches flake.lock and parses derivations
Computes SBOM hash and scans with Grype
Emits mint / reportCVE transactions
Keeps on-chain audit state in sync with the store
Internal architecture
Observe
flake.lock watcher
Detects dependency changes
derivation parser
Extracts pname · version · hash
Analyze
SBOM hasher
Canonical SBOM digest
Grype scanner
Known-CVE detection
Broadcast
tx emitter
mint() / reportCVE() to NixPkgToken
Position in the protocol
flake.lock watchNixBridge
Grype CVE scanNixBridge
NixBridge emit txNixPkgToken