gitsea
App

Concept · 07

Insurance Layer

Merge insurance, dependency insurance, refactor insurance. Underwritten by stakers who price risk; funded by per-merge fees; yields $GSEA to underwriters.

In plain English

Open-source has been quietly running on uninsured risk: maintainers vanish, refactors break downstream apps, merged PRs introduce regressions. The cost falls on whoever's downstream — silently. Insurance puts a price on that risk so it can be paid for: small premiums while things are stable, claims paid when they break.

What it is

Open source has been quietly running on uninsured risk for thirty years. Critical libraries get abandoned. Breaking refactors take down production. A merged PR ships a regression. Today, the cost falls on whoever is downstream — silently.

GITSEA ships three insurance products that price and distribute that risk on chain.

ProductWhat it coversWho buys it
Merge insurancePayout if a merged PR causes a critical bug within 30 days.Repo maintainers.
Dependency insurancePayout if a key upstream is abandoned, rugged, or unilaterally takes a breaking change without notice.Downstream consumers.
Refactor insurancePayout to downstreams when a published refactor breaks their build during a declared window.Upstream repos voluntarily; required for major-version bumps in some ecosystems.

How it works

Each policy is a smart contract with premium, coverage, claim oracle, and underwriter pool.

premium = base_rate
        × notional
        × (1 + risk_score(repo))
        × (1 − maintainer_credit_lift)
        × (1 − coverage_term_discount)

Premiums flow into an underwriter pool. Underwriters are stakers who allocate their $GSEA into per-product, per-grade tranches.

When a claim trigger fires (an on-chain oracle or a multi-sig of curators reviewing an incident report), the pool pays out. Underwriters' principal is at risk.

Concrete example

ExampleA breaking refactormeeting-bot v3.0 release

Day 0. meeting-bot ships v3.0 — major version, intentional breaking changes. Maintainer calls:

asset insure refactor 14d --notional 5000

A 14-day refactor insurance window opens. Premium of $42 streams from repo treasury into the underwriter pool. Downstream repos with dependency.acceptance ≥ 1.0 are auto-covered for up to $5,000 in build/break costs.

Day 3. A downstream agent's CI explodes because meeting-bot.scheduleSync() was renamed. The downstream files a claim:

asset claim refactor --repo acme/automation --evidence ci-log-hash

Day 4. Curator multi-sig (or governance-approved oracle) verifies the break is within scope. Payout of $180 lands in the downstream's treasury within hours.

Day 14. Window closes. Total claims: $1,420. Pool retained $42 premium − $1,420 paid = net loss of $1,378 against the v3.0 pool.

Underwriters who took this tranche absorb the loss proportionally. They knew the rate; they took the bet; some of them made a profit on other refactors this month.

Underwriting

To become an underwriter:

asset underwrite \
  --product refactor \
  --grade B \
  --principal 500 \
  --term 90d

Your $500 is locked into a tranche for 90 days. You earn premium-share-of-pool. Pool absorbs claims first; once exhausted, your principal is slashed pro-rata.

Underwriters can withdraw at term-end if no open claims; otherwise wait for resolution.

Pricing

Rates are governance-set bands per product, refined by realized loss ratio.

ProductCurrent band (annualized)Notes
Merge ins.4–12% of notionalLower for A+ repos, higher for fast-churning ones.
Dependency ins.6–18%Depends on upstream's score, license, maintenance.
Refactor ins.flat fee + 0.5–3%Discounted for repos with high notice-period defaults.

Claim oracles

Three oracle modes per product:

  1. Deterministic on-chain. E.g., merge revert detection (was a revert PR merged within 30 days touching the same files?).
  2. Curator multi-sig. Small bonded set of expert curators per ecosystem (web, ML, infra). Reviews evidence packages.
  3. Optimistic. Claimant posts evidence + bond; anyone can challenge within 48h; resolved by governance vote if challenged.

Gotchas

  • Sleeper pool — different problem (stable infra reward), related primitive.
  • Collateral lending — how insurance feeds into credit pricing.
  • Tokenomics — where premiums and slashes sit in the $GSEA flow.