A Chrome extension that injects on-chain reality checks next to every tweet on X.
Catch a shill before you ape into it.
Quick start · How it works · Deploy · FAQ · Report bug
⭐ If you've ever been rugged by a Twitter "alpha caller" — star this repo. Every star helps us prioritize.
Every day on Crypto Twitter:
- 🎭 KOLs shill tokens they bought minutes before the tweet and dump on followers
- 📉 Serial callers push "100x guaranteed" while their historical PnL is −70%
- 🚨 New accounts promote rug pulls as "based dev, LFG" — and you find out after you ape
You can't tell who's real and who's not. Until now.
TruthLayer adds a single 8-pixel colored dot next to every handle on X.
| Color | Meaning |
|---|---|
| 🟢 | Verified holder — claimed wallet, clean history |
| 🟡 | Caution — entered position before tweet, serial caller |
| 🔴 | High risk — linked to rug pulls, concentrated supply |
| ⚪ | Unverified — no wallet claimed yet |
Hover the dot → full report opens with three metrics, one-line explanation, and direct links to Etherscan, DEXScreener, Arkham, DeBank, Solscan, RugCheck.
No bloat. No banners under every tweet. Your feed stays clean.
📸 What it actually looks like
Open reference/dot-hover.html in your browser for a static preview, or follow the Quick start below.
The hover card shows:
- Identity tier (A / B / B+ / C) with verification level
- Three metrics: holds token, shill history, avg PnL after calls
- External links grouped by chain and by token
- Human-readable verdict in one line
| TruthLayer | Nansen | Arkham | DEXScreener | Wallet Guard | |
|---|---|---|---|---|---|
| Inline overlay on Twitter | ✅ | ❌ | ❌ | ❌ | ❌ |
| Per-author shill history | ✅ | ❌ | ❌ | ❌ | ❌ |
| One-click claim → verified badge | ✅ | ❌ | ❌ | ❌ | ❌ |
| Multi-chain (ETH+SOL+L2s) | ✅ | ✅ | ✅ | ✅ | partial |
| Free tier | ✅ | ❌ | partial | ✅ | ✅ |
| Open source | ✅ | ❌ | ❌ | ❌ | ❌ |
you read a tweet on X
│
▼
┌──────────────────────┐
│ Content script │ ◄── extracts @handle + $TICKER from tweet DOM
│ (Chrome MV3) │
└──────────┬───────────┘
│
▼
┌──────────────────────┐
│ Background worker │ ◄── attaches Bearer JWT, caches per scoring_version
└──────────┬───────────┘
│ HTTPS
▼
┌──────────────────────┐
│ Fastify API │ ◄── server-side scoring, no thresholds in client
│ /v1/score │
│ /v1/claim │
│ /v1/session │
└──────────┬───────────┘
│
▼
┌──────────────────────┐
│ Postgres │ ◄── identities · wallets · links · sessions
└──────────────────────┘
Why this design
- 🔒 Server-side policy. The extension is a pure renderer — no thresholds, weights, or formulas in the client bundle. Reverse-engineering reveals nothing.
- 🔐 SIWE + SIWS auth. Wallets prove ownership with EIP-4361 (EVM) or Ed25519 (Solana). Single-use nonces, 10-minute TTL, replay-rejection.
- 🛡️ Build-time external URLs. Etherscan / DEXScreener links are constants in the bundle. A compromised API can't redirect users to phishing sites.
- ⏱️ Defense-in-depth abuse resistance. Nine documented attack families with multiple independent counters. See
docs/abuse-resistance.md.
| Feature | Status |
|---|---|
| Inline dot overlay on x.com | ✅ |
| Hover card with 3 metrics + explanation | ✅ |
| External links: Etherscan, DEXScreener, Arkham, DeBank, Solscan, Birdeye, RugCheck, Zapper | ✅ |
| Self-onboarding claim flow (SIWE + SIWS) | ✅ |
| Multi-chain: Ethereum, Solana, Base, Arbitrum, BNB | ✅ |
| Anonymous session — no login wall | ✅ |
| Postgres persistent identity graph | ✅ |
| Production Dockerfile + Railway template | ✅ |
| Real on-chain data adapters (Alchemy / Helius) | 🔨 In progress |
| Twitter OAuth | 🔨 In progress |
| Chrome Web Store listing | 🔨 In review |
| Pro tier + Stripe billing | 📋 Planned |
| B2B API for wallets / exchanges | 📋 Planned |
git clone https://github.com/miraekims/Truthlayer.git
cd Truthlayer
npm install
npm run dev:allThat spins up:
| Service | URL |
|---|---|
| API | http://localhost:8787 |
| Claim web | http://localhost:5173 |
| Extension dist | apps/extension/dist/ |
Then:
- Open
chrome://extensions→ enable Developer mode → Load unpacked → selectapps/extension/dist - Open https://x.com — colored dots appear next to every handle
- Open http://localhost:5173 — claim your wallet in 30 seconds
npm run smokeReal EVM keypair → SIWE signature → API verify → A-tier recorded → replay rejected. ~3 seconds.
| Step | Service | What you get | Cost |
|---|---|---|---|
| 1 | Supabase | Postgres database | Free |
| 2 | Railway | API hosting | Free hobby |
| 3 | Vercel | Claim web hosting | Free |
| 4 | Chrome Web Store | Extension listing | $5 once |
Total: $5 one-time, $0/month — handles 1000+ MAU comfortably.
Detailed walkthrough: DEPLOY.md
docker pull ghcr.io/miraekims/Truthlayer/api:latest
docker run -p 8787:8787 \
-e DATABASE_URL=postgres://... \
-e TL_JWT_SECRET=$(openssl rand -hex 32) \
ghcr.io/miraekims/Truthlayer/api:latest| Layer | Choice | Why |
|---|---|---|
| Extension | Chrome MV3 + React + Shadow DOM | Twitter's CSS can't break us, ours can't leak |
| Build | Vite (content) + esbuild (worker) | Single-file IIFE for content scripts, fast HMR |
| API | Fastify + TypeScript | Lowest overhead Node framework |
| Auth | EIP-4361 SIWE + Ed25519 SIWS | Wallet-native, no email |
| Crypto | @noble/curves, ethereum-cryptography |
Audited, zero-dependency |
| DB | Postgres (Supabase) | One source of truth, no NoSQL ceremony |
| Hosting | Railway + Vercel + Cloudflare Pages | All free tiers, all GitHub-integrated |
Truthlayer/
├── apps/
│ ├── api/ ← Fastify API: auth, scoring, identity graph
│ ├── extension/ ← Chrome MV3: dot overlay + hover card + popup
│ └── claim-web/ ← Self-onboarding page
├── packages/
│ └── shared/ ← TypeScript contracts shared everywhere
├── docs/ ← Public specs (principles only)
├── reference/ ← Static HTML mockups
└── .kiro/steering/ ← AI-agent invariants
| Document | Topic |
|---|---|
| identity-graph.md | How handles link to wallets (A/B/B+/C tiers) |
| scoring.md | What the overlay measures and why |
| abuse-resistance.md | 9 attack families and defenses |
| monetization-and-auth.md | Freemium B2C + B2B API model |
| scalability.md | Growth stages and graceful degradation |
| release-strategy.md | Phase 1 → 2 → 3 rollout plan |
| data-pipeline.md | External data domains consumed |
| DEPLOY.md | Step-by-step production setup |
| TESTING.md | How to run and report bugs |
- Inline dot overlay on x.com
- Hover card with metrics + external links
- SIWE + SIWS claim flow
- Anonymous session bootstrap
- Postgres persistent graph
- Production Dockerfile + Railway/Vercel configs
- Alchemy / Helius adapters (real on-chain balances)
- Twitter OAuth (replace stub verifier)
- Chrome Web Store launch
- Farcaster + Lens platform support
- Pro tier ($15/mo) with custom alerts
- B2B API (wallets, exchanges, analytics tools)
- B+ context-match inference (NLP + on-chain co-activity)
Why a Chrome extension and not a website?
Because traders read X, not yet-another-dashboard. The data has to live where they already are. A standalone site adds friction the product is designed to remove.
How do you prevent fake A-tier claims?
A-tier requires a cryptographic signature from the wallet plus an active Twitter session for the handle. The signed message is built server-side and matched verbatim. Single-use nonces with bounded TTL block replays. See docs/abuse-resistance.md.
What about smart-contract wallets (Safe, Argent)?
Routed through a delayed-challenge path. The signature is re-verified at a later block height to ensure the claimer holds durable signing authority — not a transient multisig role.
Will this work on Firefox or Brave?
Brave: yes, it's Chromium-based. Firefox: planned after Chrome Web Store stable.
Is this open source?
Source-available under proprietary license. You can read it, run it, fork for personal use, contribute back. No commercial redistribution. The point: trust through transparency, but the brand and the live service stay singular.
How do you handle privacy?
We link X handles to wallet addresses — addresses the user themselves chose to publish. We do not link wallets to real-world names, never collect emails for free tier, never sell data. Detach a wallet → it's removed from the overlay within an hour.
Is the extension safe to install? Can it read all my tweets?
It only reads tweet DOM on x.com / twitter.com (handles + tickers). No browsing history, no auth tokens, no DMs. Source code is right here — audit it. Production builds carry zero localhost strings (verified in CI).
Issues and PRs welcome.
Before contributing:
- Read
.kiro/steering/— these are the invariants every change must respect - Read TESTING.md — how to verify your change works
- Never commit numbers, thresholds, or formulas to
docs/— those are internal
Source-available. See LICENSE for terms.
Built for crypto holders who are tired of getting rugged by influencers.
⭐ Star this repo if you'd kill for this on X. ⭐