Dovette

Dovette defines a published methodology focused on security and safety, a signed-output schema, and a shared analysis store. Independent vetters apply the methodology and issue cryptographic signatures under their own identities; platforms and developers evaluate whose vetting they trust.

Narrow scope

A Dovette-methodology signature attests two things:

• Security. That the module does not compromise the host system, the user's data, or other modules.
• Safety. That the module behaves within its declared bounds, respects its declared resource limits, and degrades gracefully when it cannot.

That is all. Dovette does not attest that a module is useful, legal, appropriate, well-maintained, or fit for any particular purpose. The signature is a fact, not an instruction.

Federated, not centralized

Dovette is a framework, not a signing service. No single operator signs under Dovette's name. Independent vetters apply the methodology under their own identities; consumers evaluate which vetters to trust. Anti-capture is a structural property of the design: there is no single authority to pressure, and any consumer can drop a captured vetter without ecosystem cooperation.

Signatures, not scores

A Dovette signature is pinned to vetter identity, tier, methodology version, and charter version. It is falsifiable and auditable, not a weighted score across broad categories. Consumers can verify exactly what a particular signature claims and does not claim.