A link is a capability, not a location
On the open web a link is a place: you trust DNS to find a host, TLS to authenticate it, and
then you trust whatever bytes that host hands back. A dregg:// page is a
capability into a specific cell, and its bytes are content-addressed: the page is the page the
origin committed — checkable by anyone, from any source. dregg.works is that model wearing
ordinary HTTP, so any browser can reach it.
blake3(page) into slot 0 of your cell. The commitment is on-chain, signed, receipted — and yours. This is the only trust-bearing step.Tamper with the bytes — watch it get caught
This is the exact check every dregg.works page runs, here in your tab. The
committed hash is fixed (as if it were on-chain in a cell). Edit the page bytes below:
the served hash recomputes live. Change a single character and it diverges — the host
cannot slip anything past you.
On a real dregg.works page the committed hash is not baked in — it is fetched live from a
node via GET /api/cell/<id> (slot 0), so the host serving the page never supplies
its own answer key. Same blake3, same comparison, against a commitment you can independently look up.
Every served page carries the proof
One self-contained script, dropped into a published page, gives every visitor the verdict in the corner of the screen — no extension, no install. It re-fetches the page's own bytes, hashes them with a vendored BLAKE3, and checks them against the on-chain commitment. A click opens the full reading.
✓ verified on-chain
<!-- in your published page, before </body> -->
<script src="https://dregg.works/verify-badge.js"
data-cell="<your 64-hex cell id>"
data-name="mysite"></script>
Then commit blake3 of the whole file — badge tag and all — to your cell. The page becomes
self-certifying: the bytes that include the badge are exactly the bytes the badge re-hashes and the
bytes the commitment pins. The check closes on itself. By default the commitment is fetched from the
public devnet node; add data-node="https://<a-node>" to point the check at any node
you prefer. See the snippet's header for the meta-tag and window.__DREGG__ alternatives.
Browse the web of cells
Each of these is a sovereign cell that committed its own bytes. The dregg:// ref is the
content-addressed cell id; the .dregg.works name is just a convenient front for it.
Commit a page to a cell
Publishing is one verified turn: write blake3(content) into slot 0 of your cell under
the publish method. The commitment is the trust-bearing half; serving the matching bytes is
just hosting. This is the publishMinisite drive action the interactive portal fires.
import { hexEncode } from "@dregg/sdk/browser";
import { blake3 } from "@noble/hashes/blake3";
// blake3(page) → the 32-byte content commitment a publish turn writes
const contentHash = blake3(new TextEncoder().encode(pageHtml));
// one cap-gated, receipted turn: write the hash into the cell's slot 0
const receipt = await runtime.turn()
.method("publish")
.write(0, contentHash) // SITE_CONTENT_SLOT
.sign() // Ed25519, federation-bound
.submit(); // → Receipt
// the page is now self-certifying at dregg://<cell>
const dreggUri = `dregg://${runtime.cellIdHex()}`;
The convention is realized in portal/src/drive-actions.mjs (publishMinisite) and
starbridge-web-surface/src/web_of_cells.rs (WebOfCells::publish / the
ServedResourceCell shape). The serving host that maps a name to a cell and ships the bytes
is untrusted infrastructure — by design, it never needs to be believed.