Tea Protocol: Rewarding Open-Source Commits with Blockchain Technology

At one point during Tea Protocol's testnet phase, more than three percent of all packages on NPM were fake, created specifically to game the protocol's dependency-ranking algorithm. That figure, cited by Timothy Lewis, the protocol's CEO and co-founder, captures both the ambition of what Tea is trying to build and the difficulty of building it.

From BBSs to the Bitcoin Crowdsale

Lewis started running bulletin board systems when he was six or seven years old and had turned two shotgun ISDNs into a small ISP out of his bedroom by the time he was thirteen. By the early 1990s he was signing all his emails with PGP, describing that period as when he fell in love with cryptography. That technical foundation carried into a career designing low-latency networks for trading firms including Societe Generale, Fimat, and Calyon Financial, where FPGA programming and custom routing protocols were the daily work.

He got his first exposure to Bitcoin around 2010 or 2011, participated in the Ethereum crowdsale, and joined the Olympic testnet when it was, as he put it, "super super raw." By 2015 and 2016 it was all he wanted to do. He left infrastructure work at Kaiser Permanente and started advising projects on tokenomics before the word was widely used. Later he founded Ikigai Asset Management and then Developer's DAO in 2018, a foundation-model organization that distributed what he describes as over eighteen million dollars in grants to open-source developers over roughly three years. The first grant went to Max Howell, creator of Homebrew, with an assignment to think about what he would do differently with a package manager. That assignment became the seed of what Tea Protocol is today.

Three Percent of NPM

Tea launched a testnet structured as a decentralized application that required developers to register repositories. The protocol would return value based on a dependency-ranking score called teaRank. The testnet had generated more transactions than any other testnet Alchemy had ever seen, Lewis says, but the activity attracted systematic manipulation almost immediately.

"At one time we had over 3 percent of the supply chain were fake packages that were derived to manipulate the Tea protocol. And that's crazy. 3 percent of NPM."

Paying Individual Commits by Signature

Lewis had taken a roughly year-and-a-half sabbatical and when he returned in 2024, he reexamined the protocol's core primitives and decided to build a Layer 2 blockchain specifically for open-source software, sitting on top of Ethereum. The central observation was that decades of publicly available GPG, PGP, SSH, and X.509 signatures already exist on commits and packages across the open-source world. That history does not require anyone to sign up.

"We can go historically and we can go in the future direct funding down to a commit. We can do things like a bounty reward, which allows someone to create a bounty around an issue on GitHub and then once that issue is a pull request tags the issue that's pulled in, then we can permissionlessly verify that and a payment gets released."

The on-chain verification of build hashes and signatures means Tea can, in theory, send value to any developer who has signed their commits over the past two decades without registration. Lewis mentions Linus Torvalds and libp2p as examples of early recipients at genesis, with over twenty thousand developers slated to receive rewards based on the Chai Oracle, which validates teaRank in a manner similar to how PageRank scores web pages. The fee structure directs the majority of transaction fees toward registered repositories and their dependencies rather than toward the protocol itself.

How Tea is Thinking About AI and the Pull Request Problem

Lewis frames a substantial part of Tea's current relevance around what he describes as a radical denial of service attack on open-source maintainers from AI-generated pull requests. As agentic coding systems generate more code, the cost of reviewing and auditing incoming contributions rises faster than any individual maintainer can absorb. On the consumption side, package managers typically grab the latest version of a dependency without verifying its provenance, which Tea's on-chain signature verification is designed to address.

The pkgx package runner, which evolved from the original Tea CLI, creates sandboxes on demand and is designed for agentic environments where a system needs to run code without affecting the broader developer environment. Lewis also describes a chain.md file Tea is preparing to make its tools accessible via the Model Context Protocol, so that AI agents can interact with the protocol directly.

He draws a parallel between his earlier career designing low-latency trading infrastructure and the current work of building reliable agentic systems, noting that the engineering principles overlap: reduce latency, ensure reliable execution, and push toward what he calls "probabilistic determinism," meaning systems that maximize the probability of an intended outcome without guaranteeing it deterministically.