Know every byte before it moves.
DLSSync indexes runtime releases from their upstream sources, signs the catalog, and enforces hash plus publisher identity at apply time.
—vendors
—runtime families
—verified release records
—generated
Detached signature
The app verifies the exact manifest bytes against a pinned Ed25519 public key before persistence.
Declared provenance
Catalog records point to upstream vendor releases or the labeled community archive. This repository does not rehost DLL binaries.
Apply-time enforcement
Expected hashes and Authenticode publisher identity are checked before a game file changes.
Independent contract
npm ci && npm run validate && npm run verify-signature