Skip to content

ci+docs: R21 Task A — sigstore/cosign attestation for crates publishes#479

Merged
B2JK-Industry merged 1 commit into
mainfrom
agent/dev4/r21-task-a-sigstore-v2
May 3, 2026
Merged

ci+docs: R21 Task A — sigstore/cosign attestation for crates publishes#479
B2JK-Industry merged 1 commit into
mainfrom
agent/dev4/r21-task-a-sigstore-v2

Conversation

@B2JK-Industry
Copy link
Copy Markdown
Owner

@B2JK-Industry B2JK-Industry commented May 3, 2026

Summary

Every SBO3L crate published to crates.io from this workflow now ships SLSA Build Provenance v1 attestation, signed via GitHub OIDC + Sigstore Fulcio, and recorded on the public Rekor transparency log.

What changed

File Change
.github/workflows/crates-publish.yml Per-crate cargo package + actions/attest-build-provenance@v2 + cargo publish --no-verify for all 9 crates. New permissions: block (id-token: write, attestations: write). Final upload-artifact bundles all 9 .crate files.
docs/security/supply-chain.md Operator + consumer guide. Three independent verification paths (gh attestation verify, cosign verify-blob, rekor-cli direct). Backfill posture (1.2.0 unattested, 1.3.0+ attested forward-only). Cross-track linking to ENSIP-26 / UR / KH PRs.

Verification (consumer-side, three options)

gh attestation verify sbo3l-cli-1.3.0.crate --owner B2JK-Industry
cosign verify-blob \
  --certificate-identity-regexp "^https://github.com/B2JK-Industry/SBO3L-ethglobal-openagents-2026/.github/workflows/crates-publish.yml@refs/tags/v[0-9].*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  --bundle <attestation.json> sbo3l-cli-1.3.0.crate
rekor-cli search --sha sha256:<crate-digest>

Operational impact

  • No new credentials — Sigstore uses GitHub OIDC.
  • No new repo secrets — Fulcio CA + Rekor log are public.
  • +5-10s per crate — total publish time goes ~5 min → ~6-7 min.
  • Backwards-compatible — unverified consumers get the same .crate file.

Cross-track context

Pairs with ENSIP-26 + UR per-command pattern + KH IP-1 envelope for the end-to-end "every link is signed" narrative.

🤖 Generated with Claude Code

@B2JK-Industry @claude
ci+docs: R21 Task A — sigstore/cosign attestation for crates.io publi…
fc58bda 
…shes

Adds SLSA Build Provenance v1 attestation to every crate
published from .github/workflows/crates-publish.yml. Each of
the 9 crates is packaged + attested + Rekor-recorded before
the cargo publish step.

What changed in the workflow
============================

1. New top-level `permissions:` block:
   - id-token: write (OIDC for Sigstore Fulcio)
   - attestations: write (registers the bundle on the run)
   - contents: read (existing checkout perms)

2. For each of the 9 crates, the new sequence is:
   - cargo package -p <crate> --allow-dirty
     (creates target/package/<crate>-<version>.crate)
   - actions/attest-build-provenance@v2 with subject-path
     (signs + pushes to Rekor)
   - cargo publish -p <crate> --no-verify
     (publishes the SAME .crate file we just attested;
     --no-verify prevents server-side rebuild that could drift
     from the attested artifact)
   - sleep 30 (existing index-propagation gate)

3. Final step: actions/upload-artifact@v4 bundles all 9 .crate
   files as a workflow artifact `sbo3l-crates-<version>-attested`,
   90-day retention.

Forward-only posture
====================

Existing 1.2.0 publishes shipped pre-attestation. Cargo refuses
to re-publish an existing version (registry immutability), so
backfilling 1.2.0 isn't possible. 1.3.0+ ships attested from
first publish onward.

Verification (consumer side, three options)
============================================

Documented in docs/security/supply-chain.md:

  Option A — gh attestation verify (simplest, GH CLI 2.49+)
  Option B — cosign verify-blob (no GH CLI needed)
  Option C — rekor-cli direct lookup by .crate digest

Each path proves: this .crate file was built by the canonical
B2JK-Industry workflow at a release tag, not by an attacker
who hijacked the registry credential.

Why this matters
================

For agentic-platform consumers (KH/ENS/Uniswap eval teams
scanning supply chain), this is the enterprise-grade trust
signal they look for in Cargo.toml deps before importing
the crate.

No new credentials, no new repo secrets — Sigstore uses GitHub
OIDC + public Fulcio CA + public Rekor log. Backwards-compatible
(unverified consumers get the same .crate file as before).

Cross-track context: pairs with ENSIP-26 (verifiable agent
identity) + UR per-command pattern (signed swap receipts) + KH
IP-1 envelope (signed workflow submits) for the end-to-end
"every link in the agent → adapter → registry chain is signed"
narrative.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@B2JK-Industry B2JK-Industry enabled auto-merge (squash) May 3, 2026 08:46
@vercel
Copy link
Copy Markdown

vercel Bot commented May 3, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
sbo3l-ccip Ready Ready Preview, Comment May 3, 2026 8:48am
sbo3l-marketing Ready Ready Preview, Comment May 3, 2026 8:48am
sbo3l-playground-api Ready Ready Preview, Comment May 3, 2026 8:48am

Request Review

@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector Bot commented May 3, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

@B2JK-Industry B2JK-Industry merged commit 945ceae into main May 3, 2026
37 of 39 checks passed
@B2JK-Industry B2JK-Industry deleted the agent/dev4/r21-task-a-sigstore-v2 branch May 3, 2026 09:12
@B2JK-Industry B2JK-Industry mentioned this pull request May 3, 2026
Merged
B2JK-Industry added a commit that referenced this pull request May 3, 2026
@B2JK-Industry @claude
docs(uat): R22 batch 3 — 6/6 structural PASS, 4 deferred-to-trigger c…
63f16d5 
…hecks (#490)

R22 cascade landed 7 PRs in 21 seconds. Per-PR TASK B verification
per Daniel's continuous-watch brief:

✅ #477 ElizaOS-KH plugin (Dev 2 PR1 of 4 KH-adapter set):
   merged on main; npm publish pending; structural checks PASS.

✅ #481 AutoGen-KH plugin (Dev 2 PR2 of 4 KH-adapter set):
   merged on main; npm publish pending; structural checks PASS.

✅ #479 sigstore/cosign attestation for crates publishes:
   - .github/workflows/crates-publish.yml has attest-build-provenance
     step + correct permissions block
   - docs/security/supply-chain.md ships 3 verification paths
     (gh attestation verify, cosign verify-blob, rekor-cli search)
   - Live cosign verify-blob test deferred per documented backfill
     posture: "1.2.0 unattested; 1.3.0+ attested forward-only"

✅ #485 backup demo video automation:
   - 10 demo assets present at apps/marketing/public/demo-assets/
     (title-card, end-card, lower-third-template, 3 QR codes, 4 sponsor
     inserts)
   - Video URL itself is Daniel-side; Round 3 fires on URL paste

✅ #484 R21 Task B nudge runbook (operational; structural merge OK)
✅ #486 R21 Task C anvil-fork sim (operational; structural merge OK)
✅ #472 Codex fixes on R20 PRs #461+#470 (structural)

Outstanding R22 PRs at batch 3 close (auto-merge will resolve):
  #476 KH-fleet 5 real capsules — CI cycling
  #478 Vercel-AI-KH — DIRTY
  #480 0G TS SDK — DIRTY
  #483 CrewAI-KH — CI pending
  #487 i18n SK+KO+JA — CI cycling

When #478 + #483 land, Dev 2's full 4-KH-adapter set will be at
4/4 structural; npm publish verification fires when packages
land at 1.2.0 on registry.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@B2JK-Industry