feat(gitlawb-attest): External Attestation v1 for ref-update certs#7
Draft
achillewasque wants to merge 1 commit into
Draft
feat(gitlawb-attest): External Attestation v1 for ref-update certs#7achillewasque wants to merge 1 commit into
achillewasque wants to merge 1 commit into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds an optional
attestationsfield on ref-update certs plus a small crate to sign and verify them. An envelope with no attestations serializes to identical bytes as a bare cert, so nothing on the wire changes for nodes that don't opt in.The current trust path in
registerhands every new agent a flat 0.05 with nothing else to anchor to. Attestations give it something to work with: SLSA or Sigstore for human-pushed code, sandbox + capability digests for agent-pushed code, in-toto for multi-step pipelines. This PR is the protocol crate only; provider implementations live elsewhere. Covenant has the first reference impl at open-covenant/covenantagent-os/crates/covenant-gitlawb/src/exec_attest.rs(covenant/exec/v1).Protocol
Each attestation:
type: discriminator, e.g.covenant/exec/v1,slsa/v1.0,sigstore/dsse/v1payload: opaque JSON, type-specificcert_hash: SHA-256 hex of the cert body withsignaturesandattestationsstripped, JCS-encoded per RFC 8785signer:did:key:z6Mk...sig: base64url-no-pad ed25519 over JCS({type, payload, cert_hash})Registrymaps type to verifier.Policy::AcceptKnown(default) lets unknown types pass without trust so adoption stays incremental.RequireAllenforces a per-repo allowlist;RejectUnknownis strict.JCS
RFC 8785 pins object key order, number formatting, and string escaping. Without it the cert hash and attestation signatures depend on whichever JSON library the next implementor picks (BTreeMap vs IndexMap, struct field order, etc.), and interop breaks the first time a non-Rust signer shows up.
Backwards compatibility
Two tests cover the wire shape:
empty_envelope_serializes_as_bare_cert: an envelope with no attestations produces the same top-level keys as a bare certbare_cert_parses_as_envelope_with_no_attestations: today's bare cert JSON round-trips into the envelopePlus tampered payloads, cross-cert replays, mid-cert countersignature changes, and unknown types under strict policy all fail in tests.
15 tests pass.
cargo fmt --all -- --checkclean.cargo clippy -p gitlawb-attest --all-targets -- -D warningsclean. (Workspace-level clippy fails on pre-existing lints ingl/src/init.rsunrelated to this PR.)Not in this PR
Reference implementation
End-to-end demo at open-covenant/covenant on
feat/gitlawb-bridge,agent-os/examples/gitlawb-attest-demo/. Generates two ed25519 keys, builds a cert, attaches acovenant/exec/v1attestation, prints the wire envelope, verifies it throughgitlawb_attest::Registry.