SLSA Build Provenance
The framework can sign action files (HMAC) and inventory dependencies (SBOM),
but it could not attest what was produced by which build — the SLSA
provenance attestation that binds artifact digests to build metadata. This adds
an in-toto v1 Statement carrying a SLSA v1 provenance predicate over file
sha256 digests, plus a verifier that re-hashes the artifacts.
Pure standard library (hashlib + json); fully offline; imports no
PySide6. DSSE signing of the statement is left as an optional later layer.
Headless API
from je_auto_control import (
subject_for, build_provenance, write_provenance, verify_provenance)
subjects = [subject_for("dist/app.whl"), subject_for("sbom.cdx.json")]
statement = build_provenance(
subjects, builder_id="github-actions",
metadata={"invocation_id": "run-42", "started_on": "2026-06-21T00:00:00Z"})
write_provenance(statement, "app.intoto.jsonl")
# later, on the consumer side
mismatches = verify_provenance(statement, {"app.whl": "dist/app.whl"})
if not mismatches:
print("artifact digests verified")
subject_for hashes a file into an in-toto subject (subject_for_bytes
does the same for in-memory data); build_provenance wraps the subjects in
the in-toto v1 / SLSA v1 envelope (buildDefinition + runDetails);
verify_provenance re-hashes each named file and returns any digest
mismatch. It complements action_signing (which signs action JSON) and
sbom (which inventories dependencies) — attest the SBOM and signed
artifacts together.
Executor commands
AC_build_provenance takes paths (a list, or JSON string) plus optional
builder_id / build_type and returns {statement}.
AC_verify_provenance takes a statement and files (name->path) and
returns {ok, mismatches}. Both are exposed as MCP tools
(ac_build_provenance / ac_verify_provenance) and as Script Builder
commands under Security.