Provenance

Covenant provenance envelopes connect an autonomous task to the Git commit it produced. The format is plain JSON and is verified from Git object data, not from local working-tree state. The same verifier also validates unsigned audit-root attestations that bind a local audit integrity report to a commit and task or release target.

Envelope contents

  • Subject commit hash.
  • Changed file list with Git blob ids and SHA-256 digests.
  • Autonomy task snapshot digest from the subject commit.
  • Transition events for that task from the subject commit.
  • Recorded validation commands and pass/fail/skipped status.
  • Explicit limits for claims that are not implemented yet.

Verification

The verifier recomputes file evidence, task evidence, transition events, and the envelope payload digest. It also rejects local home paths, personal email addresses, private SSH key names, and the Covenant SSH host alias.

node agent-os/scripts/provenance.mjs verify-all node agent-os/scripts/provenance.mjs verify --file docs/provenance/attestations/20ff55e-memory-drift-reports.json

Audit-root attestations

covenant.audit-root-attestation.v1 payloads are generated from covenant audit verify output. The verifier checks that the report is valid, event and anchor counts match, the root hash is canonical hex, the subject commit is canonical, and task targets match the task snapshot stored in the subject commit.

covenant audit verify > audit-report.json node agent-os/scripts/provenance.mjs audit-root write \ --report audit-report.json \ --task audit-root-attestation-v1 \ --commit HEAD \ --out docs/provenance/audit-roots/<commit>-audit-root.json \ --validation "covenant audit verify=passed" node agent-os/scripts/provenance.mjs audit-root verify \ --file docs/provenance/audit-roots/<commit>-audit-root.json

Status

Provenance envelopes are experimental. They are consistency evidence, not release signatures and not transparency-log entries. Audit-root attestations are generated and verified, but they remain unsigned until a project signing identity is selected. Key custody and transparency-log publication remain planned work. Release artifact subject schema is defined, but not implemented or published yet.

Audit root signing remains a separate release hardening path: attach a project-controlled signature to the existing detached root payload, then publish it to a transparency log once local signing and verification are stable.

Related