Tyler King
98aa2b0ec7
Add protobuf message definitions for the four-layer attestation architecture defined in SAT-SPEC-0002. Package: substrate.attestation.v2 Files: - common.proto: QmReceipt (hash-chained Ed25519-signed receipts) - platform.proto: PlatformClaim, TpmQuoteBinding (L1 hardware identity) - software.proto: SoftwareClaim, BuildProvenance (L2 image provenance) - governance.proto: GovernanceClaim, AccordReference, DelegationReference (L3) - session.proto: SessionClaim, ActorContext, PostureEvidence, PostureLevel (L4) - sat.proto: SatBundle (composite, optional claim fields for has_*() codegen) Also adds buf.yaml for lint/breaking-change checks. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
29 lines
1 KiB
Protocol Buffer
29 lines
1 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package substrate.attestation.v2;
|
|
|
|
// ─── Layer 2: Software Claim ────────────────────────────────────────
|
|
//
|
|
// Software provenance and capability declaration. Binds the running
|
|
// image to its build pipeline via QM-notarized build receipts.
|
|
|
|
message SoftwareClaim {
|
|
uint32 layer = 1; // MUST be 2
|
|
string image_id = 2;
|
|
bytes image_hash = 3;
|
|
bytes capability_manifest = 4; // H(manifest JSON)
|
|
repeated string capabilities = 5; // Informational
|
|
BuildProvenance build_provenance = 6;
|
|
string qm_build_receipt = 7;
|
|
bytes platform_claim_hash = 8; // L1 binding
|
|
bytes claim_hash = 9;
|
|
}
|
|
|
|
message BuildProvenance {
|
|
string source_repo = 1;
|
|
string source_commit = 2;
|
|
string builder_identity = 3; // SPIFFE ID or OIDC sub
|
|
string build_timestamp = 4; // ISO 8601
|
|
bool build_reproducible = 5;
|
|
uint32 builder_count = 6;
|
|
}
|