Collected sources and patterns will appear here. Add from search or the patterns library.
Attested diff-promotion ledger: every AI-authored change is signed by the agent (Ed25519 + post-quantum), co-signed by a human approver, dual-verified before it lands, and appended to a tamper-evident ledger. Provenance/audit for AI-authored code (Zephyr SBOF model on diffs). Note: reference build mocks signatures with SHA256 and the ledger is not yet hash-chained. Star atom: composite-signature-verification on diffs.
Three cases: (1) happy path — valid agent sig + operator co-sign promotes and writes one ledger block; (2) forged agent signature is rejected before promotion and not committed; (3) ledger inspection confirms both pubkeys/signatures and the diff hash are recorded.
# Attested Diff-Promotion Ledger Cryptographic provenance for every AI-authored code change: a tamper-evident, append-only record of which agent and which human landed which diff, when, and with what signature. Zephyr's signed-envelope and append-only-ledger model applied to agent-authored diffs. ## Overview In regulated/defense software supply chains, letting an agent write to disk unaudited is a compliance and security risk. This plane makes every landed change carry dual attestation: the agent signs the diff (binding content + agent identity + timestamp) with a composite Ed25519 + post-quantum signature; an operator co-signs on approval; both signatures are verified before promotion; and the verified, approved record is appended to a ledger that can only ever grow. ## Architecture (data flow) Agent diff + agent signature -> composite-signature-verification (agent check) -> HITL approval (operator reviews and co-signs) -> composite-signature-verification (operator check) -> on pass, run in parallel: interactive diff promotion (FileDiff -> WorkspaceEdit on real source) and reducer-based state merging (append the signed record to the append-only ledger). Any failed verification aborts before promotion and is not committed. ## Components 1. Composite Signature Verification — (CompositePublicKey, CompositeSignature, MessageBytes) -> VerificationStatus. Sequential classical + post-quantum. Source: open-quantum-safe/oqs-provider. 2. In-the-loop Tool Approval — ToolCall -> DeferredToolCall (operator co-signs). Sources: agno-agi/agno, pydantic/pydantic-ai. 3. Interactive Diff Promotion — FileDiff -> WorkspaceEdit. Source: ocaml/ocaml-lsp. 4. Reducer-Based State Merging — (State, StateUpdate) -> State. Append-only ledger reducer. Source: langchain-ai/langgraph. ## Build A Python reference (attested_ledger.py) provides an AttestationOrchestrator that verifies the agent signature, runs the operator co-sign gate, verifies the operator signature, promotes the diff, and appends a LedgerRecord (timestamp, diff hash, both pubkeys, both signatures, status) via an append-only LedgerReducer. ## Acceptance Check Three cases: (1) happy path — valid agent sig + operator co-sign promotes and writes one ledger block; (2) forged agent signature is rejected before promotion and not committed; (3) ledger inspection confirms both pubkeys/signatures and the diff hash are recorded. ## Honest status Architecture and dual-attestation flow are sound, but two pieces are mocked. Signatures are truncated SHA256 digests standing in for real Ed25519 + Dilithium (swap for a real composite-sig library). And the "append-only ledger" is a list append with a timestamp sanity check — it is NOT hash-chained, so it is not yet tamper-evident: a real version must chain each record to the prior record's hash (and ideally anchor periodically). Star atom: composite-signature-verification applied to diffs. Differs from TG-ATP: that attests whether a tool is admitted; this attests the provenance of the code output itself.
Generated with Gerolamo — competitive technical intelligence
gerolamo.org