`autonomy verify`¶

Verify the supply-chain integrity of an OCI image and its artifacts

Synopsis¶

Runs a 4-step, fail-closed supply-chain verification pipeline:

  Step 1 — Signatures   cosign verify for the image (always), lock sidecar
                         (<tag>-lock, if --require-lock), and policy sidecar
                         (<tag>-policy, if --require-policy).

  Step 2 — OCI digests  Resolves the live image manifest digest and compares it
                         against agent_artifact.digest in the attached lock file.
                         SHA-256 of the pulled policy bundle is compared against
                         policy_bundle.digest in the lock file.

  Step 3 — Fingerprint  Recomputes the BLAKE3 behavioral fingerprint of the lock
                         file and verifies it matches the stored value.

  Step 4 — Semver       Parses the version tag from policy_bundle.ref and
                         compares it with policy_bundle_version in the bundle's
                         manifest.json.  major.minor must match.

The command is fail-closed: it exits non-zero if any step fails.

AUTONOMY_TRUST_TIME (env var, default "true"):
  true  — the autonomy.signed-at annotation in the image signature must be
           present and not older than --max-age (default 8760h / 1 year).
  false — timestamp check skipped entirely.
           WEAKENED: a stolen private key can create signatures with no temporal
           bound.  Stale or stolen keys cannot be detected via expiry.

Usage¶

autonomy verify [flags]

Examples¶

# Verify image + lock + policy (strict, with timestamp)
  autonomy verify --image localhost:5000/demo-agent:v0.1.0 \
      --pub demo/keys/cosign.pub --require-lock --require-policy  # (installed: same — cd ~/.autonomyops/quickstart first)

  # Verify with relaxed time check
  AUTONOMY_TRUST_TIME=false autonomy verify \
      --image localhost:5000/demo-agent:v0.1.0 --pub demo/keys/cosign.pub  # (installed: same — cd ~/.autonomyops/quickstart first)

Options¶

      --allow-insecure-registry   allow plain HTTP registry (auto-detected for localhost)
      --image string              OCI image reference to verify (required)
      --max-age duration          maximum age of the signed-at annotation (default 8760h / 1 year)
      --pub string                path to cosign public key (required)
      --require-lock              verify the sidecar lock signature and digest
      --require-policy            verify the sidecar policy signature, digest, and semver