autonomy bundle verify¶
Verify supply-chain integrity of a bundle (cosign + BLAKE3)
Synopsis¶
Runs the 4-step, fail-closed supply-chain verification pipeline for the bundle OCI image at :
Step 1 — Signatures cosign verify for the image (always), lock sidecar
(
Step 2 — OCI digests Resolves the live image manifest digest and compares it against agent_artifact.digest in the lock file. SHA-256 of the pulled policy bundle is compared against policy_bundle.digest in the lock file.
Step 3 — Fingerprint Recomputes the BLAKE3 behavioral fingerprint of the lock file and verifies it matches the stored value.
Step 4 — Semver Parses the version tag from policy_bundle.ref and compares it with policy_bundle_version in the bundle’s manifest.json. major.minor must match.
The command is fail-closed: it exits non-zero if any step fails.
AUTONOMY_TRUST_TIME (env var, default “true”): true — the autonomy.signed-at annotation must be present in the image signature and not older than –max-age (default 8760h / 1 year). false — timestamp check skipped entirely (weakened; see sign docs).
Usage¶
autonomy bundle verify <ref> [flags]
Examples¶
# Verify image only
autonomy bundle verify robot-behavior:1.2.3 --pub-key ./keys/cosign.pub
# Verify image + lock + policy (strict)
autonomy bundle verify robot-behavior:1.2.3 \
--pub-key ./keys/cosign.pub --require-lock --require-policy
Options¶
--allow-insecure-registry allow plain HTTP registry (auto-detected for localhost)
--max-age duration maximum age of the signed-at annotation (default 8760h / 1 year)
--pub-key string path to cosign public key in SPKI PEM format (required)
--require-lock also verify the cosign signature and digest of the lock sidecar artifact
--require-policy also verify the cosign signature, digest, and semver of the policy sidecar artifact
See also¶
autonomy bundle— Manage AutonomyOps bundles (pull, push, inspect, verify)