autonomy verify¶
Verify the supply-chain integrity of an OCI image and its artifacts
Synopsis¶
Runs a 4-step, fail-closed supply-chain verification pipeline:
Step 1 — Signatures cosign verify for the image (always), lock sidecar
(
Step 2 — OCI digests Resolves the live image manifest digest and compares it against agent_artifact.digest in the attached lock file. SHA-256 of the pulled policy bundle is compared against policy_bundle.digest in the lock file.
Step 3 — Fingerprint Recomputes the BLAKE3 behavioral fingerprint of the lock file and verifies it matches the stored value.
Step 4 — Semver Parses the version tag from policy_bundle.ref and compares it with policy_bundle_version in the bundle’s manifest.json. major.minor must match.
The command is fail-closed: it exits non-zero if any step fails.
AUTONOMY_TRUST_TIME (env var, default “true”): true — the autonomy.signed-at annotation in the image signature must be present and not older than –max-age (default 8760h / 1 year). false — timestamp check skipped entirely. WEAKENED: a stolen private key can create signatures with no temporal bound. Stale or stolen keys cannot be detected via expiry.
Usage¶
autonomy verify [flags]
Examples¶
# Verify image + lock + policy (strict, with timestamp)
autonomy verify --image localhost:5000/demo-agent:v0.1.0 \
--pub demo/keys/cosign.pub --require-lock --require-policy
# Verify with relaxed time check
AUTONOMY_TRUST_TIME=false autonomy verify \
--image localhost:5000/demo-agent:v0.1.0 --pub demo/keys/cosign.pub
Options¶
--allow-insecure-registry allow plain HTTP registry (auto-detected for localhost)
--image string OCI image reference to verify (required)
--max-age duration maximum age of the signed-at annotation (default 8760h / 1 year)
--pub string path to cosign public key (required)
--require-lock verify the sidecar lock signature and digest
--require-policy verify the sidecar policy signature, digest, and semver