Integrity and Deny Tutorial

What you’re proving

  • Supply-chain verification is fail-closed under tampering.

  • Runtime/policy layer deny behavior is enforced and observable.

  • Lock fingerprint identity is a first-class field in runtime output.

Prereqs

  • From repo root

  • Go toolchain installed

Steps

  1. Run lock/signature tamper verification tests:

cd <repo-root>
go test ./oci/sign -run Tamper -v

  1. Run runtime deny behavior tests:

go test ./runtime -run 'TestTool_Deny|TestAudit_DenyRoundTrip' -v

  1. Run lock fingerprint check command help (interface proof):

go run ./cmd/autonomy lock verify --help

Expected outputs (real patterns):

verify correctly rejected tampered agent digest
verify correctly rejected tampered fingerprint
verify correctly rejected unsigned image at step 1

--- PASS: TestTool_Deny
--- PASS: TestAudit_DenyRoundTrip

How to verify

  • All commands exit 0.

  • Tamper tests show verification failures for modified digest/fingerprint/signature paths.

  • Runtime tests confirm denied tool path and persisted deny audit fields.

Common failure modes + debugging

  • cosign-related test setup issues: inspect oci/sign/verify_tamper_test.go fixtures and skips.

  • Runtime test mismatch: run the full package with go test ./runtime -v and inspect failing expectations.

Do Not Do / Non-goals

  • Do not assume control-plane can override runtime deny decisions.

  • Do not treat advisory release metadata as execution authority.

Evidence

  • oci/sign/verify.go (4-step verify pipeline)

  • oci/sign/verify_tamper_test.go

  • runtime/server_test.go (TestTool_Deny, audit/deny tests)

  • runtime/interceptor_test.go (deny on evaluator deny/error)

  • cmd/autonomy/commands/lock.go (lock verify command behavior)