This is a Javascript library providing an API for github.com/sigstore/rekor: https://docs.sigstore.dev/rekor/overview/
Sigstore Rekor types
Sigstore Rekor types
Relay sidecar bundle launcher: detects host OS/arch, downloads the matching PyInstaller-built sidecar binary, verifies the SHA-256 digest against the signed release manifest (STEP A), verifies the Sigstore Rekor inclusion proof (STEP B), and launches the
code-signing for npm packages
Sigstore signing library
passportsign CLI: bind a GitHub account to a passport-holding human via zkPassport, verify bindings against public Sigstore Rekor, generate self-contained inline SVG badges.
Core primitives for passportsign: canonical serialization, in-toto Statement v1 builder, binding bundle format, GitHub gist check, Rekor client, RFC 6962 Merkle, DSSE envelope, bundle verifier. Apache-2.0.
No description provided.
Provenance verification for prebuilt native addons with GitHub attestations
Sigstore CLI
Gadget bundle signing + verification for the ggui gadget marketplace. Ed25519 author-key path + sigstore/cosign keyless path. Pure-TS @noble crypto for Ed25519 — browser-safe.
MDA v1.0 source-mode loader: frontmatter extraction, integrity, Sigstore signature verification, requires.network enforcement.
The JavaScript layer that turns brightdata-mcp into an intelligence & evidence platform: classify what your agents scrape, seal it verifiably (HMAC-SHA256 + Ed25519 asymmetric signature with identity-publishable keyId + RFC 3161 TSA with CMS chain verify
Mocked version of the Sigstore services
Official SDK for verifying RealStamp credentials, querying revocations and impersonation claims, and subscribing to webhook events.
**RFC v0.1 — Open for Community Review** *Joseph G. Cecala, E.I.T. // LoafPickle Worldwide*
code-signing for npm packages
Sigstore CLI
Wellmade's shared commitlint config — minimal additions to Conventional Commits, no opinionated scope/subject rules.
Sigstore signing library
External anchor providers for AgentOS provenance — blockchain, WORM storage, and transparency log integrations
Browser-side verification of Backbay attestations
JavaScript client for Sigstore
DO NOT USE: rekor placeholder
Drop-in Rust sidecar that wraps any MCP server: scans tool calls for prompt injection (UTS-39 confusable-folding + Unicode strip + Aho+Regex), validates Ed25519 manifest signatures with TOFU keystore + Sigstore Rekor bridge, strips loader-class env keys (LD_PRELOAD, NODE_OPTIONS, ...) from spawned children, detects tools/list schema drift (Layer 7 closes rug-pull / silent-redefinition class with NFKC-canonical fingerprint + bidirectional inbound/outbound gate + BLAKE3 or SHA-256 backend for FIPS/PCI/HIPAA + optional JCS RFC 8785 canonicalisation + _meta.fingerprint cross-tool audit injection), serves a fully-wired rmcp 1.5 control-plane behind the rmcp-control feature (MCP spec 2025-11-25, closes CVE-2026-42559 transitively), exports OTLP gRPC telemetry, blocks marketplace-poisoning vectors. <5ms p99 overhead.
Rekor transparency log client for Sigstore
HTTP client for Sigstore (Rekor, Fulcio) — end-to-end signing workflow for pqrascv
Flexible caching support for Sigstore clients
A robust, audit-friendly Rust implementation of FIPS 203 ML-KEM (the standardised CRYSTALS-Kyber post-quantum KEM).
Bitcoin OP_RETURN anchoring for PQ-RASCV attestation audit trails
Command-line interface for the PQ-RASCV hardware attestation protocol
Post-Quantum Remote Attestation & Supply-Chain Verification (PQ-RASCV) prover core — no_std + alloc
Hardware-rooted trust and distributed verifier consensus for PQ-RASCV
Server-side verifier for PQ-RASCV attestation quotes
An experimental crate to interact with sigstore
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.