Skip to content

mokkunsuzuki-code/stage352

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Stage352: Hybrid Signature Manifest Verification Layer

Stage352 extends Stage351 by verifying the hybrid signature manifest.

What Stage352 Verifies

  • docs/signatures/stage351_signature_manifest.json exists
  • docs/enforcement/enforcement_session.json exists
  • Stage351 required fields are present
  • Stage351 session_sha256 matches Stage350 session_sha256
  • canonical_payload_sha256 is recomputed and checked
  • signature_manifest_sha256 is recomputed and checked
  • CI / local context is consistent
  • Sigstore OIDC requirement is consistent
  • PQC ML-DSA intent_only state is not falsely treated as a real signature
  • Missing signatures are not claimed as verified
  • Private keys and raw secrets are not referenced

Public Evidence

  • docs/signatures/stage352_signature_manifest_verification.json

Decision Model

  • accept_metadata_only: local metadata-only manifest is structurally valid and hash-bound
  • accept: CI context and required signature conditions are satisfied
  • warn: non-critical inconsistency
  • reject: hash mismatch, structure mismatch, or fake PQC/signature claim
  • block: CI requires Sigstore OIDC but it is missing

Safety Boundary

Stage352 does not publish private keys, raw secrets, fake signatures, or unverified PQC claims.

About

Hybrid Signature Manifest Verification Layer for verification of enforcement session binding, context integrity, hash consistency, Sigstore OIDC requirements, and PQC-ready signature metadata.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors