Verifiable execution substrate for immutable skills.
Provenact verifies and executes immutable, attestable skills with strict capability controls, deterministic verification/execution contracts, and signed provenance. It is an execution substrate, not an agent framework: packaging, signing, verification, and policy-constrained runtime with auditable receipts.
Provenact provides:
- a format and trust model for immutable executable bundles
- cryptographic attestation of code, inputs, and declared capabilities
- a sandboxed runtime for deterministic, policy-constrained execution
- tooling to package, sign, verify, inspect, and run skills
- conformance vectors and receipt verification for auditability
Provenact is not an agent framework, workflow engine, or orchestration layer.
- Immutability by default.
- Explicit capabilities.
- Verifiable provenance.
- Deterministic execution.
- Composability without trust collapse.
- Not an LLM/agent framework
- Not a scheduler or workflow orchestrator
- Not a general container runtime
- Not a blockchain
provenact/
├─ spec/ # Normative specs (formats, policies, threat model)
├─ core/ # Verification, signing, policy libraries (Rust)
├─ runtime/ # Runtime execution/transcript docs
├─ cli/ # Developer tooling (pack, sign, verify, run)
├─ skills/ # Blessed stdlib skills and fixtures
├─ test-vectors/ # Conformance vectors
├─ docs/ # Architecture and release/readiness docs
├─ apps/ # Temporary app/control-plane scaffolds
└─ README.md
Execution is intentionally split into narrow layers:
core/verifier
- strict parsing and deterministic verification primitives
- policy and capability evaluation
- canonical hashing and signature checks
cli/provenact-cli
- user-facing command orchestration (
pack,sign,verify,run) - preflight bundle validation and trust-anchor handling
- runtime invocation with resource limits
runtime/docs + specs
- execution rules, transcript model, and threat boundaries
This separation keeps cryptographic checks reusable and keeps command UX logic out of the verifier core.
v0.1.0 baseline released; current work is hardening and operational polish.
Stability notes:
- v0 bundle/manifest/policy/receipt schemas are normative and SemVer-governed.
- Fields and commands marked
experimentalare explicitly unstable. provenact-cli runrequires--receipt; successful runs always emit a receipt.- External timestamp authority is out of scope for v0 receipts.
- Reproducible builds are a roadmap objective; v0 does not yet publish CI build reproducibility proofs.
Compatibility policy is defined in spec/compatibility.md.
Assumptions and non-goals are defined in spec/threat-model.md.
- Artifact format: WebAssembly module (
.wasm) validated by Wasmtime. - Host interface: Provenact host ABI (
docs/runtime-host-abi.md). - WASI imports are not part of the v0 normative runtime contract.
- Run full conformance:
cargo conformance - Run release gate locally:
cargo release-v0-check - Release checklist:
RELEASE_V0_CHECKLIST.md - Coverage matrix:
docs/conformance-matrix.md - Secure quickstart:
docs/getting-started.md - Observability contract:
docs/observability.md - Audit policy:
audit.toml
-
Pack:
provenact-cli pack --bundle ./bundle --wasm ./skill.wasm --manifest ./manifest.json -
Sign:
provenact-cli sign --bundle ./bundle --signer alice.dev --secret-key ./alice.key -
Pin trust anchor digest:
KEYS_DIGEST="$(shasum -a 256 ./public-keys.json | awk '{print "sha256:"$1}')". -
Verify:
provenact-cli verify --bundle ./bundle --keys ./public-keys.json --keys-digest "$KEYS_DIGEST" -
Run:
provenact-cli run --bundle ./bundle --keys ./public-keys.json --keys-digest "$KEYS_DIGEST" --policy ./policy.json --input ./input.json --receipt ./receipt.json
AGENTS.mddefines repository scope boundaries.SPEC.mdis the top-level spec index.spec/contains normative v0 format and policy documents.