Dogfooding
attest uses itself. Every commit that lands on main gets a provenance
attestation recorded by attest, on attest’s own history, and gated against
the committed .attest.json policy in CI. The trust record for this repository
is itself an attest ledger, stored in refs/notes/attest and travelling with
the repo like any other git data.
This is not a toy fixture: the output below is captured from running the real
release binary against attest’s real HEAD. Reproduce all of it with
examples/dogfood.sh, which runs in a /tmp scratch clone (your working tree
and notes ref are never touched).
Platform. macOS and Linux. The
examples/dogfood.shscript and the CI dogfood steps run on macOS.
Why “attest attests attest” is the honest test
A provenance tool is only trustworthy if it survives being pointed at itself. So
we record an agent:ci attestation (the same shape CI records) on attest’s own
commit, then show it both passing a realistic gate and failing a strict
one. The failure is the interesting half: it proves attest actually catches a
missing signature / human sign-off rather than rubber-stamping.
1. Record an attestation on attest’s own HEAD
$ attest sign --commit "$HEAD" --reviewer agent:ci \
--confidence 0.9 --verdict proceed --tests-passed \
--note "attest dogfooding its own CI: build + 106 tests green"
attest · recorded agent:ci on ab181efcddThe ledger row on attest’s real commit (ab181ef):
$ attest log --commit "$HEAD"
attest · ledger
commit ab181efcdd (1 attestation)
[ok] agent:ci verdict:proceed conf:90% tests:ok human:- unsigned
note: attest dogfooding its own CI: build + 106 tests greenIt’s unsigned and human:- on purpose. That’s exactly what an automated CI
attestation looks like, and it’s what the strict policy below will catch.
2. Verify PASS under a lax policy (exit 0)
A realistic CI gate: a commit must carry an attestation and report passing tests.
That’s satisfied, so verify exits 0.
{
"requireAttestation": true,
"requireTestsPassed": true
}$ attest verify --commit "$HEAD" --policy lax.json
attest verify · [ok] PASS (1 commit checked)
$ echo $?
0This is the same fatal gate CI runs against the committed .attest.json.
3. Verify FAIL under a strict policy (exit 1)
Now demand a cryptographic signature and a human sign-off. The agent:ci
attestation has neither, so attest catches it on its own commit and exits 1:
{
"requireAttestation": true,
"requireTestsPassed": true,
"requireSignature": true,
"requireHumanApprovalWhenVerdictAtLeast": "proceed"
}$ attest verify --commit "$HEAD" --policy strict.json
attest verify · [x] FAIL (1 commit checked)
violations:
x ab181efcdd requireSignature: no valid signed attestation
x ab181efcdd requireHumanApprovalWhenVerdictAtLeast: verdict is at least proceed on this commit but no attestation is human-approved
$ echo $?
1Those two violations lines are the real proof that the gate has teeth.
The CI dogfood: a growing provenance ledger
The CI workflow wires this into every run on the macOS runner. After
swift build, swift test, and fledge spec check pass, it builds the release
binary, records an unsigned agent:ci attestation on $GITHUB_SHA, runs
attest verify --policy .attest.json as a fatal gate (printing the ledger
and verdict), and (on a push to main only) best-effort git push origin refs/notes/attest so the ledger accumulates over time. The job has
permissions: contents: write; the push is guarded with || echo "note push skipped" so a permissions or race issue can’t redden CI. Only the verify gate
can fail the job.
Inspect the ledger from a fresh clone:
git clone https://github.com/CorvidLabs/attest.git
cd attest
git fetch origin "refs/notes/*:refs/notes/*" # pull the attestation notes
attest log # every attested commit
attest log --range origin/main~10..origin/main # a recent sliceReproduce it locally
examples/dogfood.shThe strict FAIL is expected and captured, so the script itself exits 0:
lax verify exit code: 0 (expected 0, PASS)
strict verify exit code: 1 (expected 1, FAIL, caught)
dogfood OK: attest attested attest, both outcomes as expected.Caveats
- CI attestations are unsigned: no signing key is provisioned on the runner
(signing is optional by design). Provision a key with
attest keygen, sign with--sign, and tighten.attest.jsonto make the ledger cryptographically verifiable. - The notes push is best-effort and main-only. PR runs record and verify an attestation but don’t push notes.
- The committed
.attest.jsonis intentionally permissive so the tool is usable with zero configuration; the strict policy above lives only in the demo/docs.