Reproducible builds, code signing, and supply chain security

[jeremymanning]

Description

Per spec T136 and whitepaper supply chain requirements:

• Reproducible build configuration
• Code-signing verification (agent refuses dispatch to unattested/unsigned agents)
• Build provenance metadata (git commit, build timestamp) — partially in place via build.rs
• Independent audit readiness for Phase 3

Requirements

• Deterministic compilation producing identical binaries from same source
• Ed25519 code signing for release binaries
• Agent version verification on heartbeat (reject unknown versions)
• Build provenance chain: source commit → CI build → signed artifact → distribution
• Signer ≠ approver enforcement for release artifacts

Success Criteria

• Two independent builds from same commit produce identical binary
• Release binaries are Ed25519 signed
• Agent rejects dispatch from unsigned/unattested peers
• Build provenance metadata verifiable end-to-end
• Signer ≠ approver enforced for release artifacts
• Audit-ready documentation of supply chain

Testing (Principle V)

• Build twice from same commit → verify identical output
• Sign binary → distribute → verify signature on recipient
• Deploy unsigned agent → verify cluster rejects it
• Attempt same-identity sign + approve → verify rejected

[jeremymanning]

Partially addressed by spec 004 / PR #59 — not closing. Build info (git commit, timestamp), Ed25519 verify_binary_signature, and is_known_version exist. HOWEVER, full reproducible-build verification (two independent builds producing identical binary) has not been performed, and no production-signed binary has been shipped.

Remaining work tracked here.

[jeremymanning]

Spec 005 progress — PR #61

STATUS: Release-signing scripts written. CI reproducible-build verification deferred.

Done (commit d691751):

• ops/release/build-reproducible.sh + sign-release.sh + verify-release.sh — see issue Deployment infrastructure: Docker, Helm, and release pipeline #41.
• docs/releases.md — pre-release drift-check gate (FR-011a), pinned constants procedure, evidence requirements per SC, rollback procedure.

Remaining:

• T113 .github/workflows/reproducible-build.yml with Nix-based hermetic build on two independent runners + diffoscope diff not written.
• First signed release not yet cut (RELEASE_PUBLIC_KEY_HEX in verify-release.sh is still the zero sentinel until a keypair is generated + a release tag is cut).

See notes/session-2026-04-19-spec-005-kickoff.md.