Skip to content

fledge spec verify --provenance: require a human signature on the specΒ #430

Description

@0xLeif

Origin: book club review of the CorvidLabs books. spec-sync validates code against the spec; nothing validates the spec against a human who read and signed it. An injected or poisoned task brief can produce a corrupted spec that then passes every downstream check with flying colors. (Books: Field Guide ch9 "The spec is an input too".)

Proposal

Add fledge spec verify --provenance: check that a spec carries a valid attest-style signature from a named human principal before it is trusted as a contract.

Behavior

  • A spec may carry a provenance record: signer identity + signature over the spec content hash.
  • --provenance fails if the spec is unsigned, the signature does not verify, or the signer is not an allowed human principal.
  • Re-signing is required when spec content changes (signature is over the content hash, so edits invalidate it).

Acceptance criteria

  • Detects unsigned, tampered, and non-human-signed specs.
  • Integrates with the existing attest mechanism / keypair identity.
  • CI mode blocks on failure; --json output.

Filed from the book club review; tracked for later work.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions