aion-context 1.0.0

Cryptographically-signed, versioned business-context file format
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

# Sealed Releases (RFC-0032)

A sealed release is the top-level supply-chain object: one
operation that produces a manifest of artifacts, an AIBOM,
SLSA v1.1 provenance, three DSSE envelopes, an OCI primary
manifest, two OCI attestation referrers, and three
transparency-log entries — all cryptographically cross-linked
and signed by a single signer at a single version.

If `verify_file` answers "is this governance file untampered,"
`SignedRelease::verify` answers "is this **release** —
manifest + AIBOM + SLSA + OCI graph + log entries —
internally consistent under the registry, with all the
linkages intact."

## What gets sealed

```text
ReleaseBuilder::seal()
        ├── ArtifactManifest          (RFC-0022)
        │      └── primary + auxiliaries, each with hash + size
        ├── SignatureEntry over the manifest
        ├── DsseEnvelope wrapping the manifest signature
        ├── AiBom                     (RFC-0029)
        │      └── frameworks, datasets, licenses,
        │           safety attestations, export controls
        ├── DsseEnvelope wrapping the AIBOM
        ├── InTotoStatement (SLSA v1.1)   (RFC-0024)
        │      └── subjects (from manifest entries)
        │      └── builder.id, externalParameters
        ├── DsseEnvelope wrapping the SLSA statement
        ├── OciArtifactManifest       (RFC-0030)
        │      └── primary artifact descriptor
        │      └── config descriptor
        ├── OciArtifactManifest (AIBOM referrer)
        │      └── subject ← primary digest
        ├── OciArtifactManifest (SLSA referrer)
        │      └── subject ← primary digest
        └── 3 × LogSeq
               └── (manifest sig, DSSE envelope, SLSA stmt)
                    appended to the transparency log
```

The whole bundle is the unit of signing. A `SignedRelease`
ties it together with one `signer: AuthorId` and verifies
under one registry epoch.

## What `SignedRelease::verify` checks

Eight gates, all must pass:

1. The manifest signature against the pinned registry epoch.
2. The manifest DSSE envelope's keyids against the registry.
3. The AIBOM DSSE envelope's keyids against the registry.
4. The SLSA DSSE envelope's keyids against the registry.
5. The AIBOM `model.hash` and `model.size` match the
   manifest's first (primary) entry.
6. SLSA subjects' digests are a subset of the manifest's
   entries' digests.
7. Both OCI referrer manifests' `subject.digest` match the
   primary manifest's digest.
8. The three log entries appear in the expected kind order:
   ManifestSignature, DsseEnvelope, SlsaStatement.

## Programmatic shape

```rust
use aion_context::release::{ReleaseBuilder, SignedRelease};

let mut builder = ReleaseBuilder::new("acme-7b-chat", "0.3.1", "safetensors");
builder.primary_artifact("model.safetensors", weights);
builder.add_framework(framework);
builder.add_license(license);
builder.add_safety_attestation(attestation);
builder.builder_id("https://ci.example/run/1");
builder.current_aion_version(1);

let signed: SignedRelease = builder.seal(signer, &signing_key, &mut log)?;
signed.verify(&registry, 1)?;
```

For reconstructing a release from disk (e.g., after the CLI
serialised it through `aion release seal`):

```rust
use aion_context::release::{SignedRelease, SignedReleaseComponents};

let release = SignedRelease::from_components(SignedReleaseComponents {
    signer,
    model_ref,
    manifest,
    manifest_signature,
    manifest_dsse,
    aibom,
    aibom_dsse,
    slsa_statement,
    slsa_dsse,
    oci_primary,
    oci_aibom_referrer,
    oci_slsa_referrer,
    log_entries,
});
release.verify(&registry, at_version)?;
```

The `SignedReleaseComponents` struct (PR #47) replaced an
earlier 13-positional-argument signature; named-field
construction makes argument transposition a compile error.

## CLI surface

The CLI's `aion release seal / verify / inspect` page
documents the operator-facing wrappers. The CLI's bundle
format (`release.json` + `primary.bin`) is one of several
valid distributions; consumers that prefer cosign-friendly
per-component layouts can produce them programmatically by
serialising each component directly (each has its own
`to_json` method).

## See also

- RFC-0032 in `rfcs/` — protocol details
- `examples/aegis_consortium.rs` (sort of related — uses
  multisig but not full sealed-release flow)
- The Nimbus driver in this conversation's history (and the
  earlier `/tmp/nimbus-release-demo` directory in the agent's
  scratch space) — full sealed-release programmatic example