Docs: add RFC for Sigstore integration for AgentCard supply chain verification by kevincogan · Pull Request #283 · kagenti/kagenti-operator

kevincogan · 2026-04-14T14:51:42Z

Summary

Adds the RFC for Sigstore integration into the kagenti-operator's AgentCard feature. This document proposes adding supply-chain provenance verification alongside the existing SPIRE/SPIFFE runtime identity system.

The RFC covers:

Phase 1: SPIRE Sigstore image verification (config only, no Go code)
Phase 2A: Move signing authority from init-container to operator
Phase 2B: Sigstore bundle verification for agent card blobs
Phase 3: Dual-layer status conditions and backend/UI integration
Phase 4: OCI attestations and SPIRE attestor composition (future direction)

Key design decisions include using the SPIRE K8s attestor's built-in Sigstore support over a separate Policy Controller, a new BundleVerifier interface (Interface Segregation from the existing JWS Provider), and operator-level signing to eliminate the self-attestation trust gap identified in the PR #1038 review.

Related issue(s)

Agent Attestation Epic #612 (Signal 4: Provenance)
AgentCard UI Integration PR #1038 (review discussion that motivated the operator-signing pivot)

Testing Instructions

N/A - documentation only.

…ification. Signed-off-by: Kevin Cogan <kevin.s.cogan@gmail.com>

kevincogan changed the title ~~Docs: add RFC for Sigstore integration for AgentCard supply chain ver…~~ Docs: add RFC for Sigstore integration for AgentCard supply chain verification Apr 14, 2026

kevincogan mentioned this pull request Apr 14, 2026

✨ feat: Add mTLS runtime identity verification for AgentCards #284

Open

Docs: add RFC for Sigstore integration for AgentCard supply chain ver…

a4a7990

…ification. Signed-off-by: Kevin Cogan <kevin.s.cogan@gmail.com>

kevincogan force-pushed the docs/rfc-sigstore-agentcard-verification branch from f4a3853 to a4a7990 Compare April 15, 2026 16:17

clawgenti mentioned this pull request Apr 20, 2026

Weekly Report 2026-04-20 kagenti/kagenti#1286

Closed

clawgenti mentioned this pull request Apr 27, 2026

Weekly Report 2026-04-27 kagenti/kagenti#1348

Closed

xjacka mentioned this pull request Apr 29, 2026

Org Weekly Report 2026-04-22 -- 2026-04-29 (kagenti) xjacka/test#2

Open

clawgenti mentioned this pull request May 4, 2026

Weekly Report 2026-05-04 kagenti/kagenti#1448

Closed

xjacka mentioned this pull request May 4, 2026

Weekly Report 2026-05-04 kagenti/kagenti#1449

Open

clawgenti mentioned this pull request May 4, 2026

Weekly Report 2026-05-04 kagenti/kagenti#1450

Closed

xjacka mentioned this pull request May 11, 2026

Weekly Report 2026-05-11 kagenti/kagenti#1533

Open

DeanKelly751 mentioned this pull request May 12, 2026

Feat: Implementing Sigstore-A2A verification for A2A Agent Cards #355

Open

clawgenti mentioned this pull request May 18, 2026

Weekly Report 2026-05-18 kagenti/kagenti#1608

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Docs: add RFC for Sigstore integration for AgentCard supply chain verification#283

Docs: add RFC for Sigstore integration for AgentCard supply chain verification#283
kevincogan wants to merge 1 commit into
kagenti:mainfrom
kevincogan:docs/rfc-sigstore-agentcard-verification

kevincogan commented Apr 14, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

kevincogan commented Apr 14, 2026

Summary

Related issue(s)

Testing Instructions

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant