Stage310 transforms verification results into a visual and shareable Trust Score system.
Before Stage310:
verification result → JSON
After Stage310:
verification result → Trust Score → Public URL → API
- Trust Score visualization (0.0 - 1.0)
- accept / pending / reject decision
- Public Trust URL (/trust/)
- External API (/api/verify, /api/trust/)
- Trust breakdown:
- Integrity
- Execution
- Identity
- Time
- Sigstore (current: declared)
- Evidence JSON
- Fail-closed policy
Trust Score = average( integrity, execution, identity, time, sigstore )
trust_score >= 0.85 → accept
trust_score >= 0.45 → pending
trust_score < 0.45 → reject
Fail-closed is enabled.
Stage310 converts verification into something that:
- users can understand instantly
- engineers can validate
- systems can consume via API
- businesses can share via URL
pip install -r requirements.txt
python app.py
curl -X POST http://127.0.0.1:3110/api/verify
-H "Content-Type: application/json"
-d '{
"url": "https://example.com",
"manifest": {
"claims": {
"execution": true,
"identity": true,
"integrity": true,
"timestamp": true,
"workflow": "github-actions",
"sigstore": true,
"policy_version": "v1"
}
}
}'
Stage311 will introduce real Sigstore verification.
MIT License
Copyright (c) 2025 Motohiro Suzuki