Releases: pulseengine/sigil
Releases · pulseengine/sigil
wsc v0.5.1
🎉 wsc v0.5.1 Release
📦 Native CLI Binaries
| Platform | Binary | TPM2 Support |
|---|---|---|
| Linux x86_64 | wsc-linux-x86_64 |
❌ |
| Linux x86_64 | wsc-linux-x86_64-tpm2 |
✅ |
| Linux aarch64 | wsc-linux-aarch64 |
❌ |
| macOS x86_64 (Intel) | wsc-macos-x86_64 |
❌ |
| macOS aarch64 (Apple Silicon) | wsc-macos-aarch64 |
❌ |
| Windows x86_64 | wsc-windows-x86_64.exe |
❌ |
📦 Rust Crates
Available on crates.io:
wsc-attestationv0.5.1wscv0.5.1wsc-cliv0.5.1
✨ What's New
This release includes comprehensive cross-platform native CLI builds:
- 6 platform targets with pre-built binaries
- TPM2 hardware security support on Linux
- Keyless signing via Sigstore/Fulcio
- Rekor transparency log integration
- Certificate pinning with shared TLS config
v0.4.1 - wsc-attestation crate
🎉 wsc WebAssembly Components Release
📦 What's Included
Component Library (WIT Interface):
wsc-component.wasm- WebAssembly component library with WIT bindingswsc-component.wasm.sha256- SHA256 checksum- Signed OCI artifact:
ghcr.io/pulseengine/wsc:v0.4.1
CLI Tool (WASI Binary):
wsc-cli.wasm- WASI command-line tool for Wasmtimewsc-cli.wasm.sha256- SHA256 checksum- Signed OCI artifact:
ghcr.io/pulseengine/wsc:v0.4.1-cli
🔐 Security Features
- ✅ WASM Module Signing - Signed with wsc keyless signing (dogfooding!)
- ✅ OCI Artifact Signing - Signed with Cosign using GitHub OIDC (keyless)
- ✅ SLSA Provenance - Build attestation included
- ✅ SHA256 Checksums - For download verification
wsc Keyless Signing:
- Identity: GitHub Actions OIDC
- Certificate: Short-lived from Fulcio (Sigstore)
- Transparency: Logged in Rekor transparency log
🚀 Usage
Download WASM Component
# Download and verify checksum
TAG=v0.4.1
wget https://github.com/pulseengine/wsc/releases/download/${TAG}/wsc.wasm
wget https://github.com/pulseengine/wsc/releases/download/${TAG}/wsc.wasm.sha256
sha256sum -c wsc.wasm.sha256Pull Signed OCI Artifact
TAG=v0.4.1
# Pull the signed OCI artifact with oras
oras pull ghcr.io/pulseengine/wsc:${TAG}
# Verify signature with Cosign
cosign verify \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}
# Verify SLSA provenance
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}🔍 Verification
Verify WASM Module Signature (wsc)
# Verify keyless signature (offline - no network required!)
wsc verify --keyless \
--cert-identity "https://github.com/pulseengine/wsc/.github/workflows/release.yml@refs/tags/${TAG}" \
--cert-oidc-issuer "https://token.actions.githubusercontent.com" \
-i wsc-component.wasm
# Or verify without identity constraints
wsc verify --keyless -i wsc-component.wasmVerify OCI Artifact Signature (Cosign)
TAG=v0.4.1
# Verify Cosign signature
cosign verify \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}
# Verify SLSA provenance
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}All releases are:
- Built in GitHub Actions with full transparency
- Signed with wsc keyless signing (WASM modules)
- Signed with Cosign using keyless signing (OCI artifacts)
- Attested with SLSA provenance
- Checksummed with SHA256
📚 Documentation
See README.md for usage details.
v0.4.0
🎉 wsc WebAssembly Components Release
📦 What's Included
Component Library (WIT Interface):
wsc-component.wasm- WebAssembly component library with WIT bindingswsc-component.wasm.sha256- SHA256 checksum- Signed OCI artifact:
ghcr.io/pulseengine/wsc:v0.4.0
CLI Tool (WASI Binary):
wsc-cli.wasm- WASI command-line tool for Wasmtimewsc-cli.wasm.sha256- SHA256 checksum- Signed OCI artifact:
ghcr.io/pulseengine/wsc:v0.4.0-cli
🔐 Security Features
- ✅ WASM Module Signing - Signed with wsc keyless signing (dogfooding!)
- ✅ OCI Artifact Signing - Signed with Cosign using GitHub OIDC (keyless)
- ✅ SLSA Provenance - Build attestation included
- ✅ SHA256 Checksums - For download verification
wsc Keyless Signing:
- Identity: GitHub Actions OIDC
- Certificate: Short-lived from Fulcio (Sigstore)
- Transparency: Logged in Rekor transparency log
🚀 Usage
Download WASM Component
# Download and verify checksum
TAG=v0.4.0
wget https://github.com/pulseengine/wsc/releases/download/${TAG}/wsc.wasm
wget https://github.com/pulseengine/wsc/releases/download/${TAG}/wsc.wasm.sha256
sha256sum -c wsc.wasm.sha256Pull Signed OCI Artifact
TAG=v0.4.0
# Pull the signed OCI artifact with oras
oras pull ghcr.io/pulseengine/wsc:${TAG}
# Verify signature with Cosign
cosign verify \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}
# Verify SLSA provenance
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}🔍 Verification
Verify WASM Module Signature (wsc)
# Verify keyless signature (offline - no network required!)
wsc verify --keyless \
--cert-identity "https://github.com/pulseengine/wsc/.github/workflows/release.yml@refs/tags/${TAG}" \
--cert-oidc-issuer "https://token.actions.githubusercontent.com" \
-i wsc-component.wasm
# Or verify without identity constraints
wsc verify --keyless -i wsc-component.wasmVerify OCI Artifact Signature (Cosign)
TAG=v0.4.0
# Verify Cosign signature
cosign verify \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}
# Verify SLSA provenance
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}All releases are:
- Built in GitHub Actions with full transparency
- Signed with wsc keyless signing (WASM modules)
- Signed with Cosign using keyless signing (OCI artifacts)
- Attested with SLSA provenance
- Checksummed with SHA256
📚 Documentation
See README.md for usage details.
v0.3.1
🎉 wsc WebAssembly Components Release
📦 What's Included
Component Library (WIT Interface):
wsc-component.wasm- WebAssembly component library with WIT bindingswsc-component.wasm.sha256- SHA256 checksum- Signed OCI artifact:
ghcr.io/pulseengine/wsc:
CLI Tool (WASI Binary):
wsc-cli.wasm- WASI command-line tool for Wasmtimewsc-cli.wasm.sha256- SHA256 checksum- Signed OCI artifact:
ghcr.io/pulseengine/wsc:-cli
🔐 Security Features
- ✅ WASM Module Signing - Signed with wsc keyless signing (dogfooding!)
- ✅ OCI Artifact Signing - Signed with Cosign using GitHub OIDC (keyless)
- ✅ SLSA Provenance - Build attestation included
- ✅ SHA256 Checksums - For download verification
wsc Keyless Signing:
- Identity: GitHub Actions OIDC
- Certificate: Short-lived from Fulcio (Sigstore)
- Transparency: Logged in Rekor transparency log
🚀 Usage
Download WASM Component
# Download and verify checksum
TAG=
wget https://github.com/pulseengine/wsc/releases/download/${TAG}/wsc.wasm
wget https://github.com/pulseengine/wsc/releases/download/${TAG}/wsc.wasm.sha256
sha256sum -c wsc.wasm.sha256Pull Signed OCI Artifact
TAG=
# Pull the signed OCI artifact with oras
oras pull ghcr.io/pulseengine/wsc:${TAG}
# Verify signature with Cosign
cosign verify \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}
# Verify SLSA provenance
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}🔍 Verification
Verify WASM Module Signature (wsc)
# Verify keyless signature (offline - no network required!)
wsc verify --keyless \
--cert-identity "https://github.com/pulseengine/wsc/.github/workflows/release.yml@refs/tags/${TAG}" \
--cert-oidc-issuer "https://token.actions.githubusercontent.com" \
-i wsc-component.wasm
# Or verify without identity constraints
wsc verify --keyless -i wsc-component.wasmVerify OCI Artifact Signature (Cosign)
TAG=
# Verify Cosign signature
cosign verify \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}
# Verify SLSA provenance
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}All releases are:
- Built in GitHub Actions with full transparency
- Signed with wsc keyless signing (WASM modules)
- Signed with Cosign using keyless signing (OCI artifacts)
- Attested with SLSA provenance
- Checksummed with SHA256
📚 Documentation
See README.md for usage details.
v0.3.0
🎉 wsc WebAssembly Components Release
📦 What's Included
Component Library (WIT Interface):
wsc-component.wasm- WebAssembly component library with WIT bindingswsc-component.wasm.sha256- SHA256 checksum- Signed OCI artifact:
ghcr.io/pulseengine/wsc:
CLI Tool (WASI Binary):
wsc-cli.wasm- WASI command-line tool for Wasmtimewsc-cli.wasm.sha256- SHA256 checksum- Signed OCI artifact:
ghcr.io/pulseengine/wsc:-cli
🔐 Security Features
- ✅ WASM Module Signing - Signed with wsc keyless signing (dogfooding!)
- ✅ OCI Artifact Signing - Signed with Cosign using GitHub OIDC (keyless)
- ✅ SLSA Provenance - Build attestation included
- ✅ SHA256 Checksums - For download verification
wsc Keyless Signing:
- Identity: GitHub Actions OIDC
- Certificate: Short-lived from Fulcio (Sigstore)
- Transparency: Logged in Rekor transparency log
🚀 Usage
Download WASM Component
# Download and verify checksum
TAG=
wget https://github.com/pulseengine/wsc/releases/download/${TAG}/wsc.wasm
wget https://github.com/pulseengine/wsc/releases/download/${TAG}/wsc.wasm.sha256
sha256sum -c wsc.wasm.sha256Pull Signed OCI Artifact
TAG=
# Pull the signed OCI artifact with oras
oras pull ghcr.io/pulseengine/wsc:${TAG}
# Verify signature with Cosign
cosign verify \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}
# Verify SLSA provenance
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}🔍 Verification
Verify WASM Module Signature (wsc)
# Verify keyless signature (offline - no network required!)
wsc verify --keyless \
--cert-identity "https://github.com/pulseengine/wsc/.github/workflows/release.yml@refs/tags/${TAG}" \
--cert-oidc-issuer "https://token.actions.githubusercontent.com" \
-i wsc-component.wasm
# Or verify without identity constraints
wsc verify --keyless -i wsc-component.wasmVerify OCI Artifact Signature (Cosign)
TAG=
# Verify Cosign signature
cosign verify \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}
# Verify SLSA provenance
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}All releases are:
- Built in GitHub Actions with full transparency
- Signed with wsc keyless signing (WASM modules)
- Signed with Cosign using keyless signing (OCI artifacts)
- Attested with SLSA provenance
- Checksummed with SHA256
📚 Documentation
See README.md for usage details.
v0.2.7-rc3
🎉 wsc WebAssembly Components Release
📦 What's Included
Component Library (WIT Interface):
wsc-component.wasm- WebAssembly component library with WIT bindingswsc-component.wasm.sha256- SHA256 checksum- Signed OCI artifact:
ghcr.io/pulseengine/wsc:v0.2.7-rc3
CLI Tool (WASI Binary):
wsc-cli.wasm- WASI command-line tool for Wasmtimewsc-cli.wasm.sha256- SHA256 checksum- Signed OCI artifact:
ghcr.io/pulseengine/wsc:v0.2.7-rc3-cli
🔐 Security Features
- ✅ WASM Module Signing - Signed with wsc keyless signing (dogfooding!)
- ✅ OCI Artifact Signing - Signed with Cosign using GitHub OIDC (keyless)
- ✅ SLSA Provenance - Build attestation included
- ✅ SHA256 Checksums - For download verification
wsc Keyless Signing:
- Identity: GitHub Actions OIDC
- Certificate: Short-lived from Fulcio (Sigstore)
- Transparency: Logged in Rekor transparency log
🚀 Usage
Download WASM Component
# Download and verify checksum
TAG=v0.2.7-rc3
wget https://github.com/pulseengine/wsc/releases/download/${TAG}/wsc.wasm
wget https://github.com/pulseengine/wsc/releases/download/${TAG}/wsc.wasm.sha256
sha256sum -c wsc.wasm.sha256Pull Signed OCI Artifact
TAG=v0.2.7-rc3
# Pull the signed OCI artifact with oras
oras pull ghcr.io/pulseengine/wsc:${TAG}
# Verify signature with Cosign
cosign verify \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}
# Verify SLSA provenance
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}🔍 Verification
Verify WASM Module Signature (wsc)
# Download a release (once wsc verification is implemented)
# wsc verify --keyless \
# --identity "https://github.com/pulseengine/wsc" \
# --issuer "https://token.actions.githubusercontent.com" \
# --input-file wsc-component.wasm
# For now, signatures are embedded but verification is pending implementationVerify OCI Artifact Signature (Cosign)
TAG=v0.2.7-rc3
# Verify Cosign signature
cosign verify \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}
# Verify SLSA provenance
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}All releases are:
- Built in GitHub Actions with full transparency
- Signed with wsc keyless signing (WASM modules)
- Signed with Cosign using keyless signing (OCI artifacts)
- Attested with SLSA provenance
- Checksummed with SHA256
📚 Documentation
See README.md for usage details.
v0.2.7-rc.1
🎉 wsc WebAssembly Components Release
📦 What's Included
Component Library (WIT Interface):
wsc-component.wasm- WebAssembly component library with WIT bindingswsc-component.wasm.sha256- SHA256 checksum- Signed OCI artifact:
ghcr.io/pulseengine/wsc:
CLI Tool (WASI Binary):
wsc-cli.wasm- WASI command-line tool for Wasmtimewsc-cli.wasm.sha256- SHA256 checksum- Signed OCI artifact:
ghcr.io/pulseengine/wsc:-cli
🔐 Security Features
- ✅ WASM Module Signing - Signed with wsc keyless signing (dogfooding!)
- ✅ OCI Artifact Signing - Signed with Cosign using GitHub OIDC (keyless)
- ✅ SLSA Provenance - Build attestation included
- ✅ SHA256 Checksums - For download verification
wsc Keyless Signing:
- Identity: GitHub Actions OIDC
- Certificate: Short-lived from Fulcio (Sigstore)
- Transparency: Logged in Rekor transparency log
🚀 Usage
Download WASM Component
# Download and verify checksum
TAG=
wget https://github.com/pulseengine/wsc/releases/download/${TAG}/wsc.wasm
wget https://github.com/pulseengine/wsc/releases/download/${TAG}/wsc.wasm.sha256
sha256sum -c wsc.wasm.sha256Pull Signed OCI Artifact
TAG=
# Pull the signed OCI artifact with oras
oras pull ghcr.io/pulseengine/wsc:${TAG}
# Verify signature with Cosign
cosign verify \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}
# Verify SLSA provenance
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}🔍 Verification
Verify WASM Module Signature (wsc)
# Download a release (once wsc verification is implemented)
# wsc verify --keyless \
# --identity "https://github.com/pulseengine/wsc" \
# --issuer "https://token.actions.githubusercontent.com" \
# --input-file wsc-component.wasm
# For now, signatures are embedded but verification is pending implementationVerify OCI Artifact Signature (Cosign)
TAG=
# Verify Cosign signature
cosign verify \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}
# Verify SLSA provenance
cosign verify-attestation \
--type slsaprovenance \
--certificate-identity-regexp="https://github.com/pulseengine/wsc" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
ghcr.io/pulseengine/wsc:${TAG}All releases are:
- Built in GitHub Actions with full transparency
- Signed with wsc keyless signing (WASM modules)
- Signed with Cosign using keyless signing (OCI artifacts)
- Attested with SLSA provenance
- Checksummed with SHA256
📚 Documentation
See README.md for usage details.