Container provenance
Every deploy anchors the image digest, git commit, Dockerfile SHA, and lockfile SHA as a Knox CoreEvent. Events are Merkle-checkpointed hourly and the checkpoint root is Bitcoin-anchored. A third party can reproduce each step independently.
Latest deployed image
- Image digest
- sha256:4a46c12f59b6b8407831f5f4163feae3083a43a79c0b09619a623c7cf6e40473
- Image tag
- us-central1-docker.pkg.dev/eighth-edge-491502-s8/terravault/terravault:20260529-235133
- Cloud Run revision
- terravault-00562-z6t
- Git commit
- 5d67cf12b102d42b4b33713fe3127a5c2151d54f
- Dockerfile SHA-256
- d200a5e0a0fc…096c1f406a0e
- Lockfile SHA-256
- b1371ca24549…0e3eb8f01072
- Built at
- 2026-05-30T05:10:17Z
- Builder
- [email protected]
Knox anchor
- CoreEvent ID
- cmprw6r9b0001739bdifyiziy
- Event hash
- 2856ee52c2b396e81e3a69e15992a88bc27956c6a7350f70cbfbbdc354ca681e
- Previous hash
- (none)
- Sequence (per aggregate)
- 0
- Global sequence
- 18337
- Anchored at
- 2026-05-30T05:10:18.237Z
Bitcoin checkpoint
- Checkpoint ID
- cmprww4hu0006tqnayktt2rtn
- Range (global seq)
- 18336–18337
- Merkle root
- 16af67dc59ceb14d54728e4958e10b8231eaa93336ba3f403ab9f4a572dba3d1
- Bitcoin anchor
- a1405bc9a5f631d3a554169cc3db9df9a10bbff71ac92e285c2e6713fa0b5335
- Checkpointed at
- 2026-05-30T05:30:01.794Z
How to verify independently
Step 1 — image digest matches what is running
gcloud run revisions describe terravault-00562-z6t --region=us-central1 --format='value(spec.containers[0].image)' returns an image reference. docker pull it and compare docker inspect --format='{{.Id}}' to sha256:4a46c12f59b6….
Step 2 — event hash is reproducible
GET /api/core/events/verify?aggregateType=build&aggregateId=4a46c12f59b6… — the verifier recomputes SHA-256 over the canonical payload + previous hash + sequence. A match returns { valid: true }; any tamper returns { valid: false } with a diff.
Step 3 — checkpoint Merkle root covers the event
GET /api/core/events/replay?fromGlobalSeq=18336&toGlobalSeq=18337 — reconstruct the Merkle root from the replayed event-hash leaves and compare against the checkpoint root above. The checkpoint root is then submitted to OpenTimestamps for Bitcoin anchoring at :30 every hour.
What this attestation is (and is not)
- This is a self-anchored provenance record — the deploy script captures the image digest + source fingerprint, emits a CoreEvent, and relies on the hourly Merkle checkpoint + OpenTimestamps to produce a Bitcoin-level commitment.
- It is structurally analogous to cosign + Sigstore Rekor, using Knox CoreEvent as the transparency log and the Bitcoin blockchain as the immutable anchor in place of Rekor's append-only log.
- It is not a SLSA Level 3+ build-platform attestation — the current build runs on Google Cloud Build, and there is no third-party-signed SLSA provenance document yet.
- It is not cosign-signed — cosign keyless signing via GCP OIDC is a planned addition and will be co-anchored alongside the existing CoreEvent record.
- Pre-checkpoint events (recorded between the hourly :30 runs) are hash-chained and tamper-evident via the CoreEvent hash chain, but the Bitcoin anchor lands only after the next checkpoint.
Raw JSON
/api/knox/attestation/container returns the current attestation as JSON. /api/core/build/list?limit=20 returns the twenty most recent deploys.