Architecture
How Vega turns "trust the cache" into "verify the cache": the trust model, end to end.
The flow
Two kinds of attestation feed a candidate binding for an output: independent GitHub Actions builds (provenance proven by an OIDC token) and Vega's own independent reproduction. An owner's local push with vega push stays in that owner's own namespace and never feeds the candidate. A build is signed into the globally-trusted shared cache only after it clears the promotion gates: distinct owners agree on the same output, a trusted Vega rebuild matches, a settling window passes, and it is fresh and not revoked.
Every attestation and every signed binding is recorded in the public, append-only RFC 9162 Merkle transparency log. A consumer does not have to trust Vega: they check an inclusion proof against a signed tree head and re-derive the NAR hash to confirm the bytes match what was attested.