Provenance
Every attestation carries where it came from.
Builds authenticate with a GitHub Actions OIDC token, which proves the repository, commit, run, and runner environment (github-hosted or self-hosted) that produced the output. Vega records that provenance with each attestation and in the transparency log.
The flake reference and revision are taken from the OIDC token, not from the client, so the recorded provenance cannot be spoofed. That provenance is what an independent rebuilder uses to reproduce the output.
Runner environment is provenance, not a trust signal. A self-hosted runner can cache to its own tenant namespace, but only github-hosted runs count toward the distinct-owner agreement that promotes a build to the shared cache: a self-hosted runner is owner-controllable, so it is never independent evidence.