Transparency log

An append-only Merkle transparency log of every attestation. You can audit Vega without trusting it.

Verify in one command

The vega CLI does every check below for you. It verifies the signature against a key you already trust (from your trusted-public-keys, never one fetched from the cache), validates the signed tree head and the build's inclusion proof, and re-derives the NAR hash:

nix run github:Ad-Astra-Computing/vega-agent#vega -- verify /nix/store/<hash>-name

It reports the signature scope (shared, scoped, or an upstream mirror) and exits non-zero if any check fails. The endpoints below are the same proofs, for auditing by hand.

Verify from an AI coding agent (MCP)

AI coding agents pull in dependencies; vega mcp lets an agent prove a build before it installs or runs it. It starts a local, read-only Model Context Protocol server over stdio. Its verification tools do the same independent checks as vega verify — signature against a key you trust (your trusted-public-keys, or --public-key), the signed tree head and inclusion proof, and re-deriving the NAR hash from the fetched bytes — while the reproduction tool reports the cache's recorded reproduction status. It is read-only and never holds a credential; a hostile cache is bounded by response-size, timeout, and scan caps.

It exposes four tools. Three take a single target (a /nix/store path, a store-path hash, or <hash>.narinfo); the fourth assesses a whole change:

Wire it into an MCP client (Claude Code, Cursor, and others) by pointing the client at the command over stdio:

{
  "mcpServers": {
    "vega": { "command": "vega", "args": ["mcp"] }
  }
}

If vega is not on the agent's PATH, use nix run github:Ad-Astra-Computing/vega-agent#vega -- mcp as the command. Verification runs on your machine against a key you trust, not on Vega's say-so.

Example output

Each tool returns a compact JSON object of checked facts, never a prose judgement. vega_risk wraps the same proofs in an actionable gate. A fully reproduced shared-tier build allows:

{
  "verdict": "allow",
  "tier": "shared",
  "reasonCodes": ["SHARED_REPRODUCED", "TRANSPARENCY_LOG_INCLUDED"],
  "proofs": {
    "storePath": "/nix/store/h1p9v…-hello-2.12.1",
    "narHash": "sha256:1q1n…",
    "signature": { "ok": true, "keyName": "vega-cache-1", "scope": "shared" },
    "transparency": {
      "found": true, "index": 1142, "sthVerified": true,
      "leafHashOk": true, "inclusionOk": true, "bindingOk": true, "scanned": 1143
    },
    "narHashVerified": true,
    "verified": true
  },
  "nextActions": []
}

A build that is correctly signed but not yet in the transparency log denies, naming the reason and the next steps an agent can take (the proofs object carries the same fields, with verified: false):

{
  "verdict": "deny",
  "tier": "shared",
  "reasonCodes": ["NO_TRANSPARENCY_RECORD"],
  "proofs": { "signature": { "ok": true, "scope": "shared" }, "transparency": { "found": false }, "narHashVerified": true, "verified": false },
  "nextActions": ["request_reproduction", "build_locally"]
}

Endpoints

Fetch the signed tree head, then verify inclusion and consistency proofs:

curl https://vega-cache.dev/log/sth
curl https://vega-cache.dev/log/proof/inclusion/<i>
curl "https://vega-cache.dev/log/proof/consistency?first=<m>&second=<n>"

A human view lives at vega-cache.dev/log.

What the proofs guarantee

The hashing follows the Certificate Transparency Merkle tree: leaf SHA-256(0x00 || data), node SHA-256(0x01 || left || right).

Build status and badges

Every output has a status page at /status/<hash> (the 32-character store-path hash) summarizing where it stands:

An embeddable, color-coded status badge lives at /badge/<hash>.svg. When the Vega GitHub App is installed on a repository, each attested commit also gets a check that links to the output's status page.