Install the in-toto Python tooling: pip install in-toto.
Define a supply chain layout file in JSON specifying the ordered steps (e.g., clone, build, test, package), the functionaries (public keys of allowed signers for each step), and the expected artifact rules.
At each pipeline step, generate a signed link metadata file using in-toto-run: in-toto-run --step-name build --products ./dist/ -- make build; this records inputs, outputs, and the command run.
Collect all link metadata files alongside the layout and the layout owner's public key into a verification bundle.
Verify the full supply chain with in-toto-verify --layout root.layout --layout-key owner.pub --link-dir ./links/; a zero exit code confirms all steps ran in order by authorized signers.
Integrate link generation into each CI job and store signed links as build artifacts so the verification bundle is always available for audit.
Known gotchas
The layout must be signed by a trusted owner key; compromising or replacing the layout file is equivalent to compromising the entire verification chain.
Artifact rules in the layout use glob patterns and must exactly match the files produced; overly broad patterns can allow substitution attacks where unexpected files are included.
In-toto link metadata captures command-line arguments; avoid embedding secrets or tokens in build commands as they will be recorded in plain text in the link file.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp