Review the in-toto Attestation Framework specification which defines the Envelope (DSSE), Statement, and Predicate layers
Select a predicate type URI matching your attestation purpose: SLSA Provenance (https://slsa.dev/provenance/v1 or v0.2) for build provenance, SPDX for SBOMs, CycloneDX for SBOMs, or a custom predicate URI for application-specific metadata
Construct the Statement with subject (array of resource descriptors with name and digest) and predicateType URI, then embed your predicate payload
Sign the DSSE envelope using a recognized key or keyless OIDC flow (Sigstore)
Store the signed attestation bundle in the OCI registry alongside the artifact using cosign attest or a compatible tool
At verification time, use the matching predicate type URI so the verifier can locate and parse the correct attestation among multiple stored ones
Known gotchas
SLSA Provenance v1 (https://slsa.dev/provenance/v1) and v0.2 have different field schemas; generating one and verifying with a tool expecting the other will fail
Multiple attestations with different predicate types can be stored for the same artifact digest; verifiers filter by predicate type, so storing multiple types is safe
Custom predicate type URIs should be resolvable URLs pointing to schema documentation; opaque strings are technically valid but reduce interoperability
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp