// open source & systems
SkillLedger
Supply-chain integrity for AI skills — Sigstore keyless signing, a Tessera transparency log, and OPA policy gates, in a Dockerized service + log + Postgres stack.
Creator2026GoPythonFastAPITypeScriptSigstoreOPAPostgreSQLDocker
As agents install third-party skills, provenance becomes a real supply-chain problem: who signed this skill, and can you prove it wasn't tampered with? SkillLedger brings the guarantees of modern software supply-chain security to AI skills.
What it does
- Keyless signing. Sigstore-based identity signing — no long-lived keys to leak or rotate.
- Transparency log. A Tessera append-only log makes every publish tamper-evident and auditable.
- Policy gates. OPA policies decide what may run — enforced before a skill is trusted, not after.
- Dockerized stack. Service, transparency log, and Postgres ship together as a reproducible stack.