The trust contract
Every released Genie artifact (per-platform binary, signature pack, installer script) is signed via cosign keyless through GitHub Actions OIDC and accompanied by SLSA Level 3 provenance. There is no long-lived private key, no hardware-backed offline ceremony — instead, every release artifact embeds a Sigstore certificate identifying the workflow path, OIDC issuer, and source-uri that produced it. Operators verify that identity, not a fingerprint. The pin is byte-identical across four independent channels, so an attacker would need to compromise all four to forge a release without detection:install.sh inlined
The bootstrap script that runs
curl -fsSL get.automagik.dev/genie | bash carries the expected certificate identity at the top of the file. Read it before piping to bash.SECURITY.md
The repo-root SECURITY.md lists the same identity verbatim. Cross-checks the script.
.well-known/security.txt
Published at
automagik.dev/.well-known/security.txt over HTTPS — independent of the GitHub repo. A third pinning channel.Pinned GitHub issue
A pinned issue in
automagik-dev/genie titled SIGNING_KEY_FINGERPRINT_<YYYYMMDD> carries the same identity. Updated only via the key-rotation runbook.Verifying an install yourself
--online for an extra check. Mismatch produces a structured exit code (2 = signature-invalid, 3 = identity-mismatch, 4 = provenance-invalid, 5 = no signature material).
For mutating subcommands (genie sec remediate --apply), Genie refuses to run on an unverified binary. Override only via the documented --unsafe-unverified <INCIDENT_ID> ack contract; every override is recorded in ~/.genie/audit/sec-scan/<scan_id>.jsonl for forensic review.
What lives in this section
Distribution Sovereignty
Why Genie ships through its own CDN with cosign + SLSA verification instead of relying on
npmjs.com. The threat model + the verification flow.Verifying Installs
Step-by-step walkthrough of
genie sec verify-install, what each verification stage proves, and how to manually cross-check the four pinning channels.Key Rotation
When and how Namastex rotates the cosign certificate identity — the runbook operators follow if our signing surface changes.
CanisterWorm Incident Response
Public 2026-04-23 runbook for the npm supply-chain compromise that motivated much of the work documented here.
Reporting a vulnerability
Emailsecurity@namastex.io with a clear reproduction. We commit to:
- Acknowledge within 24 hours.
- Confirm or reject within 7 days.
- Coordinate disclosure on a 90-day timeline by default. Earlier if exploitation is observed.