Context
v0.1 assumes a single keypair per receipt chain. Real fleets want chains
signed by multiple attestors (e.g. one agent per signer, one HSM per team).
What's needed
- `Receipt` already carries `pubkey` per-receipt, so the format supports
multi-issuer. The missing piece is the `verify` pipeline.
- `sb verify` should accept a trust-anchor set (`--trust-anchors` flag
pointing at a JSON file of public keys + role labels).
- Chain rules: every receipt must be signed by an attestor in the anchor
set; `prev_hash` must chain regardless of issuer change.
Acceptance criteria
Release target
v0.2.
Context
v0.1 assumes a single keypair per receipt chain. Real fleets want chains
signed by multiple attestors (e.g. one agent per signer, one HSM per team).
What's needed
multi-issuer. The missing piece is the `verify` pipeline.
pointing at a JSON file of public keys + role labels).
set; `prev_hash` must chain regardless of issuer change.
Acceptance criteria
issuer, chain with revoked issuer
Release target
v0.2.