dpndncY

Attestation type registry

Stable predicateType URIs for every signed event dpndncY emits, each with a versioned JSON Schema. Use this to parse, validate, and store attestations in your own systems.

Types

predicateTypeSubjectKey fields
https://dpndncy.io/scan/v1the scanned project / commitfindings[] (rule, cwe, severity, tier, signals), policyVersion, verdict
https://dpndncy.io/firewall/v1the package@versionverdict, tier, slaHours, ruleId, signals, mode
https://dpndncy.io/agent/runtime-trace/v1the CI jobwindow, mode, events{connect,exec,file,dns}, decisions, traceLogSha256, topEgress[]

Example — runtime-trace/v1 predicate

predicate
{
  "builder": { "id": "urn:dpndncy:agent", "version": "0.1.0" },
  "mode": "observe",
  "window": { "start": "2026-05-26T10:00:00Z", "end": "2026-05-26T10:14:32Z" },
  "events": { "connect": 412, "exec": 58, "file": 4, "dns": 23 },
  "decisions": { "allow": 489, "warn": 8, "review": 0, "block": 0 },
  "traceLog": { "sha256": "a1b2c3…", "size": 384921, "format": "ndjson" },
  "topEgress": [ { "host": "registry.npmjs.org:443", "count": 37 } ]
}
Versioning policy
Minor changes are additive (new optional fields) under the same v1 URI. A breaking change gets a new major URI (/v2). The verifier accepts any v1 minor, so consumers don’t break on additive updates.

See also