Northset
northset.ai · open-source run records
Verify any bundle yourself
Confirms the bundle’s origin — that our signing workflow produced this exact file. The run itself is self-operated and self-reported; the signer doesn’t witness it, and it isn’t maintainer verification.
How to read this
- Contribution
- Northset wrote the fix and ran the listed checks itself. The record is our own work — not maintainer verification.
- Own-repo rehearsal
- A run on Northset’s own repository, used to exercise the pipeline. Not external validation.
- Attested
- GitHub’s workflow signed the record bundle (SLSA provenance via Sigstore, logged in the public Rekor transparency log). The signature proves where the file came from, not that the code is good.
- Outcome
- The maintainer’s decision on the contribution’s pull request — the only real signal here, which Northset does not control. Rehearsals have none.
A run record is evidence of declared execution metadata and artifacts. It is not proof of code quality, security, maintainer approval, or production readiness.
| Mission | Source | Type | Outcome | Signed record |
|---|