Northset

northset.ai · open-source run records

Verify any bundle yourself

Confirms the bundle’s origin — that our signing workflow produced this exact file. The run itself is self-operated and self-reported; the signer doesn’t witness it, and it isn’t maintainer verification.

How to read this

Contribution
Northset wrote the fix and ran the listed checks itself. The record is our own work — not maintainer verification.
Own-repo rehearsal
A run on Northset’s own repository, used to exercise the pipeline. Not external validation.
Attested
GitHub’s workflow signed the record bundle (SLSA provenance via Sigstore, logged in the public Rekor transparency log). The signature proves where the file came from, not that the code is good.
Outcome
The maintainer’s decision on the contribution’s pull request — the only real signal here, which Northset does not control. Rehearsals have none.

A run record is evidence of declared execution metadata and artifacts. It is not proof of code quality, security, maintainer approval, or production readiness.

Mission Source Type Outcome Signed record