Claude Code

Architecture diagram — three planes (data, control, compliance) for SLSA L2 + Sigstore keyless build pipeline applied across yolo-labz Claude Code plugin repos

SLSA L2 + Sigstore keyless: a solo-dev supply-chain canon for OSS plugin repos

A 9-line GitHub Actions canon — actions/attest-build-provenance + cosign keyless OIDC + dual-format syft SBOM — applied verbatim across six Claude Code plugin repos. SLSA L2 attestations and gh attestation verify smoke tests, no per-plugin overhead, zero rotated secrets.

 · 8 min · Pedro Balbino