← Home

Provenance

This site is built deterministically from versioned sources and validated at every boundary — the same discipline the work itself argues for. Here's what produced and checked this artifact.

Provenance chain

The build reads as an in-toto / SLSA-style provenance: declared materials, a checked build process, and a signed subject. Each link is verified; the last is the artifact itself.

  1. Materials
    • git+github.com/bdelanghe/site5872a85
    • @bounded-systems/brandv1.0.0
    • data/profile.jsonsha256:f76e72697c6…
    • data/site.jsonsha256:5a3b42e11f0…
    115 repos · 60 public · 106 sources · 14 languages — these corpus figures are computed over this corpus, not asserted; the résumé's outcome metrics are asserted, each grounding-checked in CI.
  2. Process · contractsprofile.json and post frontmatter validate against JSON-Schema; facts transclude from canonical tokens ({{thesis}}, {{proof.*}}) — an unknown token fails the build, so no claim is unsourced.
  3. Process · gateslone blesses each post's DOM (semantic HTML + a11y); copy-review gates overclaims; linkedin-check verifies résumé claims; @bounded-systems/brand tokens are drift-checked. Error-severity findings block the build.
  4. BuilderRendered deterministically — no network, no GitHub at build. The same materials always produce the same subject.

  5. Subject — signed

    commit 5872a85 · 2026-06-21 · bdelanghe/site

    Real in-toto Statement/v1 + SLSA provenance, DSSE ed25519-signed over this build's subjects + materials: attestation.json — verify against attestation.pub.

Claims → evidence

Every hero claim points at the running code that backs it.