AIIR Commit Receipt Predicate — v2

This URI identifies the AIIR commit receipt v2 predicate type for use in in-toto Statement v1 attestation envelopes. v2 adds tree_sha and parent_shas for full DAG binding.

Property	Value
Predicate Type URI	`https://invariantsystems.io/predicates/aiir/commit_receipt/v2`
Schema Identifier	`aiir/commit_receipt.v2`
JSON Schema	commit_receipt.v2.schema.json
Specification	SPEC.md
Status	Stable (v2.0.0)

Changes from v1

commit.tree_sha — the tree object SHA for full DAG binding
commit.parent_shas — list of parent commit SHAs (merge awareness)
All v1 fields remain present and unchanged

in-toto Statement Envelope

When the --in-toto flag is used, AIIR wraps each receipt in a standard in-toto Statement v1:

{
  "_type": "https://in-toto.io/Statement/v1",
  "subject": [
    {
      "name": "https://github.com/example/repo@abc123...",
      "digest": { "gitCommit": "abc123..." }
    }
  ],
  "predicateType": "https://invariantsystems.io/predicates/aiir/commit_receipt/v2",
  "predicate": {
    "type": "aiir.commit_receipt",
    "schema": "aiir/commit_receipt.v2",
    ...
  }
}

Verification

The predicate (inner receipt) is verified using the AIIR verification algorithm (SPEC.md §9). The in-toto envelope is then consumable by standard supply-chain tools and policy engines:

Sigstore cosign
Kyverno
OPA / Gatekeeper
Tekton Chains
In-toto policy input note for receipt-required checks over the same envelope, including engines such as AMPEL

For a receipt-required policy, the smallest useful surface is whether a matching receipt is present, whether it verifies, and whether it is required for the current change. Engines such as AMPEL can consume that narrow result without needing a new provenance model.

Subject Format

The subject identifies the git commit:

Field	Value
`name`	`{repository}@{commit_sha}`
`digest.gitCommit`	Full hex SHA of the commit

Implementations

Language	Package	Conformant
Python	aiir (reference)	✅
JavaScript	@aiir/verifier	✅
Rust	aiir-cbor-verify	✅