slsa

@suaveplan/slsa

SLSA L1-L2 supply-chain security for the Suaveplan monorepo. Generates and verifies in-toto / SLSA v1.0 provenance, CycloneDX 1.5 SBOMs, DSSE attestation envelopes, and RFC 6962 Sigstore Rekor transparency-log proofs. Every capability emits structured OTel span events and raises typed SlsaError subclasses with stable error codes.

When to use this skill

• Implementing or debugging code that imports @suaveplan/slsa.
• The task touches: see package README.
• You need API guidance for this package's exports.

Quick reference

import { /* see API Reference below */ } from "@suaveplan/slsa";

Dependencies

Workspace dependencies: @suaveplan/crypto, @suaveplan/crypto-hash, @suaveplan/crypto-utils, @suaveplan/error, @suaveplan/serialize, @suaveplan/types

Where to read more

This skill is intentionally short. The package's own documentation is the authoritative source — read these in order:

1. packages/security/slsa/README.md — overview, install, quick-start, module index
2. packages/security/slsa/src/**/*.md — co-located docs per implementation file (Purpose, Features, Basic + Advanced examples, full API reference, Implementation notes — all packages in genesis ship ≥200 words per module)
3. packages/security/slsa/package.json exports map — every subpath you can import from

When the user asks an API question, read the relevant co-located .md first; do not answer from training-data memory.

See also

• @suaveplan/crypto
• @suaveplan/crypto-hash
• @suaveplan/crypto-utils
• @suaveplan/error
• @suaveplan/serialize
• @suaveplan/types

---

This SKILL.md is auto-generated by suaveplan-skills/scripts/generate-skills.ts from the package's README. Do not edit by hand — re-run the generator after the README changes.