infra: attestation preflight for agent/key-funder deploys

Add gh-backed image attestation verification to the deploy preflight
for rust agents and key-funder. Surfaces build age (SLSA finishedOn)
alongside image tag before prompting the user.

- A successful verify prints the build timestamp + age (days/hours).
- A failed verify prints a bold red banner warning about supply-chain
  risk. The deploy still prompts, but the prompt default flips to "no"
  so an accidental Enter aborts.
- Build age is informational only; promotion-stage soak-time gates
  belong in release scripts.

Author: paulbalaji

typescript/infra/scripts/agents/deploy-agents.ts

@@ -2,8 +2,10 @@ import { confirm } from '@inquirer/prompts';
 import chalk from 'chalk';
 import { execSync } from 'child_process';
 
+import { DockerImageRepos } from '../../config/docker.js';
 import { createAgentKeysIfNotExistsWithPrompt } from '../../src/agents/key-utils.js';
 import { RootAgentConfig } from '../../src/config/agent/agent.js';
+import { preflightVerifyImages } from '../../src/utils/attestation.js';
 import {
   checkAgentImageExists,
   checkMonorepoImageExists,
@@ -100,6 +102,40 @@ async function checkDockerTagsExist(agentConfig: RootAgentConfig) {
   }
 }
 
+async function verifyAgentAttestationsWithPrompt(agentConfig: RootAgentConfig) {
+  const refs = [
+    { component: 'scraper', tag: agentConfig.scraper?.docker.tag },
+    { component: 'validators', tag: agentConfig.validators?.docker.tag },
+    { component: 'relayer', tag: agentConfig.relayer?.docker.tag },
+  ]
+    .filter((r): r is { component: string; tag: string } => !!r.tag)
+    .map(({ component, tag }) => ({
+      component,
+      image: DockerImageRepos.AGENT,
+      tag,
+    }));
+
+  if (refs.length === 0) return;
+
+  console.log(chalk.grey.italic('Verifying image attestations...'));
+  const { allVerified } = await preflightVerifyImages(refs);
+
+  const message = allVerified
+    ? 'All attestations verified. Continue with deploy?'
+    : chalk.red.bold(
+        'One or more images FAILED attestation verify. Continue with deploy anyway?',
+      );
+
+  const shouldContinue = await confirm({
+    message,
+    default: allVerified,
+  });
+  if (!shouldContinue) {
+    console.log(chalk.red.bold('Exiting...'));
+    process.exit(1);
+  }
+}
+
 async function main() {
   // Note the create-keys script should be ran prior to running this script.
   // At the moment, `runAgentHelmCommand` has the side effect of creating keys / users
@@ -110,6 +146,7 @@ async function main() {
   // run the create-keys script first.
   const { agentConfig } = await getConfigsBasedOnArgs();
   await checkDockerTagsExist(agentConfig);
+  await verifyAgentAttestationsWithPrompt(agentConfig);
 
   await createAgentKeysIfNotExistsWithPrompt(agentConfig);
 

typescript/infra/scripts/funding/deploy-key-funder.ts

@@ -4,7 +4,9 @@ import { readFileSync } from 'fs';
 import { join } from 'path';
 
 import { Contexts } from '../../config/contexts.js';
+import { DockerImageRepos } from '../../config/docker.js';
 import { KeyFunderHelmManager } from '../../src/funding/key-funder.js';
+import { preflightVerifyImages } from '../../src/utils/attestation.js';
 import {
   checkNodeServicesImageExists,
   warnIfPrTag,
@@ -41,6 +43,24 @@ async function main() {
       );
       process.exit(1);
     }
+
+    console.log(chalk.grey.italic('Verifying image attestation...'));
+    const { allVerified } = await preflightVerifyImages([
+      { component: 'key-funder', image: DockerImageRepos.NODE_SERVICES, tag },
+    ]);
+
+    const shouldContinue = await confirm({
+      message: allVerified
+        ? 'Attestation verified. Continue with deploy?'
+        : chalk.red.bold(
+            'Image FAILED attestation verify. Continue with deploy anyway?',
+          ),
+      default: allVerified,
+    });
+    if (!shouldContinue) {
+      console.log(chalk.red.bold('Exiting...'));
+      process.exit(1);
+    }
   }
 
   const defaultRegistryCommit = readRegistryRc();

typescript/infra/src/utils/attestation.ts

@@ -0,0 +1,145 @@
+import chalk from 'chalk';
+import { execSync } from 'child_process';
+
+const DEFAULT_REPO = 'hyperlane-xyz/hyperlane-monorepo';
+
+export type AttestationStatus =
+  | {
+      verified: true;
+      finishedOn?: Date;
+      ageMs?: number;
+    }
+  | {
+      verified: false;
+      reason: string;
+    };
+
+export interface ImageRef {
+  component: string;
+  image: string; // e.g. ghcr.io/hyperlane-xyz/hyperlane-agent
+  tag: string;
+}
+
+export async function verifyImageAttestation({
+  image,
+  tag,
+  repo = DEFAULT_REPO,
+}: {
+  image: string;
+  tag: string;
+  repo?: string;
+}): Promise<AttestationStatus> {
+  const ref = `oci://${image}:${tag}`;
+  try {
+    const raw = execSync(
+      `gh attestation verify ${ref} --repo ${repo} --format json`,
+      { stdio: ['ignore', 'pipe', 'pipe'] },
+    ).toString();
+
+    const finishedOn = extractFinishedOn(raw);
+    if (!finishedOn) {
+      return { verified: true };
+    }
+    return {
+      verified: true,
+      finishedOn,
+      ageMs: Date.now() - finishedOn.getTime(),
+    };
+  } catch (err: unknown) {
+    return { verified: false, reason: extractErrorMessage(err) };
+  }
+}
+
+function extractErrorMessage(err: unknown): string {
+  if (typeof err !== 'object' || err === null) {
+    return err instanceof Error ? err.message : 'unknown error';
+  }
+  const stderr = 'stderr' in err ? String(err.stderr ?? '').trim() : '';
+  const stdout = 'stdout' in err ? String(err.stdout ?? '').trim() : '';
+  const message = err instanceof Error ? err.message : '';
+  return stderr || stdout || message || 'unknown error';
+}
+
+function extractFinishedOn(rawJson: string): Date | undefined {
+  try {
+    const parsed = JSON.parse(rawJson);
+    const entries = Array.isArray(parsed) ? parsed : [parsed];
+    for (const entry of entries) {
+      const statement = entry?.verificationResult?.statement ?? entry?.statement;
+      const finishedOn =
+        statement?.predicate?.runDetails?.metadata?.finishedOn ??
+        statement?.predicate?.metadata?.buildFinishedOn;
+      if (typeof finishedOn === 'string') {
+        const d = new Date(finishedOn);
+        if (!isNaN(d.getTime())) return d;
+      }
+    }
+  } catch {
+    // ignore - treated as "verified but age unknown"
+  }
+  return undefined;
+}
+
+function formatAge(ms: number): string {
+  const s = Math.floor(ms / 1000);
+  const d = Math.floor(s / 86400);
+  const h = Math.floor((s % 86400) / 3600);
+  const m = Math.floor((s % 3600) / 60);
+  if (d > 0) return `${d}d ${h}h`;
+  if (h > 0) return `${h}h ${m}m`;
+  return `${m}m`;
+}
+
+export function printAttestationStatus(ref: ImageRef, status: AttestationStatus): void {
+  const imageStr = `${ref.image}:${ref.tag}`;
+  if (status.verified) {
+    console.log(
+      chalk.green(`✓ ${chalk.bold(ref.component)} attestation verified: ${imageStr}`),
+    );
+    if (status.finishedOn && status.ageMs != null) {
+      console.log(
+        chalk.gray(
+          `  built: ${status.finishedOn.toISOString()}  (age: ${formatAge(status.ageMs)})`,
+        ),
+      );
+    } else {
+      console.log(chalk.gray('  build age: unknown (could not parse provenance)'));
+    }
+  } else {
+    const bar = '!'.repeat(72);
+    console.log('');
+    console.log(chalk.red.bold(bar));
+    console.log(
+      chalk.red.bold(`ATTESTATION VERIFY FAILED for ${ref.component} (${imageStr})`),
+    );
+    console.log(
+      chalk.red.bold(
+        'Image may not have been built by this repo\'s CI. Supply-chain risk.',
+      ),
+    );
+    console.log(chalk.red(`reason: ${status.reason.split('\n')[0]}`));
+    console.log(chalk.red.bold(bar));
+    console.log('');
+  }
+}
+
+export async function preflightVerifyImages(
+  refs: ImageRef[],
+): Promise<{ allVerified: boolean; results: Array<{ ref: ImageRef; status: AttestationStatus }> }> {
+  const seen = new Set<string>();
+  const results: Array<{ ref: ImageRef; status: AttestationStatus }> = [];
+  let allVerified = true;
+
+  for (const ref of refs) {
+    const key = `${ref.image}:${ref.tag}`;
+    if (seen.has(key)) continue;
+    seen.add(key);
+
+    const status = await verifyImageAttestation({ image: ref.image, tag: ref.tag });
+    printAttestationStatus(ref, status);
+    results.push({ ref, status });
+    if (!status.verified) allVerified = false;
+  }
+
+  return { allVerified, results };
+}