OpenChainGraph ยท in-toto Supply-Chain Attestation

in-toto Layout Composer

Author an in-toto layout: the ordered steps a software or agent supply chain must follow, the artifact rules each step enforces (MATCH, CREATE, DELETE, MODIFY, ALLOW, DISALLOW), the functionary keys authorized to run each step, and inspections a verifier runs after the fact. The export is a standard in-toto layout document, DSSE-signed, that any in-toto-compatible verifier can check. This is a document format, not a hosted service: nothing is stored on any server.

This composer produces standard in-toto layout documents (in-toto Specification v1.0, ITE-4/ITE-5). It is an independent authoring tool, not part of the in-toto project and not a claim to be a trust root. All framework credit belongs to the in-toto community; verify output against the reference implementations.
๐Ÿ”’ All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data โ€” use synthetic or anonymised inputs only.
Layout metadata
Authorized functionaries

Public keys (or did:key identifiers) allowed to sign links for steps in this layout. One per line.

Steps
Load a fixture (round-trip test)
Layout built