support multi-subject attestations

Signed-off-by: Brian DeHamer <bdehamer@github.com>
2026-04-03 00:53:19 +08:00 · 2024-10-30 10:55:36 -07:00
parent 65ee4d33af
commit 265a5be8bc
6 changed files with 67 additions and 33 deletions
--- a/packages/attest/src/attest.ts
+++ b/packages/attest/src/attest.ts
@@ -14,11 +14,16 @@ const INTOTO_PAYLOAD_TYPE = 'application/vnd.in-toto+json'
 * Options for attesting a subject / predicate.
 */
 export type AttestOptions = {
-  // The name of the subject to be attested.
-  subjectName: string
-  // The digest of the subject to be attested. Should be a map of digest
-  // algorithms to their hex-encoded values.
-  subjectDigest: Record<string, string>
+  /**
+   * @deprecated Use `subjects` instead.
+   **/
+  subjectName?: string
+  /**
+   * @deprecated Use `subjects` instead.
+   **/
+  subjectDigest?: Record<string, string>
+  // Subjects to be attested.
+  subjects?: Subject[]
  // Content type of the predicate being attested.
  predicateType: string
  // Predicate to be attested.
@@ -42,15 +47,24 @@ export type AttestOptions = {
 * @returns A promise that resolves to the attestation.
 */
 export async function attest(options: AttestOptions): Promise<Attestation> {
-  const subject: Subject = {
-    name: options.subjectName,
-    digest: options.subjectDigest
+  let subjects: Subject[]
+
+  if (options.subjects) {
+    subjects = options.subjects
+  } else if (options.subjectName && options.subjectDigest) {
+    subjects = [{name: options.subjectName, digest: options.subjectDigest}]
+  } else {
+    throw new Error(
+      'Must provide either subjectName and subjectDigest or subjects'
+    )
  }
+
  const predicate: Predicate = {
    type: options.predicateType,
    params: options.predicate
  }
-  const statement = buildIntotoStatement(subject, predicate)
+
+  const statement = buildIntotoStatement(subjects, predicate)

  // Sign the provenance statement
  const payload: Payload = {
--- a/packages/attest/src/intoto.ts
+++ b/packages/attest/src/intoto.ts
@@ -20,12 +20,12 @@ export type InTotoStatement = {
 * @returns The constructed in-toto statement.
 */
 export const buildIntotoStatement = (
-  subject: Subject,
+  subjects: Subject[],
  predicate: Predicate
 ): InTotoStatement => {
  return {
    _type: INTOTO_STATEMENT_V1_TYPE,
-    subject: [subject],
+    subject: subjects,
    predicateType: predicate.type,
    predicate: predicate.params
  }