How does JIL verify container images?

Every container image built for JIL validators is tagged with its SHA-256 content digest, cryptographically signed by the build pipeline, and pinned in JILHQ's registry. Validators verify the digest before deploying any image, ensuring software authenticity and preventing supply chain attacks.

What is digest pinning?

Digest pinning means storing the exact SHA-256 hash of a container image in a trusted registry (JILHQ). When a validator pulls an image, it computes the digest locally and compares it against the pinned value. Any mismatch - even a single byte change - blocks deployment.

How does this prevent supply chain attacks?

By verifying image digests against JILHQ's signed registry, validators cannot be tricked into running modified images even if an attacker compromises the image distribution channel. The cryptographic chain of trust extends from the build system through JILHQ to every validator.

What happens when a new image version is released?

New images follow the pipeline: build on DevNet, push to Artifact Registry, register and sign in JILHQ, pin the digest. Validators pull the new image on their own schedule and verify the digest before deploying. The old digest remains valid until explicitly deprecated.

Container Image Digest Verification

Executive Summary

The container image digest verification system provides cryptographic assurance that every container running on a validator node matches the exact version pinned and signed by the fleet controller. This prevents supply-chain attacks where modified container images could compromise consensus operations.

Verification Protocol

Each validator node maintains a local inventory of all running container images. During bootstrap Gate 3, the node computes SHA-256 digests for each image and transmits them to the fleet controller for comparison against the centrally pinned manifest stored in hq_image_digests.

Step	Action	Failure Mode
1	Enumerate all local container images (17+)	Incomplete inventory halts bootstrap
2	Compute SHA-256 digest for each image	Computation failure halts bootstrap
3	Submit digest list to fleet controller	Network failure triggers retry
4	Controller compares against pinned manifest	Any mismatch halts bootstrap
5	Controller returns signed approval	Missing approval halts bootstrap

Pinned Manifest Management

The fleet controller maintains the authoritative manifest of approved image digests. When a new image version is deployed through the secure image pipeline, its digest is registered, signed, and pinned in the manifest. The pipeline flow is: DevNet build, push to Artifact Registry, JILHQ register and sign, validators pull on refresh, digest verify before deploy.

Supply Chain Security: Images are signed during the release process on the fleet controller. The signing key is held exclusively by the fleet controller HSM, preventing unauthorized image modifications.

Implementation Details

The verification service runs as part of the validator update agent. It compares digests at bootstrap and optionally during periodic health checks (every 60 seconds via the AI Fleet Inspector).

// Image digest table schema
CREATE TABLE hq_image_digests (
    service_name   TEXT NOT NULL,
    image_tag      TEXT NOT NULL,
    sha256_digest  TEXT NOT NULL,
    signed_by      TEXT NOT NULL,
    pinned_at      TIMESTAMPTZ DEFAULT NOW(),
    PRIMARY KEY (service_name, image_tag)
);

Patent Claim

Dependent Claim 8: The method of claim 7, wherein the code integrity verification gate computes SHA-256 digests for each of 17+ container images and compares each against a centrally pinned manifest maintained in a hq_image_digests table, with any single mismatch halting bootstrap.

How It Works

Tokenomics

Roadmap

Humanitarian Impact Fund

FAQ

Wallet

DEX

LaunchPad

Token Factory

Vaults

About

Contact

Container Image Digest Verification

Executive Summary

Verification Protocol

Pinned Manifest Management

Implementation Details

Patent Claim