FabricFabricHarness
CLI

Builds and Verification

List emitted build manifests and verify provenance/attestations.

fh builds

fabric-harness builds

List every build manifest emitted under .fabricharness/build/. Output includes target, output dir, agent count, manifest digest, and timestamps.

fh verify-attestation

fabric-harness verify-attestation <build-dir-or-attestation>

Verify the in-toto attestation produced by fh build --attestation. The argument can be a build directory (the CLI finds attestation.intoto.jsonl) or a direct path to the attestation file.

fh verify-attestation .fabricharness/build/node
fh verify-attestation .fabricharness/build/node/attestation.intoto.jsonl

fh verify-provenance

fabric-harness verify-provenance <build-dir-or-provenance>

Verify the SLSA-style provenance produced by fh build --provenance. Optionally signed with cosign via --sign-provenance.

fh verify-provenance .fabricharness/build/node

If a provenance.sig is present, the CLI invokes cosign verify-blob with the configured public key. Otherwise it validates structure and digests only.

See also

Artifacts and Checkpoints

List, fetch, and inspect session-bound artifacts and checkpoints.

fh temporal-worker

Run a local Temporal worker that executes Fabric Harness activities.

On this page

fh buildsfh verify-attestationfh verify-provenanceSee also