Verify artifact integrity and support sigstore attestations #42
Description
The proxy computes SHA256 hashes on every store but never verifies them on read. The integrity field on versions (SRI format from upstream enrichment) is displayed in the UI but never compared against actual content. There are three trust gaps to close.
1. Verify cached artifacts on read
Re-hash artifacts when serving from cache and compare against the stored content_hash. Reject on mismatch. Catches disk corruption, accidental overwrites, and local tampering. This is a small change in checkCache and should be done first.
Also compare against the upstream integrity field (SRI format) from the versions table when available, so the proxy validates what it cached actually matches what the registry declared.
2. Verify upstream sigstore attestations at fetch time
npm, PyPI, RubyGems, Maven Central, and Homebrew all publish sigstore-based attestations now. The proxy could verify these before caching, catching compromised registry artifacts at the edge rather than silently distributing them.
Each ecosystem publishes attestations differently so this needs per-handler verification logic. Start with npm and PyPI since they have the widest adoption and best library support. sigstore-go is the right dependency here for bundle verification and Rekor transparency log lookups.
Go modules have their own transparency approach via sum.golang.org which could also be verified. Cargo has nothing yet.
3. Verify artifacts from peer proxies (relates to #41)
When pulling from a peer proxy's cache, verify the hash against what the local DB or upstream registry integrity metadata says it should be. This covers the practical threat model for peer caching without heavy machinery.
For environments that need auditable chain of custody, a later step would be having proxies produce in-toto attestations recording what they fetched, from where, when, and what upstream attestation they verified. The in-toto/attestation Go module handles the format, sigstore-go handles signing.