{
  "artifactPath": "releases/0.1.0/bundle.nipmod",
  "artifactSha256": "30e7f7594ad3c17276cac9f736db5c7915a614ae24afdd11a93ed61e48cb0f3d",
  "canonical": "pkg:did:key:z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review",
  "cloneUrl": "https://node.nipmod.com/z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review.git",
  "compatibilityReceipts": [
    {
      "exampleUrl": "https://nipmod.com/compatibility/examples/git-source-provenance.json",
      "externalFormat": "git-source-provenance",
      "externalInputSha256": "38985e3efd3a4feb63425ea774061a8e0bbdfd61248dd67552a00533e2cc7692",
      "id": "receipt.git.dependency-risk-review",
      "label": "Git source",
      "package": "pkg:did:key:z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review",
      "packageDigest": "30e7f7594ad3c17276cac9f736db5c7915a614ae24afdd11a93ed61e48cb0f3d",
      "preservedFields": [
        "package",
        "version",
        "artifact.sha256",
        "source.repo",
        "source.commit",
        "source.tag"
      ],
      "provenanceLoss": [],
      "receiptUrl": "https://nipmod.com/compatibility/receipts.json#receipt.git.dependency-risk-review",
      "sourceCommit": "d763aee9761f18708d9b82cba65d92a056695862",
      "sourceRepo": "https://node.nipmod.com/z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review.git",
      "sourceTag": "v0.1.0",
      "type": "dev.nipmod.compatibility-receipt.v1",
      "unsupportedFields": [],
      "version": "0.1.0"
    }
  ],
  "description": "Review agent package dependencies, permissions and lockfiles for supply-chain risk.",
  "digest": "30e7f7594ad3c17276cac9f736db5c7915a614ae24afdd11a93ed61e48cb0f3d",
  "documentType": "dev.nipmod.package-version.v1",
  "formatVersion": 1,
  "name": "dependency-risk-review",
  "owner": "did:key:z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C",
  "permissionDetails": {
    "env": [],
    "filesystem": [],
    "mcpTools": [],
    "network": [],
    "secrets": []
  },
  "permissions": {
    "env": 0,
    "exec": false,
    "filesystem": 0,
    "mcpTools": 0,
    "network": 0,
    "postinstall": false,
    "secrets": 0
  },
  "proof": {
    "checkpointUrl": "/transparency/checkpoint.json",
    "eventHash": "759de3ebf2f8cf2a39052b4b33025c177f1c27b6f7af80b329a9e90569139b42",
    "leafHash": "f68c98c08ba443b5835d55e12a884f035fac68884fb2d1f7b77a84152eec7601",
    "leafIndex": 6,
    "leafUrl": "/transparency/leaves/f68c98c08ba443b5835d55e12a884f035fac68884fb2d1f7b77a84152eec7601.json",
    "proofUrl": "/transparency/proofs/f68c98c08ba443b5835d55e12a884f035fac68884fb2d1f7b77a84152eec7601.json",
    "rootHash": "3cc66da3292900a4ac482b2c301db5c6e0a00c2461847a29fec5275da7f631cf",
    "subject": "pkg:did:key:z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review@0.1.0",
    "treeSize": 32,
    "type": "dev.nipmod.registry.proof.v1",
    "witnesses": [
      "did:key:z6Mkv8WH5QeiZU1sJwGrCs8xe35AiH4gMfAy86zFMiEkewWJ"
    ],
    "witnessUrls": [
      "/transparency/witnesses/z6Mkv8WH5QeiZU1sJwGrCs8xe35AiH4gMfAy86zFMiEkewWJ.json"
    ]
  },
  "publisher": "did:key:z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C",
  "releasePath": "releases/0.1.0/release.json",
  "repo": "dependency-risk-review",
  "resolved": "https://node.nipmod.com/api/v1/repos/z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review/blob/releases/0.1.0/bundle.nipmod",
  "sourceCommit": "d763aee9761f18708d9b82cba65d92a056695862",
  "sourceRepo": "https://node.nipmod.com/z6Mkqm8Ub1wbA79siRozF1Q7j1DjixxFNAsHnSSfPaT2iA1C/dependency-risk-review.git",
  "sourceTag": "v0.1.0",
  "stars": 0,
  "trust": {
    "evidence": {
      "artifactDigestVerified": true,
      "bundleSignatureVerified": true,
      "immutableSnapshotMatched": true,
      "publisherMatchesCanonical": true,
      "releaseEventSigned": true,
      "sourceProvenanceVerified": true,
      "transparencyLogIncluded": true,
      "transparencyLogVerified": true
    },
    "level": "verified",
    "score": 100,
    "signals": [
      "Artifact digest verified",
      "Bundle signature verified",
      "Publisher matches canonical owner",
      "Version digest unchanged",
      "Release event signed",
      "Source tag verified",
      "Transparency proof published",
      "Witnessed checkpoint verified",
      "No manifest permissions"
    ],
    "warnings": []
  },
  "type": "skill",
  "updatedAt": "2026-05-16T10:08:53.491621872+00:00",
  "urls": {
    "dependencies": "/registry/packages/cGtnOmRpZDprZXk6ejZNa3FtOFViMXdiQTc5c2lSb3pGMVE3ajFEaml4eEZOQXNIblNTZlBhVDJpQTFDL2RlcGVuZGVuY3ktcmlzay1yZXZpZXc/dependencies.json",
    "package": "/registry/packages/cGtnOmRpZDprZXk6ejZNa3FtOFViMXdiQTc5c2lSb3pGMVE3ajFEaml4eEZOQXNIblNTZlBhVDJpQTFDL2RlcGVuZGVuY3ktcmlzay1yZXZpZXc.json",
    "provenance": "/registry/packages/cGtnOmRpZDprZXk6ejZNa3FtOFViMXdiQTc5c2lSb3pGMVE3ajFEaml4eEZOQXNIblNTZlBhVDJpQTFDL2RlcGVuZGVuY3ktcmlzay1yZXZpZXc/provenance.json",
    "version": "/registry/packages/cGtnOmRpZDprZXk6ejZNa3FtOFViMXdiQTc5c2lSb3pGMVE3ajFEaml4eEZOQXNIblNTZlBhVDJpQTFDL2RlcGVuZGVuY3ktcmlzay1yZXZpZXc/0.1.0.json"
  },
  "version": "0.1.0"
}