feat(vfox): add provenance metadata to lockfile for tool plugins

[malept]

Summary

• Wire PreInstallAttestation (returned by vfox tool plugin PreInstall hooks) through to PlatformInfo.provenance in mise.lock, covering both mise install and mise lock
• Brings vfox tool plugins to parity with aqua and github backends for supply-chain provenance tracking and downgrade-attack detection
• Does not apply to vfox backend plugins (they use backend_install, which has no PreInstall hook)

Details

• VerifiedAttestation enum in vfox crate: GithubAttestations, Slsa, Cosign — represents the highest-priority attestation that was successfully verified (GitHub > SLSA > Cosign)
• verify() return type changed from Result<()> to Result<Option<VerifiedAttestation>>; threaded through InstallResult so callers can inspect what was verified
• Provenance recording + enforcement in install_version_(): records ProvenanceType in lockfile after install, and raises a "downgrade attack" error on subsequent installs if the lockfile expected provenance that wasn't verified
• resolve_lock_info() override: calls new pre_install_provenance_for_platform() to populate provenance in the lockfile during mise lock. This trusts the plugin's declared attestation fields (e.g. github_owner/github_repo, slsa_provenance_path) to infer provenance type without running actual sigstore/cosign verification — consistent with how mise lock works for other backends (query plugin metadata, don't verify signatures). Actual verification only runs during mise install
• SLSA URL handling: uses url: None for vfox SLSA provenance (matching github/aqua backends) since the local filesystem path to the downloaded provenance file is ephemeral
• Crate boundary: VerifiedAttestation (attestation verification mechanics) lives in the vfox crate, while ProvenanceType (lockfile schema) lives in mise core. The verified_attestation_to_provenance() bridge in src/backend/vfox.rs maps between the two, keeping the vfox crate independent of mise's lockfile format
• Docs: updated vfox.md security bullet and mise-lock.md backend support matrix to note provenance support for aqua, github, vfox (tool plugins only), core:ruby (precompiled), core:zig (install-time)

Test plan

• 6 unit tests for PreInstallAttestation validation (GitHub owner/repo, cosign key/sig, SLSA min-level/provenance-path)
• Snapshot test for attestation plugin fixture
• Unit test for verified_attestation_to_provenance() conversion
• E2E test: mise lock writes URL for vfox tool, injected provenance triggers downgrade-attack error on mise install
• All existing tests pass (cargo test, vfox crate tests, lints)

🤖 Generated with the assistance of OpenCode (claude-sonnet-4.6).

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the supply-chain security of mise by integrating provenance metadata into the lockfile for vfox tool plugins. It enables mise to record and enforce attestation verification during installation, protecting users against potential downgrade attacks. This change brings vfox tool plugins in line with other secure backends, ensuring a more robust and trustworthy dependency management experience.

Highlights

• Provenance Metadata for vfox Tool Plugins: Integrated PreInstallAttestation data from vfox tool plugin PreInstall hooks into PlatformInfo.provenance within mise.lock, covering both mise install and mise lock operations.
• Supply-Chain Provenance Parity: Achieved parity with aqua and github backends for supply-chain provenance tracking and downgrade-attack detection for vfox tool plugins.
• New VerifiedAttestation Enum: Introduced a VerifiedAttestation enum in the vfox crate to represent the highest-priority attestation successfully verified (GitHub > SLSA > Cosign).
• Provenance Recording and Enforcement: Implemented provenance recording in the lockfile after installation and added enforcement to detect and prevent 'downgrade attacks' if expected provenance is not verified on subsequent installs.
• Lockfile Resolution for Provenance: Overrode resolve_lock_info() to populate provenance in the lockfile during mise lock by inferring attestation types from plugin-declared fields without actual sigstore verification, consistent with other backends.
• Documentation Updates: Updated vfox.md and mise-lock.md documentation to reflect the new provenance support for aqua, github, vfox (tool plugins only), core:ruby, and core:zig.

Changelog

• crates/vfox/plugins/attestation/hooks/pre_install.lua
  • Added a new Lua plugin hook for testing GitHub artifact attestation metadata.
• crates/vfox/plugins/attestation/metadata.lua
  • Added metadata for the new 'attestation' test plugin.
• crates/vfox/src/hooks/pre_install.rs
  • Added the VerifiedAttestation enum to represent different types of verified attestations.
  • Updated PreInstall tests to include new attestation validation scenarios.
• crates/vfox/src/hooks/snapshots/vfox__hooks__pre_install__tests__attestation_plugin.snap
  • Added a snapshot test for the attestation plugin's PreInstall hook output.
• crates/vfox/src/lib.rs
  • Exported VerifiedAttestation and InstallResult from the vfox crate.
• crates/vfox/src/vfox.rs
  • Modified InstallResult to include an optional verified_attestation field.
  • Updated the install method to capture and return VerifiedAttestation.
  • Introduced pre_install_provenance_for_platform to retrieve attestation information without full verification.
  • Changed the verify method's return type to Result<Option<VerifiedAttestation>> to indicate successful verification.
• docs/dev-tools/backends/vfox.md
  • Updated the security section to detail attestation verification support for vfox tool plugins, including GitHub artifact attestations, cosign, and SLSA provenance.
• docs/dev-tools/mise-lock.md
  • Updated the lockfile backend support matrix to include vfox tool plugins for full support and provenance support.
• e2e/lockfile/test_lockfile_vfox_provenance_slow
  • Added an end-to-end test to verify that mise lock writes URLs for vfox tools and that injected provenance triggers downgrade attack detection during mise install.
• src/backend/vfox.rs
  • Imported eyre and ProvenanceType for error handling and lockfile integration.
  • Modified the install_version_ method to handle lockfile provenance expectations and record verified attestations.
  • Implemented resolve_lock_info for the VfoxBackend to populate lockfile provenance based on pre_install_provenance_for_platform.
  • Added verified_attestation_to_provenance function to convert vfox attestations to lockfile provenance types.
• src/lockfile.rs
  • Added a comment to ProvenanceType enum, linking it to VerifiedAttestation in the vfox crate for synchronization.

Activity

• The pull request author, malept, provided a comprehensive summary and detailed explanation of the changes, including the motivation, implementation details, and a thorough test plan.
• The author utilized OpenCode (claude-sonnet-4.6) to assist in generating the pull request, indicating a modern development workflow.
• A detailed test plan was outlined, covering unit tests for PreInstallAttestation validation, a snapshot test, a conversion unit test, and an E2E test for lockfile provenance and downgrade attack detection, ensuring robust coverage.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces comprehensive support for attestation verification in vfox tool plugins, allowing mise to verify GitHub artifact attestations, SLSA provenance, and Cosign signatures. The changes include adding a new VerifiedAttestation enum to represent different verification types, updating the InstallResult to store the verified attestation, and modifying the verify function to return the highest-priority successful attestation. A new pre_install_provenance_for_platform function was added to retrieve attestation information without full installation. The vfox backend now integrates with mise's lockfile system to record and enforce provenance, preventing downgrade attacks by comparing expected lockfile provenance with actual verification results. New Lua plugin files and Rust tests were added to demonstrate and validate the attestation functionality, alongside updates to documentation reflecting the enhanced security features.

[greptile-apps]

Greptile Summary

This PR wires PreInstallAttestation (returned by vfox tool plugin PreInstall hooks) through to PlatformInfo.provenance in mise.lock, bringing vfox tool plugins to parity with aqua and github backends for supply-chain provenance tracking and downgrade-attack detection.

Key changes:

• VerifiedAttestation enum added to the vfox crate (GithubAttestations, Slsa, Cosign), representing the highest-priority attestation successfully verified. Exported via crates/vfox/src/lib.rs.
• verify() return type changed from Result<()> to Result<Option<VerifiedAttestation>> and threaded through InstallResult, enabling callers to inspect what was verified.
• Provenance recording + enforcement in install_version_(): records ProvenanceType in the in-memory tv.lock_platforms after install, and raises a downgrade-attack error if the lockfile expected provenance that the current install did not produce. Consistent with the existing aqua/ruby pattern.
• resolve_lock_info() override added to VfoxBackend: calls pre_install_provenance_for_platform() to populate url and provenance in the lockfile during mise lock without running actual sigstore/cosign verification — matching how other backends handle mise lock.
• to_vfox_platform() helper extracted from the duplicated OS/arch mapping in get_tarball_url and resolve_lock_info.
• Backend-plugin guard correctly added to resolve_lock_info() (backend plugins use backend_install and have no PreInstall hook).
• Documentation corrected to "Partial support (version + URL + provenance)" for vfox after earlier review feedback — accurate since checksum and size are not populated by mise lock.
• Tests: 7 unit tests for PreInstallAttestation validation, a snapshot test for the new attestation plugin fixture, a unit test for verified_attestation_to_provenance(), and a slow E2E test covering both mise lock URL output and downgrade-attack detection.

Confidence Score: 4/5

• This PR is safe to merge — the core provenance recording and downgrade-detection logic is correct, well-tested, and consistent with existing aqua/ruby patterns. The one known limitation (downgrade check fires after download, leaving the tool on disk on error) is pre-existing behavior shared across backends.
• Score reflects a well-structured feature addition with comprehensive unit tests, a snapshot test, and an E2E test. All previously raised issues were addressed or explicitly acknowledged with documented limitations. The only remaining items are a style note about a defensive comment on the take() pattern and a minor E2E test comment suggestion — neither is a correctness issue. The e2e test has two acknowledged inherent limitations (network dependency, awk fragility with multi-tool lockfiles) that are low risk for the current single-tool fixture.
• No files require special attention — the highest-risk logic (install_version_ downgrade check, resolve_lock_info backend-plugin guard, priority recording in verify) has all been reviewed and is correct.

Important Files Changed

Filename	Overview
src/backend/vfox.rs	Core change: adds provenance recording in install_version_() and a new resolve_lock_info() override for mise lock. The backend-plugin guard, to_vfox_platform helper extraction, and downgrade-check logic are all present. The locked_provenance.take() pattern (same as aqua/ruby) and the discriminant comparison are intentional design choices consistent with the rest of the codebase.
crates/vfox/src/vfox.rs	Adds pre_install_provenance_for_platform() for lock-time provenance inference, changes verify() to return Result<Option<VerifiedAttestation>>, and adds attestation_to_verified() private helper. Priority recording logic (GitHub > SLSA > Cosign) is correct; all-verifications-run-unconditionally behavior is acknowledged as pre-existing and cross-backend.
crates/vfox/src/hooks/pre_install.rs	Adds VerifiedAttestation enum and 7 new unit tests (symmetric GitHub owner/repo validation, cosign, SLSA). Doc comment clarifies intentional absence of Minisign. All validation paths are exercised.
e2e/lockfile/test_lockfile_vfox_provenance_slow	E2E test validates URL in lockfile and provenance downgrade detection. Two known limitations are documented in comments: the awk injection is fragile with multi-tool lockfiles, and the downgrade check fires after network download, making the test inherently network-dependent.
src/lockfile.rs	Minor doc addition only: cross-reference comment linking ProvenanceType to VerifiedAttestation in the vfox crate. No behavioral change.

Sequence Diagram

sequenceDiagram
    participant User
    participant MiseCore as mise core
    participant VfoxBackend as VfoxBackend
    participant VfoxCrate as vfox crate
    participant Plugin as Lua Plugin

    Note over User,Plugin: mise install (install_version_)
    User->>MiseCore: mise install
    MiseCore->>VfoxBackend: install_version_(ctx, tv)
    VfoxBackend->>VfoxBackend: extract locked_provenance from tv (take)
    VfoxBackend->>VfoxCrate: install(sdk, version, path)
    VfoxCrate->>Plugin: PreInstall(ctx)
    Plugin-->>VfoxCrate: PreInstall { url, attestation }
    VfoxCrate->>VfoxCrate: download(url)
    VfoxCrate->>VfoxCrate: verify(pre_install, file) → Option<VerifiedAttestation>
    VfoxCrate->>VfoxCrate: extract(file, install_dir)
    VfoxCrate-->>VfoxBackend: InstallResult { sha256, verified_attestation }
    VfoxBackend->>VfoxBackend: verified_attestation_to_provenance()
    VfoxBackend->>VfoxBackend: write provenance to tv.lock_platforms
    VfoxBackend->>VfoxBackend: compare got vs locked_provenance (discriminant check)
    alt Provenance mismatch
        VfoxBackend-->>MiseCore: Err("downgrade attack")
    else Match or no expectation
        VfoxBackend-->>MiseCore: Ok(tv with provenance)
    end

    Note over User,Plugin: mise lock (resolve_lock_info)
    User->>MiseCore: mise lock
    MiseCore->>VfoxBackend: resolve_lock_info(tv, target)
    VfoxBackend->>VfoxCrate: pre_install_provenance_for_platform(sdk, version, os, arch)
    VfoxCrate->>Plugin: PreInstallForPlatform(ctx)
    Plugin-->>VfoxCrate: PreInstall { url, attestation }
    VfoxCrate->>VfoxCrate: attestation_to_verified(attestation)
    VfoxCrate-->>VfoxBackend: (url, Option<VerifiedAttestation>)
    VfoxBackend->>VfoxBackend: verified_attestation_to_provenance()
    VfoxBackend-->>MiseCore: PlatformInfo { url, provenance }
    MiseCore-->>User: writes mise.lock

Loading

_{Last reviewed commit: 28a5456}

[greptile-apps]

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

[greptile-apps]

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.