Add ATTESTORIUM v0.0.0

Initial release: deterministic attestation utility.

Author: midiakiasat

ATTESTORIUM.log

@@ -0,0 +1,19 @@
+# ATTESTORIUM LOG
+# Immutable attestation ledger
+# This file contains records, not code.
+# Entries are append-only by convention.
+# Deletion invalidates historical continuity.
+
+# Format:
+# ---
+# ATTESTATION
+# time:    <UTC ISO-8601>
+# repo:    <path>
+# commit:  <hash>
+# tree:    <hash>
+# digest:  <sha256>
+#
+# stdin:
+# <observed input>
+# ---
+

LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2026 ATTESTORIUM
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

README.md

@@ -0,0 +1,161 @@
+# ATTESTORIUM
+
+ATTESTORIUM is a deterministic witness.
+
+It does not decide.
+It does not execute.
+It does not intervene.
+
+It records **what exists**, exactly as it exists, at the moment it is observed.
+
+---
+
+## Philosophy
+
+ATTESTORIUM exists to preserve truth under pressure.
+
+It is designed for moments where:
+
+* Output must be witnessed, not evaluated
+* State must be frozen without alteration
+* Accountability depends on *what was*, not *what was claimed*
+
+ATTESTORIUM does not improve reality.
+It prevents reality from being rewritten.
+
+---
+
+## What It Is
+
+ATTESTORIUM is an **attestation primitive**.
+
+It binds:
+
+* Observed input (stdin)
+* Repository state
+* Time
+
+Into a single, immutable record.
+
+The result is evidence.
+
+---
+
+## What It Is Not
+
+* Not a validator
+* Not a linter
+* Not a judge
+* Not a fixer
+* Not an executor
+
+Anything that changes state is out of scope.
+
+---
+
+## Behavior
+
+* Consumes input **exclusively** via `stdin`
+* Refuses silent invocation
+* Captures repository metadata:
+
+  * HEAD commit
+  * tree hash
+  * dirty state
+* Generates a deterministic SHA-256 attestation
+* Emits a single, final attestation record
+
+No retries.
+No flags.
+No configuration.
+
+---
+
+## Output
+
+ATTESTORIUM emits a structured attestation containing:
+
+* Timestamp (UTC)
+* Git commit hash (or `UNCOMMITTED`)
+* Tree hash
+* Working tree state (`CLEAN` / `DIRTY`)
+* Input hash
+* Attestation hash
+
+This output is the artifact.
+
+---
+
+## Usage
+
+ATTESTORIUM is never run alone.
+It must witness output.
+
+```sh
+<command-producing-output> | ./attestorium.sh
+```
+
+### Example
+
+```sh
+echo "build artifact v1" | ./attestorium.sh
+```
+
+Produces an immutable attestation tying:
+
+* the text
+* the repository state
+* the moment of observation
+
+---
+
+## Contract
+
+Once emitted:
+
+* The attestation stands
+* Interpretation is external
+* Responsibility transfers to the observer
+
+ATTESTORIUM guarantees **record**, not **meaning**.
+
+If you want judgment, use something else.
+
+---
+
+## Design Constraints
+
+These constraints are intentional:
+
+* No configuration → no ambiguity
+* No execution → no side effects
+* No retries → no narrative drift
+
+Truth is narrow by design.
+
+---
+
+## Relationship to Other Artifacts
+
+* **IRREVOCULL** — decides
+* **GUILLOTINE** — destroys
+* **ATTESTORIUM** — witnesses
+
+Each performs exactly one irreversible role.
+
+---
+
+## Warning
+
+An attestation can be used against you.
+
+That is the point.
+
+---
+
+## About
+
+ATTESTORIUM is a minimal, irreversible witness for software reality.
+
+If you need flexibility, do not use it.
+If you need truth, nothing else will do.

attestorium.sh

@@ -0,0 +1,69 @@
+#!/bin/sh
+# ATTESTORIUM v0.0.0
+# Deterministic attestation utility
+# Witness only. No execution. No mutation. No remediation.
+
+set -euf
+
+# --- Preconditions ---------------------------------------------------------
+
+# Must be inside a git repository
+git rev-parse --is-inside-work-tree >/dev/null 2>&1 || {
+  echo "ATTESTORIUM: not a git repository" >&2
+  exit 2
+}
+
+# --- Input Capture ----------------------------------------------------------
+
+# Read stdin verbatim (stream-safe)
+INPUT="$(cat || true)"
+
+# Silence is invalid
+[ -z "$INPUT" ] && {
+  echo "ATTESTORIUM: INVALID";
+  exit 1
+}
+
+# --- Attestation Context ----------------------------------------------------
+
+# Immutable context snapshot
+REPO_ROOT="$(git rev-parse --show-toplevel)"
+HEAD_COMMIT="$(git rev-parse HEAD)"
+HEAD_TREE="$(git rev-parse HEAD^{tree})"
+TIMESTAMP="$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
+
+# Working tree status (null-delimited, deterministic ordering)
+STATUS="$(git status --porcelain=v1 -z | LC_ALL=C sort -z || true)"
+
+# --- Deterministic Digest ---------------------------------------------------
+
+# Canonical attestation material
+ATTESTATION_PAYLOAD=$(printf '%s\n%s\n%s\n%s\n%s' \
+  "$TIMESTAMP" \
+  "$HEAD_COMMIT" \
+  "$HEAD_TREE" \
+  "$STATUS" \
+  "$INPUT"
+)
+
+# Cryptographic digest (portable)
+DIGEST="$(printf '%s' "$ATTESTATION_PAYLOAD" | shasum -a 256 | awk '{print $1}')"
+
+# --- Output ----------------------------------------------------------------
+
+# Emit attestation record (machine-first, human-readable)
+cat <<EOF
+ATTESTATION
+----------
+repo:      $REPO_ROOT
+commit:    $HEAD_COMMIT
+tree:      $HEAD_TREE
+time:      $TIMESTAMP
+digest:    $DIGEST
+
+stdin:
+$INPUT
+EOF
+
+# Exit success: attestation completed
+exit 0