Security & Supply Chain
Release Signing
Every release is signed at multiple levels, but not all signatures cover the same artifact boundary:
| Layer | Method | What it covers | Verification |
|---|---|---|---|
| CI release artifacts | Sigstore cosign (keyless, OIDC) | Published GitHub release archives consumed by downstream packaging | cosign verify-blob |
| Local macOS validation binary | Apple Developer ID (YubiKey) | Operator workstation build produced before publish | codesign -dvvv |
| Provenance | GitHub Attestations (SLSA) | CI build provenance for published release assets | gh attestation verify |
The manual YubiKey step signs the local validation binary. Homebrew and other package surfaces are derived from CI-built release assets, not from the locally signed binary.
Verify a Release
# Cosign (CI-signed releases)
cosign verify-blob omegon-*.tar.gz \
--signature omegon-*.tar.gz.sig \
--certificate omegon-*.tar.gz.pem \
--certificate-identity-regexp '.*' \
--certificate-oidc-issuer https://token.actions.githubusercontent.com
# GitHub Attestations
gh attestation verify omegon-*.tar.gz --repo styrene-lab/omegonSBOM
Every release includes a CycloneDX Software Bill of Materials (omegon-sbom.cdx.json)
listing all Rust crate dependencies with versions. The SBOM is itself signed with cosign.
Credential Storage
API keys and OAuth tokens are stored in the system keychain:
- macOS — Keychain Services (via
securityCLI) - Linux — Secret Service API (GNOME Keyring, KWallet)
- Fallback — Encrypted file in
~/.config/omegon/
OAuth tokens are refreshed automatically. JWT claims are extracted for account identity (used by the Codex client for account ID routing).
HashiCorp Vault Integration
/vault status # Check Vault connectivity
/vault login # Authenticate to Vault
/vault configure # Set Vault address and auth method
/vault init-policy # Create a least-privilege policy for omegonFor teams that manage secrets through Vault, Omegon can read credentials directly from Vault paths instead of environment variables or the local keychain.
Process Safety
- The agent executes tools directly — no sandbox. The operator is responsible for reviewing tool calls.
- All tool calls are logged in the conversation with full arguments and results.
EscorCtrl+Ccancels the active turn immediately.- Session auto-save means you can always audit what happened.
- The
--max-turnsflag limits how many turns the agent can take before stopping.
License
Omegon is licensed under the Business Source License 1.1. The BSL converts to MIT on 2031-03-19. Non-production use is permitted; production use requires a separate license from Black Meridian, LLC (until the change date).