@ellistevo/openclaw-secure 1.0.0 → 1.1.0

package/README.md

@@ -106,8 +106,86 @@ openclaw-secure audit
 | `sign` | Sign manifest with your key |
 | `verify` | Verify manifest signature |
 | `audit` | Calculate trust score |
+| `attest` | Add an auditor attestation (vouch for a skill) |
+| `isnad` | Show the chain of trust (author → auditors) |
 | `show-key` | Display your public key |
 
+## Attestation Chains (Isnad) 🆕
+
+Signing proves WHO wrote a skill. Attestations prove WHO REVIEWED it.
+
+An **isnad** (from Arabic: سند, "chain of transmission") is a chain of trust showing:
+1. Who authored the skill
+2. Who audited/reviewed it
+3. Who vouches for it
+
+### Add an attestation (as an auditor)
+
+```bash
+# Review the skill, then attest it
+openclaw-secure attest --name "YourAuditorName" --type security_audit --notes "Reviewed code, no malicious patterns"
+```
+
+### View the chain of trust
+
+```bash
+openclaw-secure isnad --verify
+# 📜 Chain of Trust (Isnad):
+#    Provenance chain for this skill
+#
+#    ├── AUTHOR: SkillAuthor ✓ verified
+#    │   Key: abc123...
+#    │   Time: 2026-02-05T...
+#
+#    └── AUDITOR: SecurityExpert ✓ verified
+#        Key: def456...
+#        Time: 2026-02-06T...
+#        Type: security_audit
+#        Notes: Reviewed code, no malicious patterns
+```
+
+### Trust scoring with attestations
+
+Attestations **reduce risk scores**:
+
+| Attestation Type | Score Bonus |
+|------------------|-------------|
+| `security_audit` | -20 points |
+| `code_review` | -15 points |
+| `endorsement` | -10 points |
+| From trusted auditor | -10 extra |
+
+A skill with Grade C (45 points) + one security audit = Grade B (25 points).
+
+### Programmatic attestation
+
+```javascript
+const {
+  createAttestation,
+  addAttestation,
+  verifyAttestation,
+  verifyAllAttestations,
+  getIsnad
+} = require('openclaw-secure');
+
+// Create attestation
+const attestation = createAttestation(signedManifest, auditorSecretKey, 'AuditorName', {
+  type: 'security_audit',
+  notes: 'Reviewed and approved'
+});
+
+// Add to manifest
+const attested = addAttestation(signedManifest, attestation);
+
+// Verify
+const result = verifyAttestation(attestation, attested);
+console.log(result.valid, result.auditor);
+
+// View chain
+const chain = getIsnad(attested);
+chain.forEach(link => console.log(link.role, link.identity));
+```
+
 ## Trust Grades
 
 | Grade | Score | Meaning |
@@ -213,7 +291,8 @@ This doesn't sandbox execution (that's OpenClaw's job), but it enables:
 
 PRs welcome! Areas we need help:
 - [ ] Integration with OpenClaw core
-- [ ] Trusted key registry
+- [x] Attestation chains (isnad) ✅ v1.1.0
+- [ ] Trusted key registry (public key lookup service)
 - [ ] Automated auditing tools
 - [ ] Better sandbox enforcement
 

package/bin/cli.js

@@ -22,7 +22,13 @@ const {
   formatTrustScore,
   getKeyFingerprint,
   defaultPermissions,
-  defaultResources
+  defaultResources,
+  // Attestation chain functions
+  createAttestation,
+  addAttestation,
+  verifyAttestation,
+  verifyAllAttestations,
+  getIsnad
 } = require('../src');
 
 const program = new Command();
@@ -396,4 +402,178 @@ program
     console.log('\n' + colorize('Share this key so others can verify your signatures.', 'gray'));
   });
 
+// === ATTEST COMMAND ===
+program
+  .command('attest')
+  .description('Add an attestation (vouch for a skill as an auditor)')
+  .argument('[path]', 'Path to skill.yaml', 'skill.yaml')
+  .option('-k, --key <path>', 'Path to your secret key')
+  .option('-n, --name <name>', 'Your auditor name')
+  .option('-t, --type <type>', 'Attestation type (security_audit, code_review, endorsement)', 'endorsement')
+  .option('--notes <notes>', 'Optional notes about your review')
+  .action((manifestPath, options) => {
+    if (!fs.existsSync(manifestPath)) {
+      error(`File not found: ${manifestPath}`);
+      process.exit(1);
+    }
+    
+    // Find secret key
+    let secretKeyPath = options.key;
+    if (!secretKeyPath) {
+      const defaultKeyDir = path.join(process.env.HOME || process.env.USERPROFILE, '.openclaw-secure');
+      secretKeyPath = path.join(defaultKeyDir, 'default.key');
+    }
+    
+    if (!fs.existsSync(secretKeyPath)) {
+      error(`Secret key not found: ${secretKeyPath}`);
+      error('Run: openclaw-secure keygen');
+      process.exit(1);
+    }
+    
+    try {
+      // Read manifest
+      const content = fs.readFileSync(manifestPath, 'utf8');
+      const manifest = yaml.parse(content);
+      
+      // Must be signed first
+      if (!isSigned(manifest)) {
+        error('Cannot attest unsigned manifest');
+        error('The skill author must sign it first with: openclaw-secure sign');
+        process.exit(1);
+      }
+      
+      // Verify current signature
+      const verifyResult = verifyManifest(manifest);
+      if (!verifyResult.valid) {
+        error(`Manifest signature is invalid: ${verifyResult.error}`);
+        error('Cannot attest a tampered manifest');
+        process.exit(1);
+      }
+      
+      // Read secret key
+      const secretKey = fs.readFileSync(secretKeyPath, 'utf8').trim();
+      
+      // Determine auditor name
+      const auditorName = options.name || process.env.USER || 'anonymous-auditor';
+      
+      // Create attestation
+      const attestation = createAttestation(manifest, secretKey, auditorName, {
+        type: options.type,
+        notes: options.notes
+      });
+      
+      // Add attestation to manifest
+      const attestedManifest = addAttestation(manifest, attestation);
+      
+      // Write back
+      const yamlContent = yaml.stringify(attestedManifest);
+      fs.writeFileSync(manifestPath, yamlContent);
+      
+      const attestationCount = attestedManifest.attestations.length;
+      
+      success(`Added attestation as "${auditorName}" (${options.type})`);
+      info(`Total attestations: ${attestationCount}`);
+      if (options.notes) {
+        info(`Notes: ${options.notes}`);
+      }
+      
+    } catch (err) {
+      error(`Attestation failed: ${err.message}`);
+      process.exit(1);
+    }
+  });
+
+// === ISNAD (CHAIN OF TRUST) COMMAND ===
+program
+  .command('isnad')
+  .description('Show the chain of trust (author → auditors)')
+  .argument('[path]', 'Path to skill.yaml', 'skill.yaml')
+  .option('-v, --verify', 'Verify all signatures in the chain')
+  .action((manifestPath, options) => {
+    if (!fs.existsSync(manifestPath)) {
+      error(`File not found: ${manifestPath}`);
+      process.exit(1);
+    }
+    
+    try {
+      const content = fs.readFileSync(manifestPath, 'utf8');
+      const manifest = yaml.parse(content);
+      
+      // Get the isnad (chain)
+      const chain = getIsnad(manifest);
+      
+      if (chain.length === 0) {
+        warn('No chain of trust found (manifest is unsigned)');
+        process.exit(0);
+      }
+      
+      console.log('\n' + colorize('📜 Chain of Trust (Isnad):', 'bold'));
+      console.log(colorize('   Provenance chain for this skill\n', 'gray'));
+      
+      // Verify if requested
+      let authorVerified = false;
+      let attestationsVerified = [];
+      
+      if (options.verify) {
+        // Verify author signature
+        if (manifest.signature) {
+          const authorResult = verifyManifest(manifest);
+          authorVerified = authorResult.valid;
+        }
+        
+        // Verify attestations
+        if (manifest.attestations && manifest.attestations.length > 0) {
+          const attestResult = verifyAllAttestations(manifest);
+          attestationsVerified = attestResult.attestations;
+        }
+      }
+      
+      // Display chain
+      chain.forEach((link, index) => {
+        const isLast = index === chain.length - 1;
+        const prefix = isLast ? '└──' : '├──';
+        const indent = isLast ? '   ' : '│  ';
+        
+        let status = '';
+        if (options.verify) {
+          if (link.role === 'author') {
+            status = authorVerified ? colorize(' ✓ verified', 'green') : colorize(' ✗ invalid', 'red');
+          } else {
+            const verified = attestationsVerified.find(a => a.auditor === link.identity);
+            status = verified ? colorize(' ✓ verified', 'green') : colorize(' ✗ invalid', 'red');
+          }
+        }
+        
+        const roleColor = link.role === 'author' ? 'cyan' : 'yellow';
+        console.log(`   ${prefix} ${colorize(link.role.toUpperCase(), roleColor)}: ${link.identity}${status}`);
+        console.log(`   ${indent}  Key: ${link.public_key.substring(0, 16)}...`);
+        console.log(`   ${indent}  Time: ${link.timestamp}`);
+        if (link.type) {
+          console.log(`   ${indent}  Type: ${link.type}`);
+        }
+        if (link.notes) {
+          console.log(`   ${indent}  Notes: ${link.notes}`);
+        }
+        console.log();
+      });
+      
+      // Summary
+      const authors = chain.filter(l => l.role === 'author').length;
+      const auditors = chain.filter(l => l.role === 'auditor').length;
+      
+      console.log(colorize('   Summary:', 'bold'));
+      console.log(`   ${authors} author(s), ${auditors} auditor(s)`);
+      
+      if (auditors > 0) {
+        info('This skill has been reviewed by third-party auditors');
+      } else {
+        warn('No third-party auditors have vouched for this skill');
+      }
+      
+    } catch (err) {
+      error(`Failed to show isnad: ${err.message}`);
+      process.exit(1);
+    }
+  });
+
 program.parse();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ellistevo/openclaw-secure",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "Security toolkit for OpenClaw skills - signing, manifests, and verification",
   "main": "src/index.js",
   "bin": {

package/src/index.js

@@ -15,7 +15,13 @@ const {
   verifyManifest, 
   isSigned,
   getSignableContent,
-  getKeyFingerprint
+  getKeyFingerprint,
+  // Attestation chain (isnad) functions
+  createAttestation,
+  addAttestation,
+  verifyAttestation,
+  verifyAllAttestations,
+  getIsnad
 } = require('./signing');
 const { 
   calculateTrustScore, 
@@ -47,6 +53,13 @@ module.exports = {
   getSignableContent,
   getKeyFingerprint,
   
+  // Attestation chains (isnad)
+  createAttestation,
+  addAttestation,
+  verifyAttestation,
+  verifyAllAttestations,
+  getIsnad,
+  
   // Trust scoring
   calculateTrustScore,
   scoreToGrade,

package/src/signing.js

@@ -182,6 +182,196 @@ function getKeyFingerprint(publicKeyBase64) {
   return hash.substring(0, 16);
 }
 
+// ============================================================================
+// ATTESTATION CHAINS (ISNAD)
+// Allows auditors to vouch for skills, creating a chain of trust
+// ============================================================================
+
+/**
+ * Create an attestation for a signed manifest
+ * An attestation is a signature over: content_hash + author_signature
+ * This creates a chain: content → author → auditor(s)
+ * 
+ * @param {Object} manifest - The signed manifest to attest
+ * @param {string} auditorSecretKey - Base64-encoded auditor secret key
+ * @param {string} auditorName - Name/identity of the auditor
+ * @param {Object} options - Additional attestation options
+ * @param {string} [options.type] - Attestation type (security_audit, code_review, endorsement)
+ * @param {string} [options.notes] - Optional notes about the review
+ * @returns {Object} - The attestation object to add to manifest.attestations[]
+ */
+function createAttestation(manifest, auditorSecretKey, auditorName, options = {}) {
+  // Manifest must be signed first
+  if (!manifest.signature || !manifest.signature.signature) {
+    throw new Error('Cannot attest unsigned manifest - sign it first');
+  }
+  
+  // Create the attestation message: content_hash + author_signature
+  // This proves the auditor saw this exact content signed by this exact author
+  const attestationMessage = `${manifest.signature.content_hash}|${manifest.signature.signature}`;
+  const messageBytes = naclUtil.decodeUTF8(attestationMessage);
+  
+  // Decode auditor's secret key
+  const secretKey = naclUtil.decodeBase64(auditorSecretKey);
+  const publicKey = secretKey.slice(32);
+  
+  // Sign the attestation
+  const signatureBytes = nacl.sign.detached(messageBytes, secretKey);
+  
+  return {
+    type: options.type || 'endorsement',
+    auditor: auditorName,
+    auditor_public_key: naclUtil.encodeBase64(publicKey),
+    attestation: naclUtil.encodeBase64(signatureBytes),
+    attested_at: new Date().toISOString(),
+    notes: options.notes || null,
+    // Include what was attested for verification
+    attested_content_hash: manifest.signature.content_hash,
+    attested_author_signature: manifest.signature.signature
+  };
+}
+
+/**
+ * Add an attestation to a manifest
+ * @param {Object} manifest - The manifest to add attestation to
+ * @param {Object} attestation - The attestation from createAttestation()
+ * @returns {Object} - Manifest with attestation added
+ */
+function addAttestation(manifest, attestation) {
+  const attestations = manifest.attestations || [];
+  
+  // Check for duplicate attestations from same auditor
+  const existingAuditor = attestations.find(a => 
+    a.auditor_public_key === attestation.auditor_public_key
+  );
+  if (existingAuditor) {
+    throw new Error(`Attestation from this auditor already exists (${attestation.auditor})`);
+  }
+  
+  return {
+    ...manifest,
+    attestations: [...attestations, attestation]
+  };
+}
+
+/**
+ * Verify an attestation
+ * @param {Object} attestation - The attestation to verify
+ * @param {Object} manifest - The manifest it attests
+ * @returns {Object} - { valid: boolean, error?: string, auditor?: string }
+ */
+function verifyAttestation(attestation, manifest) {
+  // Check manifest is signed
+  if (!manifest.signature || !manifest.signature.signature) {
+    return { valid: false, error: 'Manifest is not signed' };
+  }
+  
+  // Check attestation matches current manifest
+  if (attestation.attested_content_hash !== manifest.signature.content_hash) {
+    return { 
+      valid: false, 
+      error: 'Attestation is for different content version',
+      attestedHash: attestation.attested_content_hash,
+      currentHash: manifest.signature.content_hash
+    };
+  }
+  
+  if (attestation.attested_author_signature !== manifest.signature.signature) {
+    return {
+      valid: false,
+      error: 'Attestation is for different author signature'
+    };
+  }
+  
+  try {
+    // Recreate the attestation message
+    const attestationMessage = `${attestation.attested_content_hash}|${attestation.attested_author_signature}`;
+    const messageBytes = naclUtil.decodeUTF8(attestationMessage);
+    
+    // Decode auditor's public key and signature
+    const publicKey = naclUtil.decodeBase64(attestation.auditor_public_key);
+    const signatureBytes = naclUtil.decodeBase64(attestation.attestation);
+    
+    // Verify
+    const valid = nacl.sign.detached.verify(messageBytes, signatureBytes, publicKey);
+    
+    if (valid) {
+      return {
+        valid: true,
+        auditor: attestation.auditor,
+        type: attestation.type,
+        attested_at: attestation.attested_at,
+        notes: attestation.notes
+      };
+    } else {
+      return { valid: false, error: 'Attestation signature verification failed' };
+    }
+  } catch (err) {
+    return { valid: false, error: `Attestation verification error: ${err.message}` };
+  }
+}
+
+/**
+ * Verify all attestations on a manifest
+ * @param {Object} manifest - The manifest with attestations
+ * @returns {Object} - { valid: boolean, attestations: Array, errors: Array }
+ */
+function verifyAllAttestations(manifest) {
+  const attestations = manifest.attestations || [];
+  
+  if (attestations.length === 0) {
+    return { valid: true, attestations: [], errors: [], count: 0 };
+  }
+  
+  const results = attestations.map((att, i) => ({
+    index: i,
+    ...verifyAttestation(att, manifest)
+  }));
+  
+  const valid = results.filter(r => r.valid);
+  const invalid = results.filter(r => !r.valid);
+  
+  return {
+    valid: invalid.length === 0,
+    attestations: valid,
+    errors: invalid,
+    count: valid.length
+  };
+}
+
+/**
+ * Get the isnad (chain of transmission) for a manifest
+ * Returns the provenance chain: author → auditor(s)
+ */
+function getIsnad(manifest) {
+  const chain = [];
+  
+  // First link: author
+  if (manifest.signature) {
+    chain.push({
+      role: 'author',
+      identity: manifest.signature.signer,
+      public_key: manifest.signature.public_key,
+      timestamp: manifest.signature.signed_at
+    });
+  }
+  
+  // Subsequent links: auditors
+  const attestations = manifest.attestations || [];
+  for (const att of attestations) {
+    chain.push({
+      role: 'auditor',
+      identity: att.auditor,
+      public_key: att.auditor_public_key,
+      timestamp: att.attested_at,
+      type: att.type,
+      notes: att.notes
+    });
+  }
+  
+  return chain;
+}
+
 module.exports = {
   generateKeyPair,
   computeHash,
@@ -189,5 +379,11 @@ module.exports = {
   verifyManifest,
   isSigned,
   getSignableContent,
-  getKeyFingerprint
+  getKeyFingerprint,
+  // Attestation chain (isnad) functions
+  createAttestation,
+  addAttestation,
+  verifyAttestation,
+  verifyAllAttestations,
+  getIsnad
 };

package/src/trust.js

@@ -38,6 +38,23 @@ const RISK_WEIGHTS = {
   unverified: 30             // Signature present but not verified
 };
 
+/**
+ * Attestation bonuses (reduce risk score)
+ * More attestations from trusted auditors = lower risk
+ */
+const ATTESTATION_BONUSES = {
+  // Per valid attestation
+  security_audit: -20,       // Security audit (highest trust reduction)
+  code_review: -15,          // Code review
+  endorsement: -10,          // General endorsement
+  
+  // Caps (can't go below 0 from attestations)
+  max_bonus: -50,            // Maximum total attestation bonus
+  
+  // Trusted auditor bonus (if public key matches known auditors)
+  trusted_auditor: -10       // Additional bonus for known auditors
+};
+
 /**
  * Sensitive credential patterns
  */
@@ -54,7 +71,7 @@ const SENSITIVE_CREDENTIAL_PATTERNS = [
 /**
  * Calculate risk score for a manifest
  * @param {Object} manifest - The manifest to score
- * @param {Object} options - { signed: boolean, verified: boolean }
+ * @param {Object} options - { signed: boolean, verified: boolean, attestationsVerified: array, trustedAuditors: array }
  * @returns {Object} - { score: number, grade: string, breakdown: object }
  */
 function calculateTrustScore(manifest, options = {}) {
@@ -64,7 +81,8 @@ function calculateTrustScore(manifest, options = {}) {
     shell: 0,
     credentials: 0,
     capabilities: 0,
-    signature: 0
+    signature: 0,
+    attestations: 0  // Bonus (negative number)
   };
   
   const permissions = manifest.permissions || {};
@@ -140,8 +158,31 @@ function calculateTrustScore(manifest, options = {}) {
     breakdown.signature += RISK_WEIGHTS.unverified;
   }
   
-  // Calculate total
-  const totalScore = Object.values(breakdown).reduce((a, b) => a + b, 0);
+  // === ATTESTATIONS (BONUS - reduces score) ===
+  const attestations = manifest.attestations || [];
+  const verifiedAttestations = options.attestationsVerified || [];
+  const trustedAuditors = options.trustedAuditors || [];
+  
+  verifiedAttestations.forEach(att => {
+    // Get bonus based on attestation type
+    const type = att.type || 'endorsement';
+    const typeBonus = ATTESTATION_BONUSES[type] || ATTESTATION_BONUSES.endorsement;
+    breakdown.attestations += typeBonus;
+    
+    // Extra bonus if auditor is in trusted list
+    if (trustedAuditors.includes(att.auditor) || 
+        trustedAuditors.includes(att.auditor_public_key)) {
+      breakdown.attestations += ATTESTATION_BONUSES.trusted_auditor;
+    }
+  });
+  
+  // Cap attestation bonus
+  if (breakdown.attestations < ATTESTATION_BONUSES.max_bonus) {
+    breakdown.attestations = ATTESTATION_BONUSES.max_bonus;
+  }
+  
+  // Calculate total (attestations is negative, so it reduces score)
+  const totalScore = Math.max(0, Object.values(breakdown).reduce((a, b) => a + b, 0));
   
   // Determine grade
   const grade = scoreToGrade(totalScore);
@@ -150,7 +191,8 @@ function calculateTrustScore(manifest, options = {}) {
     score: totalScore,
     grade,
     breakdown,
-    summary: generateSummary(breakdown, grade)
+    attestationCount: verifiedAttestations.length,
+    summary: generateSummary(breakdown, grade, verifiedAttestations.length)
   };
 }
 
@@ -196,7 +238,7 @@ function gradeEmoji(grade) {
 /**
  * Generate human-readable summary
  */
-function generateSummary(breakdown, grade) {
+function generateSummary(breakdown, grade, attestationCount = 0) {
   const concerns = [];
   
   if (breakdown.shell > 0) {
@@ -218,6 +260,11 @@ function generateSummary(breakdown, grade) {
     concerns.push('⚠️  Missing or unverified signature');
   }
   
+  // Positive notes
+  if (breakdown.attestations < 0) {
+    concerns.push(`✅ ${attestationCount} verified attestation(s) (${breakdown.attestations} pts)`);
+  }
+  
   if (concerns.length === 0) {
     concerns.push('✅ Minimal permissions requested');
   }
@@ -246,7 +293,7 @@ function getGradeDescription(grade) {
  * Format trust score for display
  */
 function formatTrustScore(result) {
-  const { score, grade, breakdown, summary } = result;
+  const { score, grade, breakdown, summary, attestationCount } = result;
   
   let output = `\n${gradeEmoji(grade)} Trust Score: ${grade} (${score} points)\n`;
   output += `   ${summary.grade_description}\n\n`;
@@ -257,7 +304,11 @@ function formatTrustScore(result) {
   output += `   - Shell:        ${breakdown.shell} pts\n`;
   output += `   - Credentials:  ${breakdown.credentials} pts\n`;
   output += `   - Capabilities: ${breakdown.capabilities} pts\n`;
-  output += `   - Signature:    ${breakdown.signature} pts\n\n`;
+  output += `   - Signature:    ${breakdown.signature} pts\n`;
+  if (breakdown.attestations !== 0) {
+    output += `   - Attestations: ${breakdown.attestations} pts (${attestationCount || 0} verified)\n`;
+  }
+  output += '\n';
   
   if (summary.concerns.length > 0) {
     output += `   Notes:\n`;
@@ -275,5 +326,6 @@ module.exports = {
   gradeColor,
   gradeEmoji,
   formatTrustScore,
-  RISK_WEIGHTS
+  RISK_WEIGHTS,
+  ATTESTATION_BONUSES
 };

package/test/all.test.js

@@ -526,4 +526,351 @@ describe('Integration: Full Workflow', () => {
   });
 });
 
+// === ATTESTATION TESTS ===
+
+const {
+  createAttestation,
+  addAttestation,
+  verifyAttestation,
+  verifyAllAttestations,
+  getIsnad
+} = require('../src');
+
+describe('Attestation: Create Attestation', () => {
+  
+  it('should create attestation for signed manifest', () => {
+    const keyPair = generateKeyPair();
+    const auditorKeyPair = generateKeyPair();
+    
+    const manifest = {
+      name: 'test-skill',
+      version: '1.0.0',
+      author: { name: 'Author' },
+      permissions: {}
+    };
+    
+    const validation = validateManifest(manifest);
+    const signed = signManifest(validation.manifest, keyPair.secretKey, 'Author');
+    
+    const attestation = createAttestation(signed, auditorKeyPair.secretKey, 'Auditor', {
+      type: 'security_audit',
+      notes: 'Reviewed and approved'
+    });
+    
+    assert.strictEqual(attestation.auditor, 'Auditor');
+    assert.strictEqual(attestation.type, 'security_audit');
+    assert.strictEqual(attestation.notes, 'Reviewed and approved');
+    assert.ok(attestation.attestation);
+    assert.ok(attestation.attested_at);
+  });
+  
+  it('should throw when attesting unsigned manifest', () => {
+    const auditorKeyPair = generateKeyPair();
+    
+    const manifest = {
+      name: 'unsigned-skill',
+      version: '1.0.0',
+      author: { name: 'Author' },
+      permissions: {}
+    };
+    
+    assert.throws(() => {
+      createAttestation(manifest, auditorKeyPair.secretKey, 'Auditor');
+    }, /Cannot attest unsigned manifest/);
+  });
+});
+
+describe('Attestation: Add Attestation', () => {
+  
+  it('should add attestation to manifest', () => {
+    const keyPair = generateKeyPair();
+    const auditorKeyPair = generateKeyPair();
+    
+    const manifest = {
+      name: 'test-skill',
+      version: '1.0.0',
+      author: { name: 'Author' },
+      permissions: {}
+    };
+    
+    const validation = validateManifest(manifest);
+    const signed = signManifest(validation.manifest, keyPair.secretKey, 'Author');
+    
+    const attestation = createAttestation(signed, auditorKeyPair.secretKey, 'Auditor');
+    const attested = addAttestation(signed, attestation);
+    
+    assert.ok(attested.attestations);
+    assert.strictEqual(attested.attestations.length, 1);
+    assert.strictEqual(attested.attestations[0].auditor, 'Auditor');
+  });
+  
+  it('should prevent duplicate attestations from same auditor', () => {
+    const keyPair = generateKeyPair();
+    const auditorKeyPair = generateKeyPair();
+    
+    const manifest = {
+      name: 'test-skill',
+      version: '1.0.0',
+      author: { name: 'Author' },
+      permissions: {}
+    };
+    
+    const validation = validateManifest(manifest);
+    const signed = signManifest(validation.manifest, keyPair.secretKey, 'Author');
+    
+    const attestation1 = createAttestation(signed, auditorKeyPair.secretKey, 'Auditor');
+    const attested = addAttestation(signed, attestation1);
+    
+    const attestation2 = createAttestation(attested, auditorKeyPair.secretKey, 'Auditor');
+    
+    assert.throws(() => {
+      addAttestation(attested, attestation2);
+    }, /already exists/);
+  });
+  
+  it('should allow multiple attestations from different auditors', () => {
+    const keyPair = generateKeyPair();
+    const auditor1KeyPair = generateKeyPair();
+    const auditor2KeyPair = generateKeyPair();
+    
+    const manifest = {
+      name: 'test-skill',
+      version: '1.0.0',
+      author: { name: 'Author' },
+      permissions: {}
+    };
+    
+    const validation = validateManifest(manifest);
+    const signed = signManifest(validation.manifest, keyPair.secretKey, 'Author');
+    
+    const attestation1 = createAttestation(signed, auditor1KeyPair.secretKey, 'Auditor1');
+    let attested = addAttestation(signed, attestation1);
+    
+    const attestation2 = createAttestation(attested, auditor2KeyPair.secretKey, 'Auditor2');
+    attested = addAttestation(attested, attestation2);
+    
+    assert.strictEqual(attested.attestations.length, 2);
+  });
+});
+
+describe('Attestation: Verify Attestation', () => {
+  
+  it('should verify valid attestation', () => {
+    const keyPair = generateKeyPair();
+    const auditorKeyPair = generateKeyPair();
+    
+    const manifest = {
+      name: 'test-skill',
+      version: '1.0.0',
+      author: { name: 'Author' },
+      permissions: {}
+    };
+    
+    const validation = validateManifest(manifest);
+    const signed = signManifest(validation.manifest, keyPair.secretKey, 'Author');
+    const attestation = createAttestation(signed, auditorKeyPair.secretKey, 'Auditor', {
+      type: 'security_audit'
+    });
+    
+    const result = verifyAttestation(attestation, signed);
+    assert.strictEqual(result.valid, true);
+    assert.strictEqual(result.auditor, 'Auditor');
+    assert.strictEqual(result.type, 'security_audit');
+  });
+  
+  it('should reject attestation for modified manifest', () => {
+    const keyPair = generateKeyPair();
+    const auditorKeyPair = generateKeyPair();
+    
+    const manifest = {
+      name: 'test-skill',
+      version: '1.0.0',
+      author: { name: 'Author' },
+      permissions: {}
+    };
+    
+    const validation = validateManifest(manifest);
+    const signed = signManifest(validation.manifest, keyPair.secretKey, 'Author');
+    const attestation = createAttestation(signed, auditorKeyPair.secretKey, 'Auditor');
+    
+    // Re-sign with different content (simulates modification)
+    const modified = { ...signed, name: 'malicious-skill' };
+    const reSigned = signManifest(modified, keyPair.secretKey, 'Author');
+    
+    const result = verifyAttestation(attestation, reSigned);
+    assert.strictEqual(result.valid, false);
+    assert.ok(result.error.includes('different'));
+  });
+});
+
+describe('Attestation: Verify All Attestations', () => {
+  
+  it('should verify all attestations at once', () => {
+    const keyPair = generateKeyPair();
+    const auditor1KeyPair = generateKeyPair();
+    const auditor2KeyPair = generateKeyPair();
+    
+    const manifest = {
+      name: 'test-skill',
+      version: '1.0.0',
+      author: { name: 'Author' },
+      permissions: {}
+    };
+    
+    const validation = validateManifest(manifest);
+    const signed = signManifest(validation.manifest, keyPair.secretKey, 'Author');
+    
+    const attestation1 = createAttestation(signed, auditor1KeyPair.secretKey, 'Auditor1', { type: 'security_audit' });
+    let attested = addAttestation(signed, attestation1);
+    
+    const attestation2 = createAttestation(attested, auditor2KeyPair.secretKey, 'Auditor2', { type: 'code_review' });
+    attested = addAttestation(attested, attestation2);
+    
+    const result = verifyAllAttestations(attested);
+    assert.strictEqual(result.valid, true);
+    assert.strictEqual(result.count, 2);
+    assert.strictEqual(result.attestations.length, 2);
+  });
+  
+  it('should return empty for no attestations', () => {
+    const keyPair = generateKeyPair();
+    
+    const manifest = {
+      name: 'test-skill',
+      version: '1.0.0',
+      author: { name: 'Author' },
+      permissions: {}
+    };
+    
+    const validation = validateManifest(manifest);
+    const signed = signManifest(validation.manifest, keyPair.secretKey, 'Author');
+    
+    const result = verifyAllAttestations(signed);
+    assert.strictEqual(result.valid, true);
+    assert.strictEqual(result.count, 0);
+  });
+});
+
+describe('Attestation: Get Isnad (Chain)', () => {
+  
+  it('should return chain with author and auditors', () => {
+    const keyPair = generateKeyPair();
+    const auditorKeyPair = generateKeyPair();
+    
+    const manifest = {
+      name: 'test-skill',
+      version: '1.0.0',
+      author: { name: 'Author' },
+      permissions: {}
+    };
+    
+    const validation = validateManifest(manifest);
+    const signed = signManifest(validation.manifest, keyPair.secretKey, 'Author');
+    const attestation = createAttestation(signed, auditorKeyPair.secretKey, 'Auditor');
+    const attested = addAttestation(signed, attestation);
+    
+    const chain = getIsnad(attested);
+    
+    assert.strictEqual(chain.length, 2);
+    assert.strictEqual(chain[0].role, 'author');
+    assert.strictEqual(chain[0].identity, 'Author');
+    assert.strictEqual(chain[1].role, 'auditor');
+    assert.strictEqual(chain[1].identity, 'Auditor');
+  });
+  
+  it('should return empty chain for unsigned manifest', () => {
+    const manifest = {
+      name: 'unsigned-skill',
+      version: '1.0.0',
+      author: { name: 'Author' },
+      permissions: {}
+    };
+    
+    const chain = getIsnad(manifest);
+    assert.strictEqual(chain.length, 0);
+  });
+});
+
+describe('Trust Scoring with Attestations', () => {
+  
+  it('should reduce score with verified attestations', () => {
+    const keyPair = generateKeyPair();
+    const auditorKeyPair = generateKeyPair();
+    
+    const manifest = {
+      name: 'test-skill',
+      version: '1.0.0',
+      author: { name: 'Author' },
+      permissions: {
+        network: { allow: ['*'] }  // Risky permission
+      }
+    };
+    
+    const validation = validateManifest(manifest);
+    const signed = signManifest(validation.manifest, keyPair.secretKey, 'Author');
+    
+    // Score without attestation
+    const scoreWithout = calculateTrustScore(signed, { signed: true, verified: true });
+    
+    // Add attestation
+    const attestation = createAttestation(signed, auditorKeyPair.secretKey, 'Auditor', {
+      type: 'security_audit'
+    });
+    const attested = addAttestation(signed, attestation);
+    
+    // Verify attestation
+    const verifyResult = verifyAttestation(attestation, attested);
+    
+    // Score with attestation
+    const scoreWith = calculateTrustScore(attested, {
+      signed: true,
+      verified: true,
+      attestationsVerified: [verifyResult]
+    });
+    
+    assert.ok(scoreWith.score < scoreWithout.score, 'Attested score should be lower');
+    assert.strictEqual(scoreWith.attestationCount, 1);
+  });
+  
+  it('should give extra bonus for trusted auditors', () => {
+    const keyPair = generateKeyPair();
+    const trustedAuditorKeyPair = generateKeyPair();
+    
+    const manifest = {
+      name: 'test-skill',
+      version: '1.0.0',
+      author: { name: 'Author' },
+      permissions: {
+        shell: { allowed: true, commands: ['echo'] }
+      }
+    };
+    
+    const validation = validateManifest(manifest);
+    const signed = signManifest(validation.manifest, keyPair.secretKey, 'Author');
+    
+    const attestation = createAttestation(signed, trustedAuditorKeyPair.secretKey, 'TrustedAuditor', {
+      type: 'security_audit'
+    });
+    const attested = addAttestation(signed, attestation);
+    const verifyResult = verifyAttestation(attestation, attested);
+    
+    // Score without trusted list
+    const scoreNormal = calculateTrustScore(attested, {
+      signed: true,
+      verified: true,
+      attestationsVerified: [verifyResult]
+    });
+    
+    // Score with trusted list
+    const scoreTrusted = calculateTrustScore(attested, {
+      signed: true,
+      verified: true,
+      attestationsVerified: [verifyResult],
+      trustedAuditors: ['TrustedAuditor']
+    });
+    
+    assert.ok(scoreTrusted.score < scoreNormal.score, 'Trusted auditor should give extra bonus');
+  });
+});
+
 console.log('Running OpenClaw Secure test suite...\n');