.nika.yaml file, so sharing one is just
sharing text. nika-registry
is where that sharing gets a trust layer no other workflow registry has:
every entry is re-proven by CI β pinned to a full commit + sha256, re-run
through the conformance oracle, and certified by the engineβs static
analysis. You see what a workflow can do β exec, tools, cost ceiling,
secrets β before a single token is spent.
Trust lives in the artifact, not a gatekeeper: the certificate re-derives
locally with
nika check. You never have to believe the registry β you
re-run the proof yourself, offline.Install an artifact
Today the flow is a short, auditable script (thenika add verb is on the
engine roadmap):
get.py refuses on any mismatch (hash Β· advisory Β· file already there) and
never executes anything β the workflow lands on disk and you decide to
run it. Not curl | sh.
The guarantees
| Rule | What it prevents |
|---|---|
| Entries are immutable β new version = new file; withdrawal is an advisory | rug-pulls Β· silent tampering |
| Full-commit + full-sha256 pinning β no tags, no branches | tag-rewrite attacks |
| CI re-hashes the fetched bytes and re-runs the oracle | broken or lying artifacts |
| Key-shaped strings refuse the gate | shared-template credential leaks |
| Zero install-time execution β entries and artifacts are data | the entire malicious-postinstall class |
Machine surfaces (for agents)
index.jsonβ every artifact with its pin, digest, cert summary and advisory state in one fetchllms.txtβ the consume/verify path in agent-readable form