Series draft — Part 12 of 15 in Hardened Agentic Stack. Outline only; expand before un-drafting.
Phase 4: Architectural Best Practices
The Problem
A malicious public image or skill voids every runtime control you built.
The Infrastructure Fix
Cosign signatures + Kyverno verifyImages (and skill vetting) against trusted keys.
The Architecture Pattern
Supply Chain Verification — only proven provenance may run.
Planned sections
- The “Oh No” moment — concrete incident or near-miss that makes the risk visceral.
- ClawQL context — how this control protects a high-privilege local/edge agent.
- Technical how-to — concrete configs, policies, or snippets a builder can apply.
- Safety check — what “trusted enough” looks like once this layer is in place.
Key visuals
- Admit vs deny admission flow
Source modules (docs.clawql.com)
- container-image-security-pinning-distroless-golden-images
- cluster-admission-control-signing-policy
- clawhub-skill-vetting-safe-installation
Rule of Three (keep on publish)
| Layer | Takeaway |
|---|---|
| Problem | A malicious public image or skill voids every runtime control you built. |
| Infrastructure fix | Cosign signatures + Kyverno verifyImages (and skill vetting) against trusted keys. |
| Architecture pattern | Supply Chain Verification — only proven provenance may run. |