This release was checked along a chain of independent steps. Each step below is a separate, verifiable claim — you can re-run the whole chain yourself with the command at the bottom.
pass1. Signature
Signature verified against mcp-tool-shop (ci-shipcheck-2026)
fail2. Attestations
sbom.present: fail — No SBOM attestation found in release event
provenance.present: fail — No build provenance attestation found in release event
license.audit: warn — SBOM missing from ReleasePublished attestations; cannot audit licenses.
security.scan: warn — SBOM missing from ReleasePublished attestations; cannot run vuln scan.
Check
Result
Reason
sbom.present
fail
No SBOM attestation found in release event
provenance.present
fail
No build provenance attestation found in release event
license.audit
warn
SBOM missing from ReleasePublished attestations; cannot audit licenses.
security.scan
warn
SBOM missing from ReleasePublished attestations; cannot run vuln scan.
pending3. Anchor (XRPL)
Included in partition 2026-02-28 (Merkle root d9cc5dd2119c4fce…). Root committed; not yet anchored on-chain (awaiting the next XRPL anchor cycle).