Publishing

Publishing to the Sovereign Bazaar means submitting package metadata, artifact proofs, and trust badge evidence.

Checklist

1. Build the package through the Foundry pipeline.
2. Sign the artifact with an Ed25519 publisher key.
3. Attach the artifact Variant-CID and build recipe digest.
4. Add badge evidence under the package trust object.
5. Validate the registry.
6. Verify the artifact itself.

Commands

nexus bazaar validate
nexus verify ./artifact.npk

Registry validation checks metadata. Artifact verification checks signatures, BOMs, and ProvChain proof files.