In a world of multi-cloud agents, API keys are a liability. Passport Control enforces identity agnosticism and supply chain security, ensuring only verified engines can access your infrastructure.

Before executing any engine, the Orchestrator:

1. Pulls the OCI image from the registry (GHCR, Docker Hub, etc.)
2. Extracts the binary and computes its SHA-256 hash
3. Checks the hash against the Registry's signed manifest
4. Verifies the Cosign signature using the public key

If verification fails, the engine is rejected. No execution, no exceptions.

Cabin Crew uses Keyless Signing via Sigstore/Cosign. Instead of managing long-lived private keys:

• The Orchestrator requests an OIDC token from GitHub/AWS/GitLab
• The token is exchanged for a short-lived certificate (valid for minutes)
• The certificate signs the audit log
• The certificate expires, preventing key compromise

This eliminates the need for secret management while providing stronger guarantees than static API keys.

The Orchestrator runs a Regex Redactor on all engine output before it reaches PR comments or logs:

• Detects patterns matching API keys, tokens, passwords
• Replaces with [REDACTED] before writing to stdout
• Prevents accidental secret leakage in CI logs

Additionally, engines are blocked from reading .env files directly, forcing secrets to flow through the Orchestrator's controlled interface.

Engines follow an IO-Pure architecture:

• Engines receive inputs via stdin (JSON protocol)
• Engines write outputs to stdout (JSON protocol)
• No direct file system access outside the workspace
• No network access except through the Orchestrator's proxy

This sandboxing ensures that even a compromised engine cannot exfiltrate data or modify infrastructure outside the governed workflow.