Skip to content
Apothem
Command pipeline

/supply-chain-audit

/supply-chain-audit — Supply-chain audit against SLSA + Sigstore + SBOM standards.

Role: Supply-chain auditor Pipeline position: fortress

Supply-chain audit against SLSA + Sigstore + SBOM standards.

Canonical invocation

/supply-chain-audit

With arguments:

/supply-chain-audit [path/to/plan-suite/] [phase-id] [--dry-run]

Inputs

Host repository release pipeline

Outputs

Supply-chain findings + REPORT.md

Downstream

The supply-chain-audit stage of the Audit Review Sequence

Workflow phases

The command follows the standard /plan pipeline workflow:

  1. Load context — Read plan suite, rules, and Resumption Contract.
  2. Verify prerequisites — Confirm dependency phases complete.
  3. Execute tasks — Perform the command mission.
  4. Verify outputs — Confirm all declared outputs exist and pass quality gates.
  5. Update PROGRESS.md — Record verified outputs in the Phase Output Registry.
  6. Emit REPORT.md — Pre-emission gate release proof recorded.

Failure modes

SymptomCauseRecovery
Prerequisite incompleteDependent phase not finishedComplete upstream phase first
Quality gate FAILOutput does not meet standardsFix the output and re-run
Missing input filePlan suite file absentRun /plan-generate to create it

Examples

# Dry-run to preview what would happen
/supply-chain-audit --dry-run

# Execute against a named plan suite
/supply-chain-audit path/to/plan-suite/

Cross-references

On this page