Trust / Product Chain

Runtime verifies, Factory and Packager sign.

NOXA trust posture is built on explicit role separation, signed artifacts, and offline runtime verification. This is the production target model documented across repositories.

Security / Trust Licensing Deployment

Runtime is verify-only: no private signing key, no license generation, no bundle signing.

Noxa-License-Factory issues signed license artifacts (license.json + license.sig).

Noxa-Packager generates signed product-manifest and bundle-manifest artifacts.

Noxa-Website is a communication mirror and not a parallel product source of truth.

Support eligibility is conditioned by official signed artifacts and coherence checks.

Public Chain

Simplified product trust chain

Factory issues signed license

license.json and license.sig are generated outside runtime.

Packager builds official signed bundle

Bundle archive plus product/bundle manifests are signed with product keys; checksums are emitted for integrity verification.

Runtime verifies artifacts locally

NOXA verifies signatures and coherence offline before enforcement.

Support eligibility is computed

Eligibility stays true only when official artifacts are valid and runtime conformity checks pass.

Plain-Language Scope

Official artifacts, runtime verification, integrator install, support

Official Artifacts

What is the official product trust material

Factory artifact set: license.json + detached license.sig.

Packager trust set: manifests/product-manifest.json + manifests/product-manifest.sig.

Packager trust set: manifests/bundle-manifest.json + manifests/bundle-manifest.sig.

Packager delivery set: <bundle>.tar.gz + <bundle>.tar.gz.sig + CHECKSUMS.txt.

Runtime Verification

What runtime verifies and what it never does

Verify detached license.sig over canonical license.json payload (public keys only).

Verify product-manifest and bundle-manifest detached signature envelopes.

Check coherence across license, signed manifests, and runtime edition/artifact claims.

Never generate keys, issue licenses, or sign runtime artifacts (verify-only boundary).

Integrator Installation

What integrators actually install and validate

Install runtime deployment assets (Compose, Kubernetes, or Helm path).

Place official signed trust artifacts on runtime paths: license + manifests + signatures.

Keep install/deployment-context.json for installation/support evidence (not primary trust source).

Run diagnostics and production-guard checks before customer handover.

Support Conditions

What keeps support eligibility active

Valid signed license artifacts (license.json + license.sig).

Valid signed product-manifest and bundle-manifest artifacts.

Edition/module/version/artifact coherence between runtime and signed manifests.

No unsupported rebuild or tampering of official runtime artifacts.

Role Separation

Runtime, Factory, and Packager have explicit boundaries

NOXA runtime

Verification, enforcement, local reminders, diagnostics, and audit visibility.

Noxa-License-Factory

License issuance, renewal, verification tooling, and key governance.

Noxa-Packager

Signed bundle assembly, manifest generation/signing, and verification workflow.

Support Conditions

Support depends on official signed artifacts

Signed product-manifest and bundle-manifest signatures must be valid and coherent with runtime claims.

Signed license artifacts must be valid and coherent with edition/module/version constraints.

Modified or rebuilt runtime artifacts are considered non-conformant for support scope.

Legacy token paths remain migration-only and are re-evaluated before 2026-12-31.

Need a trust-chain walkthrough for auditors and operations?

Request Session Operations Documentation / FAQ