AI Bill of Materials (AIBOM)

FleetForge emits a CycloneDX-style ML Bill of Materials for every run as soon as the run transitions to a terminal state (succeeded or failed). The artifact captures the models, tools, policies, guardrails, pack versions, inputs/dag digests, and trust subjects that influenced the run along with the attestation identifiers that were generated along the way.

The BOM is persisted under kind=aibom, is signed by the runtime trust signer, and includes a C2PA manifest referencing the collected attestation IDs. The artifact is available in two places:

1. Run detail API / UI – GET /v1/runs/{id} now includes a top-level artifacts object. Each entry mirrors the artifact metadata stored in object storage, so the UI can show a “BOM” drawer in the run summary.
2. Step envelopes – the final step output (or error) also references the BOM inside artifacts.aibom, allowing adapters that already scrape step artifacts to pick it up.

fleetforge-ctl get --run <id> automatically prints the new field so CLI users can fetch the BOM and verify the embedded signature/C2PA manifest offline.

Structure

The payload is compatible with CycloneDX 1.5 and captures the following sections:

{
  "bom_format": "CycloneDX",
  "spec_version": "1.5",
  "serial_number": "urn:uuid:...",
  "metadata": {
    "run_id": "…",
    "status": "succeeded",
    "policy_pack": "baseline",
    "policy_pack_version": "2024.07",
    "dag_digest": "…",
    "input_digest": "…"
  },
  "components": {
    "models": [
      {
        "id": "step-1",
        "type": "model",
        "name": "gpt-4o-mini",
        "provider": "openai",
        "version": "2024-06-06",
        "digests": [{ "alg": "SHA-256", "content": "<digest of inputs>" }],
        "properties": {
          "step_id": "…",
          "policy_pack": "baseline",
          "temperature": 0.2
        }
      }
    ],
    "tools": [
      {
        "id": "step-2",
        "type": "tool",
        "name": "fleet.reduce",
        "digests": [{ "alg": "SHA-256", "content": "<digest>" }],
        "properties": {
          "step_id": "…",
          "command": ["echo", "hello"]
        }
      }
    ],
    "policies": [
      {
        "pack": "baseline",
        "version": "2024.07",
        "guardrails": ["redact_pii", "deny_shell"]
      }
    ]
  },
  "trust": {
    "subjects": [
      "run:…",
      "step:…:…"
    ],
    "attestation_ids": [
      "ab2a5c6f-…"
    ]
  }
}

Metadata

The object-store metadata that accompanies the blob contains:

Field	Description
kind	always aibom
run_id / status	identify the originating run and terminal status
trust_subjects	ordered list matching trust.subjects
attestation_ids	ordered list of attestation UUIDs referenced by C2PA
summary	small JSON tally (model/tool counts, guardrail count, policy pack id)
c2pa_manifest	signed manifest linking attestation IDs
signature	FleetForge trust signer algorithm, key id, and base64 signature
transparency	present when FLEETFORGE_TRANSPARENCY_WRITER=1; includes a queued/published status, the SCITT entry id, and the receipt body returned by the configured transparency backend.

The SCITT entry is optional; once a SCITT signer is configured (and the transparency log backend is set), the runtime will publish the BOM manifest there as well, include the resulting entry id inside the metadata, and attach a transparency receipt that records whether the entry was appended locally or sent to a remote SCITT endpoint (dry run vs published). When the transparency writer is enabled (FLEETFORGE_TRANSPARENCY_WRITER=1), AIBOM metadata will temporarily show status: queued (with the job id) until the background worker publishes the entry and replaces the field with the final receipt.

Generating a BOM via fleetforge-ctl

When you need to recompute the BOM (for example, after tweaking policy metadata or pulling the run into an air-gapped environment), use the built-in CLI command. The command loads the run + step specs from the database, walks the attestation graph, and emits the same CycloneDX payload the runtime stores.

# Writes run-bom.json (pretty-printed CycloneDX ML-BOM)
fleetforge-ctl aibom generate \
  --run 34b1b5a0-a6d3-4e0f-98b5-c4e1f1b77a21 \
  --output run-bom.json

Export with receipts (UI + policy)

The console now treats signed artifacts as the default export path:

• Export with receipts button: Each artifact drawer in the UI exposes an “Export with receipts” CTA that bundles the binary, C2PA manifest, capability chain, and (when configured) SCITT receipt. The button mirrors fleetforge-ctl audit export so CLI and UI evidence stay identical.
• Mandatory manifests: Any artifact leaving FleetForge must carry a signed C2PA manifest (per C2PA v1.4). Download requests that lack a manifest are blocked until the signer produces one, and audit logs record the manifest digest + attestation IDs.
• Retention-aware notices: Export dialogs display the policy pack notice (for example, “EU AI Act deployer pack requires ≥6 months retention”) so operators understand why receipts are mandatory.

Set FLEETFORGE_REQUIRE_SIGNED_EXPORTS=1 (default in managed environments) to enforce the guard for all tenants.

Options:

Flag	Description
--run <RUN_ID>	Target run UUID (required).
--output <FILE>	Path to write the JSON BOM (stdout when omitted).
--policy-pack <PACK[@VERSION]>	Override the pack identifier recorded in the run (defaults to the pack found in the step specs or "baseline").

The generated JSON includes the model identifiers, tool digests, guardrails, policy pack, and attestation IDs exactly as shown in the runtime-generated artifact, so you can archive it alongside release notes or pipe it into downstream ML-BOM tooling.