Skip to content


The Atsign FoundationThe Atsign Foundation

Build Status GitHub License OpenSSF Scorecard OpenSSF Best Practices SLSA 3


This repo contains the core software implementation of the atProtocol:


core runtime services

  • at_root_server the root server is a directory that contains the fully qualified domain name (FQDN) and port for secondary servers. This is the most minimal amount of data necessary to determine where to go to ask for permission. It only contains a record for every atSign as well as the Internet location of the associated secondary server that contains data and permissions.

  • at_secondary_server the secondary server is a personal, secure server that contains a person's data and their permissions and terms under which they wish to share with others. The server is written in Dart and is incredibly efficient. It has the ability to securely sync data with other instances in the cloud or on other devices.

core dependencies

  • at_server_spec is an interface abstraction that defines what the atServer is responsible for.

  • at_persistence_spec is the abstracted module for persistence which can be replaced as desired with some other implementation.


  • at_functional_test is a set of self contained tests that make use of at_virtual_environment to run an entire mini atSign infrastructure within a single container.

  • at_end2end_test is a suite of tests that cannot be run standalone, and instead make use of a number of dess atSigns hosted on virtual machines. Tests are arranged so that cross testing happens between the version under test, and production releases.


  • the virtual environment makes use of certificates that need to be refreshed on a regular basis, which is done with a GitHub Action that runs the script.

  • the cicd1 and cicd2 directories also contains the scripts used by the dess VMs for end2end tests that ensure the correct images for version cross testing.

  • build_virtual_environment contains the Dockerfiles and dependencies used to build the virtual environment base image ve_base the virtual environment on that base, and the install_PKAM_Keys tool that's used to initialise a virtual environment.

  • build_secondary contains the Dockerfiles used to build various flavours of secondary server.


Since the c3.0.48 release, the Docker images created from this repo as part of a release have SLSA Build Level 3 attestations.

These can be verified using the slsa-verifier tool e.g.:

SHA=$(docker buildx imagetools inspect ${IMAGE}:canary-${TAG} \
  --format "{{json .Manifest}}" | jq -r .digest)
slsa-verifier verify-image ${IMAGE}@${SHA} --source-uri \ --source-tag ${TAG}