Modules
A library-first, daemonless OCI toolkit for Elixir — everything you can do to a container image except run it.
Inspect an image's effective filesystem: list files, read a file's bytes, and extract a
best-effort software bill of materials — all over Stevedore.Layer.merged_view/2, in memory.
A pure tar reader/writer plus gzip helpers.
An error raised or returned while reading or writing a tar archive.
Registry credentials and the bearer-token challenge/exchange flow.
A failure during registry authentication (token exchange or credential loading).
Assemble images declaratively from layers + a config — the crane-style create surface.
Shared helpers for the mix stevedore.* task shells: starting the app, unwrapping verb results
into task success/failure, and rendering errors consistently (reusing subsystem
Exception.message/1).
A parsed OCI image configuration.
The copy primitive: move an image between any two transports, preserving digests.
Turn an image into a static, read-only registry a dumb web server can serve.
A typed, digest-addressed pointer to content (the OCI descriptor).
A content digest: an algorithm:hex pair identifying bytes by their hash.
An assembled image held in memory: a manifest, its config, the ordered layer descriptors, and the blob bytes backing them.
Read and merge image layers in memory, without root.
An image manifest or an image index (multi-arch manifest list).
The OCI and Docker media-type strings, with classifiers.
Rewrite an assembled Stevedore.Image — config, annotations, tag, base, or layer set — without
re-pulling layers where possible. Every mutation recomputes the dependent digests through
Stevedore.Image.assemble/3; bytes that don't change keep their digests.
A Plug implementing the OCI/Docker Distribution v2 registry API.
A parsed, normalized image reference: registry, repository, and a tag or digest.
Attach artifacts to an image and list them — the OCI 1.1 subject/artifactType mechanism that
signatures, SBOMs, and scan results hang off of.
A daemonless client for the OCI/Docker Distribution v2 API (the docker:// transport).
A failure talking to a registry's Distribution v2 API.
The standalone /v2 registry server: a supervision tree of Stevedore.Server.Uploads and a
Bandit HTTP listener serving Stevedore.Plug.
In-progress blob upload sessions for the registry server.
Sign an image so its authenticity can later be verified by Stevedore.Verify.
A failure while signing an image.
Sigstore/cosign key-pair primitives, native via :public_key (ECDSA P-256, no shelling out).
The content-addressed blob storage seam.
A filesystem-backed Stevedore.Store.
An in-memory Stevedore.Store backed by an Agent.
The seam describing where images live, behind one uniform interface.
Tar-backed transports: oci-archive: (an OCI image layout as a tar) and docker-archive:
(a docker save tarball).
The dir: transport — Skopeo's flat directory of a single image.
A read-only Stevedore.Transport backed by an in-memory Stevedore.Image.
The oci: transport — an OCI image-layout directory.
Parses Skopeo-style transport-prefixed references into a {transport, ref} pair.
The docker:// transport: a remote registry, behind the Stevedore.Transport behaviour.
The static: transport — a Stevedore-native registry-v2 directory tree.
Verify an image's signatures against a policy. Default-deny: verification fails unless a signature satisfies the policy.
A failure while verifying image signatures against a policy.
Mix Tasks
Copy an image from one transport to another.
Delete a manifest from a transport.
Copy an image into a static registry directory and (optionally) emit a web-server config that
serves it as a read-only /v2 registry.
Inspect the manifest of an image at any transport.
List the tags held by a transport.
Sign an image with an ECDSA private key (PEM) and attach the cosign-compatible signature to it via the Referrers API.
Copy many images from a declarative spec file. Each non-blank line is SRC DST (lines starting
with # are comments).
Verify an image's signatures (fetched via the Referrers API / .sig tag) against an ECDSA
public key (PEM). Exits non-zero if no signature satisfies the policy.