Attestable Builds

Attestable builds are a new approach to verifiable software distribution. Source code is compiled inside hardware-isolated environments that produce cryptographic proof linking binaries to their exact inputs.Powered by Kettle, Lunal's open-source implementation.

POST /build

Submit a build and receive all build outputs as a ZIP archive. Supports Cargo and Nix projects via auto-detection.

Parameters

ParameterTypeDescription
sourcefileZIP file containing source code (mutually exclusive with repo_url)
repo_urlstringGit repository URL to clone (mutually exclusive with source)
refstringGit ref — branch, tag, or commit. Only used with repo_url

Examples

From a git repo

curl -X POST https://kettle-anthropic-api-demo.lunal.dev/build \
  -F "repo_url=https://github.com/AmeanAsad/comp-graph" \
  -F "ref=main" \
  -o build.zip

From a ZIP upload

curl -X POST https://kettle-anthropic-api-demo.lunal.dev/build \
  -F "source=@my-project.zip" \
  -o build.zip

Response

Success (200)

Returns a ZIP archive (application/zip) containing:

build.zip
├── artifacts/
│   └── computational-graph     # compiled binary
├── build-config/
│   └── Cargo.lock              # lockfile
├── provenance.json             # build provenance
├── manifest.json               # build manifest
└── evidence.b64                # attestation

Unzip the result:

unzip build.zip -d build-output

Failure (400 or 500)

{
  "build_id": "a1b2c3d4",
  "status": "failed",
  "error": "Description of what went wrong"
}