Architecture at a glance
The hexagon, the two placement paths, and why the stamp + SBOM is the product — a narrative overview of how houba is built.
Transforms & signed attestations
The hardening primitives and the SLSA / in-toto signing model.
Package-level SBOM
The inventory houba attaches to every placed image (copy and rebuild) so a CVE becomes one query, and why presence precedes signing.
Deletion & retention
The two removal axes, and why houba marks (usage-gated) instead of hard-deleting.