# k2gl > Open-source PHP packages for software supply-chain security (Sigstore, in-toto, > SLSA, TUF) and everyday developer ergonomics. Each package below links to a > clean markdown page with install, requirements, and usage. ## Supply-chain packages - [k2gl/sigstore-verify](https://k2gl.com/packages/sigstore-verify.md): Verify Sigstore signatures, certificates, and transparency-log inclusion in pure PHP. - [k2gl/sigstore-sign](https://k2gl.com/packages/sigstore-sign.md): Produce Sigstore signatures and bundles from PHP — keyful or keyless (Fulcio/OIDC). - [k2gl/sigstore-bundle](https://k2gl.com/packages/sigstore-bundle.md): Build and read Sigstore bundles (.sigstore.json) in PHP. - [k2gl/rekor-client](https://k2gl.com/packages/rekor-client.md): A PSR-18 client for the Rekor transparency log (v2 / rekor-tiles). - [k2gl/dsse](https://k2gl.com/packages/dsse.md): Sign and verify DSSE envelopes (Dead Simple Signing Envelope) in PHP. - [k2gl/in-toto-attestation](https://k2gl.com/packages/in-toto-attestation.md): Build and parse in-toto attestation Statements in PHP. - [k2gl/slsa-provenance](https://k2gl.com/packages/slsa-provenance.md): Model SLSA provenance predicates in PHP. - [k2gl/tuf](https://k2gl.com/packages/tuf.md): A pure-PHP client for The Update Framework (TUF). - [k2gl/sshsig](https://k2gl.com/packages/sshsig.md): Sign and verify with the SSH signature format (SSHSIG) in PHP. - [k2gl/signed-note](https://k2gl.com/packages/signed-note.md): Read and write signed notes (Go sumdb / Rekor checkpoint format). - [k2gl/composer-attest](https://k2gl.com/packages/composer-attest.md): Composer plugin: verify GitHub build-provenance attestations at install time. - [k2gl/composer-license-gate](https://k2gl.com/packages/composer-license-gate.md): Composer plugin: gate dependency licenses against an allow/deny policy. ## Utility packages - [k2gl/array-reader](https://k2gl.com/packages/array-reader.md): Read nested array data with types, defaults, and clear errors. - [k2gl/enum](https://k2gl.com/packages/enum.md): Ergonomic helpers for PHP native enums — labels, values, and lookups. - [k2gl/entity-exist](https://k2gl.com/packages/entity-exist.md): A Symfony validator constraint that asserts an entity exists. - [k2gl/phpunit-fluent-assertions](https://k2gl.com/packages/phpunit-fluent-assertions.md): Fluent, readable assertions for PHPUnit. - [k2gl/app-env](https://k2gl.com/packages/app-env.md): A small, typed helper for reading application environment. ## Optional - [Full docs, one file](https://k2gl.com/llms-full.txt): every package's docs concatenated for one-shot ingestion.