🌐 Expanso + Makoto Integration Concept

Edge-to-cloud DPL pipelines with native Makoto processors.

Note: This page explores how Makoto Levels could be implemented on Expanso. It is a conceptual integration proposal — illustrative, not a shipped library. The patterns shown use real Expanso APIs; the Makoto pieces are sketches you (or we) could build out.

What is Expanso?

Expanso is a data pipeline platform for processing data at the edge. Declarative YAML configurations with inputs, processors, and outputs make it a natural fit for Makoto — Bloblang mappings can compute digests, command processors can invoke signing tools, and dedicated processor plugins can handle attestation generation natively.

Edge ProcessingRun pipelines close to data sources
BloblangPowerful inline transformation language
200+ ConnectorsKafka, MQTT, S3, databases, etc.
PII DetectionBuilt-in data governance tools

Integration Approach

Primary pattern: Bloblang mapping + Command processor + Custom processor plugin. Below are the integration options ordered by lift required.

How Makoto attaches to Expanso

  • Bloblang Mappings — Use existing mapping processors to add attestation metadata and compute content hashes. Works today with no changes to Expanso.
  • Command Processor — Shell out to external signing tools (cosign, sigstore) for L2 cryptographic signatures.
  • Custom Processor Plugin — Build a dedicated DPL processor that handles attestation generation, signature, and DBOM verification natively.
  • Platform Integration — Deep integration at the Expanso platform level for automatic DBOM generation for all pipeline outputs.

Conceptual Code Example

Concept: L1 Origin Attestation via Bloblang

Adding provenance metadata to incoming sensor data

# Conceptual: Adding Makoto metadata via Bloblang
input:
  mqtt:
    urls: ["mqtt://sensors.example.com:1883"]
    topics: ["sensors/+/temperature"]

pipeline:
  processors:
    # Add origin attestation metadata
    - mapping: |
        root = this
        root.dbom = {
          "type": "origin/v1",
          "level": 1,
          "source": meta("mqtt_topic"),
          "timestamp": now(),
          "content_hash": this.hash("sha256")
        }

    # Optional: shell out to cosign for L2 signing
    - command:
        name: "cosign"
        args_mapping: '["sign-blob", "--yes", "-"]'

output:
  aws_s3:
    bucket: "sensor-data-lake"
    path: 'data/${!timestamp_unix()}.json'

Potential Use Cases

IoT & Manufacturing

Track sensor data provenance from factory floor to analytics platform.

Healthcare Data

HIPAA-compliant data sharing with attestations that prove transformations maintained integrity.

Financial Services

Audit-ready transaction logs with unforgeable attestations for regulatory compliance.

Supply Chain

End-to-end visibility for product journey with cryptographic proof at each handoff.

Interested in Expanso + Makoto?

This is a conceptual integration. If you're shipping Expanso pipelines and want to add Makoto attestations, open an issue or reach out — we'd love to scope a real implementation.

Learn about Expanso Read Makoto Spec All Integrations