Archivio v1.7.0

= 1.7.0 =

Added Sigstore / Rekor transparency log as a fourth anchor provider. Every anchor job can simultaneously submit a hashedrekord v0.0.1 entry to the public Rekor log (rekor.sigstore.dev) alongside GitHub, GitLab, and RFC 3161.
Rekor entries include embedded provenance metadata: site URL, document ID, post type, hash algorithm, plugin version, public key fingerprint, and key type (site long-lived or ephemeral).
When site Ed25519 keys are configured, entries are signed with the long-lived key; the public key fingerprint links to /.well-known/ed25519-pubkey.txt for independent verification. Without site keys, a per-submission ephemeral keypair is generated automatically via PHP Sodium — the content hash is still immutably logged.
Added inline Rekor Activity Log with live "Verify" button — fetches inclusion proof directly from the Rekor API without leaving the admin.
Added Rekor / Sigstore submenu page with server requirements checklist, settings toggle, Test Connection button (read-only GET, no dummy entries written), and scoped activity log.
Expanded hash algorithm library. New standard algorithms: SHA-224, SHA-384, SHA-512/224, SHA-512/256, BLAKE2s-256, SHA-256d, RIPEMD-160, Whirlpool-512. New extended algorithms: GOST R 34.11-94, GOST R 34.11-94 (CryptoPro). Legacy algorithms available but not recommended: MD5, SHA-1.
Rekor is optional and disabled by default. Requires ext-sodium (standard since PHP 7.2) and ext-openssl.

= 1.6.8 =

Added DSSE (Dead Simple Signing Envelope) mode to Ed25519 Document Signing, per the Sigstore DSSE specification.
When enabled, every post and media signature is wrapped in a structured JSON envelope stored in the _mdsm_ed25519_dsse post meta key. The bare hex signature in _mdsm_ed25519_sig is always written alongside — all existing verifiers continue to work without migration.
Envelope format: { "payload": base64(canonical_msg), "payloadType": "application/vnd.archiviomd.document", "signatures": [{ "keyid": sha256_hex(pubkey_bytes), "sig": base64(sig_bytes) }] }.
Signing is over the DSSE Pre-Authentication Encoding (PAE) — prevents cross-protocol signature confusion attacks.
Added sign_dsse(), verify_dsse(), verify_post_dsse(), public_key_fingerprint(), is_dsse_enabled(), and set_dsse_mode() public static methods.
DSSE Envelope Mode toggle added to Cryptographic Verification settings, nested beneath the Ed25519 card. Disabled until Ed25519 is fully configured and active.
Verification files downloaded from the badge now include the full DSSE envelope plus step-by-step offline verification instructions.
Media attachments receive DSSE envelopes when DSSE mode is on.

= 1.6.7 =

Added Signed Export Receipts to all three compliance export types: Metadata CSV, Compliance JSON, and Backup ZIP.
Every export generates a companion .sig.json integrity receipt containing: SHA-256 hash of the exported file, export type, filename, generation timestamp (UTC), site URL, plugin version, and generating user ID.
When Ed25519 Document Signing is configured, the receipt includes a detached Ed25519 signature binding all fields — preventing replay against a different file or context.
"Download Signature" button appears inline after each successful export.

= 1.6.6 =

Fixed verification badge download failing on sites with WP_DEBUG enabled. Root cause: RFC 3161 cross-reference query ran without first checking the anchor log table exists. Fix: added SHOW TABLES existence check and wrapped with wpdb->suppress_errors().
Added ads.txt, app-ads.txt, sellers.json, and ai.txt to SEO Files section.
Added Ed25519 Document Signing. Private key in wp-config.php, public key at /.well-known/ed25519-pubkey.txt, in-browser keypair generator included.

= 1.6.5 =

Fixed fatal PHP parse error from unescaped apostrophe in DigiCert TSA profile notes string.
Fixed fatal load-order error where RFC 3161 provider class was required before its interface was defined.
Fixed undefined variable $settings inside store_tsr().

= 1.6.4 =

Added multi-provider anchoring: RFC 3161 and Git can now run simultaneously on every anchor job.
Each provider tracked independently — failure or rate-limiting of one does not block the other.
Each provider writes its own entry to the Anchor Activity Log.
Existing single-provider installations migrated automatically on next settings read.

= 1.6.3 =

Added structured Compliance JSON export.
Preserves full relationships between posts, hash history, anchor log entries, and inlined RFC 3161 TSR manifests.
Suitable for legal evidence packages, compliance audits, and SIEM ingestion.

= 1.6.2 =

Fixed redundant double hash computation in HTML anchoring.
Added admin notice when anchor jobs permanently fail after all retries.
TSR and TSQ files now blocked from direct HTTP access via .htaccess; served via authenticated download handler.
Verification file download now includes RFC 3161 timestamp details when available.
Scheduled posts correctly anchored when they go live.
Added WP-CLI commands: process-queue, anchor-post, verify, prune-log.
Added configurable log retention (default 90 days) with automatic daily pruning.

= 1.6.1 =

Hardened anchor queue against concurrent processing on high-traffic sites.
Added queue size cap to prevent unbounded option row growth.

= 1.6.0 =

Added RFC 3161 trusted timestamping support.
Four built-in TSA providers: FreeTSA.org, DigiCert, GlobalSign, Sectigo. Custom endpoint supported.
Timestamp tokens (.tsr files) stored locally for independent offline verification.