v0.6.0
Two verification-correctness fixes.
Security / Fixed
verifynow actually checks the signature bundle (high).runVerifynever called theverifierpackage —verifier.VerifySkillwas fully implemented but had zero callers, so a scope-clean skill with no/invalid bundle still readTRUSTED. A tampered manifest + missing bundle passedverify --ciTRUSTEDat cold-start — the exact supply-chain vector skillsig exists to catch.verifynow folds signature verification into every row: missing bundle →UNSIGNED, bundle that doesn't verify →SCOPE-DRIFTED(fails--ci), keyless → pending, andTRUSTEDrequires a valid signature. Newinternal/verifier/verifier_test.gocovers signed / no-bundle / tampered / corrupt / keyless.verify --trustno longer silently re-baselines a drifted scope (high).ScanAndTrustrecorded the current (possibly broadened) declares into the lock for every in-version-TRUSTEDskill, erasing cross-version drift. It now runs the lock-drift check first — a drifted skill reportsSCOPE-DRIFTEDand its baseline is preserved; re-baselining a drifted skill requires the new explicitverify --trust --force-trust.
Full notes: CHANGELOG.md.