You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
update now verifies the release Sigstore signature on checksums.txtin-process (embedded sigstore-go, bootstrapped from the embedded TUF trust root) instead of shelling out to an external cosign. Verification is mandatory and fail-closed: a missing signature bundle, a signature that does not verify against this repo's tagged release-workflow identity, or a checksum mismatch all refuse the update — there is no skip path. Releases are now signed with cosign sign-blob --new-bundle-format.
Security
Release-integrity failures (missing/invalid signature or checksum mismatch) now return the non-retryable E_INTEGRITY error code (exit 1) instead of a retryable network code, so an agent treats a possible supply-chain issue as a hard stop rather than retrying.