v0.6.0
Portable Witness Verification release.
Highlights:
- Embed portable witness payload in commit trailers (chunked, gzip+base64url)
- Embed signer public key in witness payload for cross-machine verification
- Verify witness signatures without local keystore (portable CI path)
- Add file fingerprint validation (
files_count+files_hash) during verification - Keep legacy sidecar fallback for backward compatibility
- Extend docs/spec for cwe_v1 portable payload contract
- Add witness integration tests (including no-sidecar/no-key verification)
Validation:
- 139 tests passing
- CI matrix + package-smoke green