README.md
  Status line bumped to v0.2.0. Quick-start now leads with
  screenplayregistry.org/create/ (browser flow) and demotes the CLI to
  "From the command line". CLI section gains the PDF two-step:
    screenreg extract draft.pdf > draft.fountain
    screenreg register draft.fountain --source-pdf draft.pdf
  The Hosting note documents that the official build is served from
  Cloudflare Pages with the security headers in landing/_headers, and
  the same HTML + JS + headers are vendored in this repo under landing/
  and verifier-web/ for self-hosting on any static-file host.

CHANGELOG.md
  [0.2.0] entry covering:
    - Browser /create/ + /verify/ pages, cross-runtime shared modules,
      multi-calendar quorum, strict calendar-response gate, Cloudflare
      Pages _headers.
    - PDF input via pluggable PdfExtractor + reference extractor +
      `screenreg extract` subcommand + --source-pdf provenance. The
      provenance entry explicitly says what the bytes record (PDF SHA-
      256 + registered Fountain SHA-256 + filename) and does not
      overclaim verbatim-extractor-output reproducibility.
    - OTS parser hardening: parseOts now enforces every cap the strict
      walker enforces (MAX_PAYLOAD_SIZE=8192, Pending URI rules, OP arg
      + result caps, OP_REVERSE/OP_HEXLIFY support). Loose walker
      removed.
    - globalThis.crypto.subtle replaces node:crypto in shared modules.
    - Cross-impl test corpus expanded with double-leading-BOM, triple-
      leading-BOM, embedded BOM, mixed CRLF/LF/CR, NFC-decomposed,
      supplementary-plane, lone-surrogate, and calendar-URI boundary
      cases.
    - Compatibility statement: no v1 commitment-bearing surface changed
      in v0.2 (profile IDs, URN namespaces, normalization profile,
      canonicalization scheme, scene + paragraph tree formats, AES AAD
      format, Ed25519 wire — listed by name). The new
      evidenceBundle.bundleExtensions.sourceExtractor block is additive
      and non-committing. A fixture-backed cross-version regression test
      is not yet in place; if you re-verify a v0.1.0 proof under v0.2
      and see a difference, please file an issue.
  Renamed v0.1.0 "Known limitations + v0.2 roadmap" to "Known
  limitations + roadmap" with the SPV bullet rewritten as deferred to a
  future minor release.

docs/threat-model.md + verifier-web/README.md
  Block-header verification posture: today an operator who wants Bitcoin-
  block-header confirmation runs `ots verify` from opentimestamps-client
  against the upgraded .ots, which talks to a Bitcoin RPC node or a
  public block-header API. Bringing full in-process SPV into the
  reference verifier is deferred to a future minor release.

docs/adoption-guide.md + docs/faq.md
  Browser-first updates so adoption + FAQ content matches the new
  primary surface.