Security

Artifact Signing

Artifact signing binds release outputs to trusted build metadata. What It Covers Signature generation for release artifacts Trust verification during runtime or load time Coordination with the release pipeline and environment contract Notes Any change to key derivation, signature format, or verification flow requires a fresh documentation review.

Source repo
aoiflux/mutant
Source path
security/signing.go
Last reviewed
2026-07-03
Freshness tier
critical

Artifact signing binds release outputs to trusted build metadata.

What It Covers

  • Signature generation for release artifacts
  • Trust verification during runtime or load time
  • Coordination with the release pipeline and environment contract

Notes

Any change to key derivation, signature format, or verification flow requires a fresh documentation review.