All 8 plan files (4 design + 4 impl) verified as completed against
codebase and git history. Each archived with completion summary
documenting date, key files built, and test coverage.

Archived plans:
- core-devops (design + impl): devops/ package fully implemented
- code-signing (design + impl): build/signing/ package fully implemented
- sdk-generation (design + impl): sdk/ package fully implemented
- sdk-release (design + impl): release/sdk.go fully implemented

Remaining in docs/plans/:
- docs-sync-next-steps.md: reference document for future setup steps

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-24 18:08:28 +00:00

1.2 KiB

Raw Blame History

Code Signing Design -- Completion Summary

Status: COMPLETED Date Completed: 2026-01-29 (initial implementation), verified 2026-02-24 Plan: Integrate standard code signing tools into the build pipeline (GPG, macOS codesign, notarization)

What Was Built

Full build/signing/ package with Signer interface and three implementations.

Key Files

build/signing/signer.go -- Signer interface, SignConfig, GPGConfig, MacOSConfig, WindowsConfig
build/signing/gpg.go -- GPG detached ASCII-armored signature (.asc)
build/signing/codesign.go -- macOS codesign with hardened runtime + notarization
build/signing/signtool.go -- Windows placeholder (Available() returns false)
build/signing/sign.go -- Orchestration helpers: SignBinaries, NotarizeBinaries, SignChecksums
build/config.go -- SignConfig integrated into BuildConfig
build/buildcmd/cmd_build.go -- --no-sign and --notarize CLI flags

Test Coverage

build/signing/gpg_test.go
build/signing/codesign_test.go
build/signing/signing_test.go (integration tests)

Pipeline Integration

Signing runs after compilation, before archiving. GPG signs checksums.txt after archive creation.

1.2 KiB Raw Blame History