How it works
The end-to-end flow: audits, signed logs, policies, and how a consumer verifies a project.
TODO: write me. Suggested outline:
- The audit object — what it claims, what it’s signed with.
- Logs — skipchain over a Merkle search tree, append-only, operator-signed; what each property buys you.
- The consumer flow:
update(pin log heads) →check(verify lockfile against pinned logs + policy).- The author flow: draft → sign → publish.
- Diagrams welcome here.
Keep it conceptual; deep wire-format detail belongs in the specification.