Download Latest Version v0.7.5 -- Trust hardening + attestation object draft source code.tar.gz (431.4 kB)
Email in envelope

Get an email when there's a new version of pic-standard

Home / v0.7.0
Name Modified Size InfoDownloads / Week
Parent folder
README.md 2026-03-12 1.3 kB
0
v0.7.0 -- KeyResolver protocol + injectable trust resolution source code.tar.gz 2026-03-12 424.9 kB
0
v0.7.0 -- KeyResolver protocol + injectable trust resolution source code.zip 2026-03-12 476.3 kB
0
Totals: 3 Items   902.5 kB 0

[0.7.0] - 2026-03-12

Added

  • KeyResolver protocol — injectable, sync-only interface for trust key resolution. get_key(key_id) -> Optional[bytes] and key_status(key_id) -> KeyStatus.
  • StaticKeyRingResolver — zero-I/O resolver backed by a pre-loaded TrustedKeyRing.
  • PipelineOptions.key_resolver — threads custom resolver through the shared pipeline into EvidenceSystem.
  • KeyResolver and StaticKeyRingResolver exported from pic_standard public API.
  • tests/test_key_resolver.py — 7 tests covering resolver protocol, injection, lazy default semantics, and pipeline threading.

Changed

  • Evidence hot path fix: EvidenceSystem no longer reloads the keyring per signature item. Default trust resolution is lazy (loaded on first signature verification only).
  • EvidenceSystem.__init__ accepts optional key_resolver parameter. When omitted, the default resolver is constructed lazily via TrustedKeyRing.load_default() on first use — hash-only evidence never triggers keyring loading.
  • Deleted _load_public_key_from_keyring() module-level function; replaced by EvidenceSystem._resolve_public_key() instance method using the resolver protocol.

Fixed

  • Hash-only evidence verification no longer triggers unnecessary keyring file I/O.
Source: README.md, updated 2026-03-12