Finalize remote phases and local SSH signature verification

.git_allowed_signers

@@ -0,0 +1 @@
+apps@hpedersen.de ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMhLocQtEfYKH2Gfw8aYBbmrq9ejFz8OeWFUV3qjXUp3xvfYNnw0OBIwRk8Fo13RsJqwaTKIV1R3KW2Y98XOJ8c=

CHANGELOG.md

@@ -4,6 +4,23 @@ All notable changes to **Neon Vision Editor** are documented in this file.
 
 The format follows *Keep a Changelog*. Versions use semantic versioning with prerelease tags.
 
+## [Unreleased]
+
+### Highlights
+- Added a macOS-only opt-in remote preview flow that progresses from prepared targets to explicit SSH-key session startup.
+- Added a macOS-only read-only remote file browser for active SSH-key sessions.
+- Added read-only remote file previews that open into locked editor tabs without enabling remote save or live remote editing.
+
+### Security
+- Local SSH commit verification can now use the repo-scoped `.git_allowed_signers` file.
+- Remote session startup remains fully user-triggered, with strict host-key checking and no background polling.
+
+### Breaking changes
+- None.
+
+### Migration
+- For local SSH commit verification, point Git at `.git_allowed_signers` if your clone does not already set `gpg.ssh.allowedSignersFile`.
+
 ## [v0.5.8] - 2026-03-28
 
 ### Why Upgrade

Neon Vision Editor.xcodeproj/project.pbxproj

@@ -361,7 +361,7 @@
 				CODE_SIGNING_ALLOWED = YES;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 577;
+				CURRENT_PROJECT_VERSION = 578;
 				DEAD_CODE_STRIPPING = YES;
 				DEVELOPMENT_TEAM = CS727NF72U;
 				ENABLE_APP_SANDBOX = YES;
@@ -444,7 +444,7 @@
 				CODE_SIGNING_ALLOWED = YES;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 577;
+				CURRENT_PROJECT_VERSION = 578;
 				DEAD_CODE_STRIPPING = YES;
 				DEVELOPMENT_TEAM = CS727NF72U;
 				ENABLE_APP_SANDBOX = YES;

README.md

@@ -66,7 +66,7 @@
 > Latest release: **v0.5.8**
 > Platform target: **macOS 26 (Tahoe)** compatible with **macOS Sequoia**
 > Apple Silicon: tested / Intel: not tested
-> Last updated (README): **2026-03-28** for latest release **v0.5.8**
+> Last updated (README): **2026-03-29** for latest release **v0.5.8**
 
 ## Start Here
 
@@ -526,7 +526,7 @@ More release integrity details: [Release Integrity](#release-integrity)
 ### Next (v0.5.9 - v0.5.10)
 
 - ![v0.5.9](https://img.shields.io/badge/v0.5.9-F59E0B?style=flat-square) follow-up platform polish and release hardening.
-- ![v0.5.10](https://img.shields.io/badge/v0.5.10-F59E0B?style=flat-square) optional remote-session groundwork and cross-platform editor flow cleanup.
+- ![v0.5.10](https://img.shields.io/badge/v0.5.10-F59E0B?style=flat-square) remote-session follow-up beyond the current macOS-only read-only preview scope.
 
 ### Later (v0.6.0)
 
@@ -655,6 +655,7 @@ Latest stable: **v0.5.8** (2026-03-28)
 - External AI requests only occur when code completion is enabled and a provider is selected.
 - Security policy and reporting details: [`SECURITY.md`](SECURITY.md).
 - New repository commits are SSH-signed; older historical commits may still predate commit signing.
+- Local SSH-signature verification in this clone can use the repo-scoped `.git_allowed_signers` file.
 
 ## Release Integrity
 
@@ -672,6 +673,13 @@ git rev-parse --verify v0.5.8
 shasum -a 256 <downloaded-file>
 ```
 
+- Verify local SSH commit signatures in this clone:
+
+```bash
+git config --local gpg.ssh.allowedSignersFile .git_allowed_signers
+git log --show-signature -1
+```
+
 ## Release Policy
 
 - `Stable`: tagged GitHub releases intended for daily use.