diff --git a/.git_allowed_signers b/.git_allowed_signers new file mode 100644 index 0000000..2b96f29 --- /dev/null +++ b/.git_allowed_signers @@ -0,0 +1 @@ +apps@hpedersen.de ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMhLocQtEfYKH2Gfw8aYBbmrq9ejFz8OeWFUV3qjXUp3xvfYNnw0OBIwRk8Fo13RsJqwaTKIV1R3KW2Y98XOJ8c= diff --git a/CHANGELOG.md b/CHANGELOG.md index ecdb105..39c1049 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,23 @@ All notable changes to **Neon Vision Editor** are documented in this file. The format follows *Keep a Changelog*. Versions use semantic versioning with prerelease tags. +## [Unreleased] + +### Highlights +- Added a macOS-only opt-in remote preview flow that progresses from prepared targets to explicit SSH-key session startup. +- Added a macOS-only read-only remote file browser for active SSH-key sessions. +- Added read-only remote file previews that open into locked editor tabs without enabling remote save or live remote editing. + +### Security +- Local SSH commit verification can now use the repo-scoped `.git_allowed_signers` file. +- Remote session startup remains fully user-triggered, with strict host-key checking and no background polling. + +### Breaking changes +- None. + +### Migration +- For local SSH commit verification, point Git at `.git_allowed_signers` if your clone does not already set `gpg.ssh.allowedSignersFile`. + ## [v0.5.8] - 2026-03-28 ### Why Upgrade diff --git a/Neon Vision Editor.xcodeproj/project.pbxproj b/Neon Vision Editor.xcodeproj/project.pbxproj index f5c0738..d6e43a1 100644 --- a/Neon Vision Editor.xcodeproj/project.pbxproj +++ b/Neon Vision Editor.xcodeproj/project.pbxproj @@ -361,7 +361,7 @@ CODE_SIGNING_ALLOWED = YES; CODE_SIGN_IDENTITY = "Apple Development"; CODE_SIGN_STYLE = Automatic; - CURRENT_PROJECT_VERSION = 577; + CURRENT_PROJECT_VERSION = 578; DEAD_CODE_STRIPPING = YES; DEVELOPMENT_TEAM = CS727NF72U; ENABLE_APP_SANDBOX = YES; @@ -444,7 +444,7 @@ CODE_SIGNING_ALLOWED = YES; CODE_SIGN_IDENTITY = "Apple Development"; CODE_SIGN_STYLE = Automatic; - CURRENT_PROJECT_VERSION = 577; + CURRENT_PROJECT_VERSION = 578; DEAD_CODE_STRIPPING = YES; DEVELOPMENT_TEAM = CS727NF72U; ENABLE_APP_SANDBOX = YES; diff --git a/README.md b/README.md index 2c93b58..9746c84 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ > Latest release: **v0.5.8** > Platform target: **macOS 26 (Tahoe)** compatible with **macOS Sequoia** > Apple Silicon: tested / Intel: not tested -> Last updated (README): **2026-03-28** for latest release **v0.5.8** +> Last updated (README): **2026-03-29** for latest release **v0.5.8** ## Start Here @@ -526,7 +526,7 @@ More release integrity details: [Release Integrity](#release-integrity) ### Next (v0.5.9 - v0.5.10) - ![v0.5.9](https://img.shields.io/badge/v0.5.9-F59E0B?style=flat-square) follow-up platform polish and release hardening. -- ![v0.5.10](https://img.shields.io/badge/v0.5.10-F59E0B?style=flat-square) optional remote-session groundwork and cross-platform editor flow cleanup. +- ![v0.5.10](https://img.shields.io/badge/v0.5.10-F59E0B?style=flat-square) remote-session follow-up beyond the current macOS-only read-only preview scope. ### Later (v0.6.0) @@ -655,6 +655,7 @@ Latest stable: **v0.5.8** (2026-03-28) - External AI requests only occur when code completion is enabled and a provider is selected. - Security policy and reporting details: [`SECURITY.md`](SECURITY.md). - New repository commits are SSH-signed; older historical commits may still predate commit signing. +- Local SSH-signature verification in this clone can use the repo-scoped `.git_allowed_signers` file. ## Release Integrity @@ -672,6 +673,13 @@ git rev-parse --verify v0.5.8 shasum -a 256 ``` +- Verify local SSH commit signatures in this clone: + +```bash +git config --local gpg.ssh.allowedSignersFile .git_allowed_signers +git log --show-signature -1 +``` + ## Release Policy - `Stable`: tagged GitHub releases intended for daily use.