All notable changes to DockerComms are documented here.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Release candidate toward v1.0.0 final. See RELEASE.md and docs/FINAL-RELEASE-GO-NO-GO.md for scope and remaining proof.
- send: Push file as OCI artifact with chunking (gzip/zstd), cosign signing, bundle attachment
- recv: Discover inbox tags, verify bundle, reassemble, verify-before-materialize
- verify: Verify artifact digest using bundle (referrers or tag fallback)
- ack: Write receipt artifact
- OCI client (oras-go/v2): push, pull, tags, referrers, HEAD for resume
- Chunking: 100 MiB default, streaming, tar+gzip/zstd
- Sigstore verification via sigstore-go
- Path traversal defense (SanitizeFilename)
- Tag encoding: RecipientTag, HexDigest12 with test vectors
- Verify-before-materialize: temp file, fsync, atomic rename
- Bundle verification with TUF or custom trusted root
- Hard limits on chunks and total size