feat(release): SOC2-03 signed release tags + per-release evidence procedure (#218)

[Knapp-Kevin]

Summary

Closes #218 sub-task SOC2-03. Extends #237's cosign-keyless pipeline with one new step (sign-blob the release tag's commit SHA) and ships the operator-readable per-release evidence procedure + helper.

Plan / Audit

• Plan: plan-C-soc2-03-signed-tags-and-release-evidence.md
• Audit: round 1 PASS (L1, mechanical extension of locked feat(supply-chain): cosign hooks-manifest signing + SBOM emission (#218 Phase 1) #237 substrate)

What ships

Surface	Change
.github/workflows/publish.yml	New step: cosign keyless sign-blob the release tag's commit SHA; output triple (txt + sig + crt) attached to GitHub Release. PyPI strip step updated to enumerate new artifacts
release/evidence_collect.py (new, 200 LOC)	gh-CLI evidence-collection helper. Subprocess discipline list-form argv with shell=False (OWASP A03). Failure propagation to caller (no silent empty-evidence). Renderer split into 4 helpers (each <40 LOC)
docs/RELEASE_EVIDENCE_PROCEDURE.md (new)	Operator-readable workflow: pre-release checklist, tag creation, post-release verification, evidence-collection invocation, narrative-attestation template, retention policy, auditor-side verification commands
tests/test_release_evidence_collect.py (new, 6 functional tests)	PR table rendering, CI table rendering, reviewer attribution, A03 list-form-argv lock, subprocess-failure propagation, empty-window explicit-note discipline
docs/research-brief-compliance-audit-2026-05-06.md	SOC2-03 entry marked closed (matches Plan D bidirectional pattern)

Test plan

• 6 new functional tests pass (tests/test_release_evidence_collect.py)
• ruff check + ruff format --check clean
• mypy release/evidence_collect.py clean
• Razor: render_markdown originally 58 LOC, refactored into 3 section helpers + orchestrator (each <40 LOC)
• No new pip dependencies

Inheritance from #237

This PR extends the cosign-keyless trust root that #237 bootstrapped:

• Same Sigstore Fulcio + Rekor identity (BicameralAI/bicameral-mcp)
• Same OIDC issuer (token.actions.githubusercontent.com)
• Same operator-side cosign verify-blob verification command shape

Closes

• [compliance:epic] Supply-chain & release-integrity — signed releases, SBOM, manifest signing for skills + hooks #218 SOC2-03: gpg/cosign-signed release tags + per-release evidence-collection procedure
• Bidirectional cross-reference: docs/research-brief-compliance-audit-2026-05-06.md § 2.2 SOC2-03 → docs/RELEASE_EVIDENCE_PROCEDURE.md

Epic #218 progress

3 of 6 sub-tasks closed:

• ✅ LLM-11 (P0) — signed hooks-manifest (PR feat(supply-chain): cosign hooks-manifest signing + SBOM emission (#218 Phase 1) #237)
• ✅ OWASP-01 — SBOM + Rekor attestation (PR feat(supply-chain): cosign hooks-manifest signing + SBOM emission (#218 Phase 1) #237)
• ✅ SOC2-03 — signed tags + evidence procedure (this PR)

3 remain: OWASP-03 (lockfile), OWASP-05 (RECOMMENDED_VERSION URL signing), LLM-06/#214 (skills/MANIFEST.toml).

🤖 Generated with Claude Code

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f68aa4db-3263-400f-9eca-89a99f0561a5

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 218-soc2-03-signed-tags-and-evidence

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}