Statements, signed

An attestation is a signed statement about a commit — “reviewed”, “deployed”, “tested” — stored in the repo as a first-class object, not a side-channel. mkit uses the standard formats (an in-toto Statement inside a DSSE signing envelope), so anyone holding your public key can verify it later — with mkit, cosign, or any compliant verifier. Type a claim, pick a signing algorithm, and watch the envelope rebuild and verify.