Signed Reports (Ed25519)

With --sign-key, the suite emits a signed ComplianceReport that any third party can verify offline.

{
  "backend": "your_pkg.adapter:YourStore",
  "corpus_hash": "f049820b…b077ca6",
  "M8_conformance": 1.000,
  "capabilities": "7/7 PASS",
  "signature": "ed25519:3a9f…",
  "public_key": "ed25519:…"
}

The signature is an Ed25519 signature over the report's canonical bytes; verification needs only the public key. This is what backs a registry listing. Requires pip install "grafomem[crypto]".

Source: src/aml/eval/report.py, src/aml/provenance.py