Metadata-Version: 2.4
Name: sigmark
Version: 0.1.0
Summary: GPG signing for static site markdown content
Project-URL: Repository, https://github.com/queelius/sigmark
Project-URL: Issues, https://github.com/queelius/sigmark/issues
Author-email: Alex Towell <lex@metafunctor.com>
License-Expression: MIT
License-File: LICENSE
Keywords: gpg,hugo,markdown,pgp,signing,static-site
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security :: Cryptography
Requires-Python: >=3.10
Requires-Dist: click>=8.0
Requires-Dist: pyyaml>=6.0
Requires-Dist: rich>=13.0
Provides-Extra: dev
Requires-Dist: mypy>=1.0; extra == 'dev'
Requires-Dist: pytest-cov>=4.0; extra == 'dev'
Requires-Dist: pytest-mock>=3.0; extra == 'dev'
Requires-Dist: pytest>=7.0; extra == 'dev'
Requires-Dist: ruff>=0.1.0; extra == 'dev'
Description-Content-Type: text/markdown

# sigmark

GPG signing for static site markdown content.

Sign Hugo/static-site markdown files with GPG, embedding ASCII-armored signatures directly in YAML front matter. Verify authenticity, strip signatures, or check signing status across your content directory.

## Install

```bash
pip install sigmark
```

Requires GPG (`gpg`) to be installed and available on your `PATH`.

## Usage

```bash
# Sign all markdown files in a directory
sigmark sign --key you@example.com content/

# Sign a single file
sigmark sign --key you@example.com content/post/hello/index.md

# Verify signatures
sigmark verify content/

# Check signing status
sigmark status content/

# Remove signatures
sigmark strip content/
```

## How It Works

Sigmark signs only the **body** of each markdown file (everything below the closing `---` front-matter delimiter). The GPG signature is stored as a `signature` field in the YAML front matter:

```yaml
---
title: Hello World
date: 2026-01-01
signature: |
  -----BEGIN PGP SIGNATURE-----
  iQEzBAABCAAdFiEE...
  -----END PGP SIGNATURE-----
---
Your post body here.
```

This means front-matter changes (tags, categories, draft status) don't invalidate the signature, while any change to the actual content does.

## Commands

| Command | Description |
|---------|-------------|
| `sign --key <id> PATHS...` | Sign markdown files with GPG |
| `verify PATHS...` | Verify GPG signatures (exit 1 on failure) |
| `strip PATHS...` | Remove signature fields from front matter |
| `status PATHS...` | Report unsigned / valid / invalid per file |

All commands accept files and/or directories. Directories are walked recursively for `.md` files with YAML front matter. Global flags: `--verbose`, `--dry-run`.

## License

MIT
