[idanr3011]

Sigstore is a good pointer - I'll look at how they handle the transparency log. The append-and-sign pattern is probably the right starting point before going full Merkle tree.

On rollout - fully self-hosted right now, intentionally. The core promise is local-only: your data never leaves your machine. curl | bash, single binary, vigilo setup handles the rest. A managed offering for teams is the obvious next step if there's demand - but it's a fundamentally different product with different trust assumptions. I'd build it as a separate thing, not by compromising the local-first model.