Add CI workflow, CHANGELOG, and expanded README

- GitHub Actions CI: test on Python 3.9/3.11/3.12/3.13, auto-publish on tag
- CHANGELOG for v1.0.0
- README: badges, comparison table vs OMS, full identity card schema

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: QuantQJ

.github/workflows/ci.yml

@@ -0,0 +1,51 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.9", "3.11", "3.12", "3.13"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: pip install -e ".[dev]"
+
+      - name: Run tests
+        run: pytest tests/ -v --tb=short
+
+  publish:
+    needs: test
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/v')
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install build tools
+        run: pip install build
+
+      - name: Build package
+        run: python -m build
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

CHANGELOG.md

@@ -0,0 +1,18 @@
+# Changelog
+
+## v1.0.0 (2026-03-25)
+
+Initial release.
+
+### Features
+
+- **Ed25519 model signing** with domain-prefixed messages (`modelsign-v1:`)
+- **Model Identity Card** — structured, signed metadata (architecture, base model, training, eval metrics, provenance)
+- **RFC 8785 canonical JSON** for deterministic, cross-platform signature verification
+- **Streaming SHA-256** for large model files (1MB chunks, no full-file memory load)
+- **Directory support** — sign multi-file models with recursive manifests
+- **TOFU keyring** — trust-on-first-use with persistent trusted key store
+- **CLI commands**: `sign`, `verify`, `inspect`, `keygen`, `keyring`, `version`
+- **Python SDK** — all modules independently importable
+- **Response signing middleware** (optional) for API endpoint authenticity
+- **Version migration policy** — forward-compatible .sig format with semver checks

README.md

@@ -1,8 +1,12 @@
 # modelsign
 
+[![CI](https://github.com/QuantQJ/modelsign/actions/workflows/ci.yml/badge.svg)](https://github.com/QuantQJ/modelsign/actions/workflows/ci.yml)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Python 3.9+](https://img.shields.io/badge/python-3.9+-blue.svg)](https://www.python.org/downloads/)
+
 Sign AI models with identity. Verify anywhere.
 
-`modelsign` cryptographically binds model files to a signed identity card — who made this model, what it's based on, what it claims to be. Ed25519 signatures, zero ML dependencies, works with any model format.
+`modelsign` cryptographically binds model files to a signed identity card -- who made this model, what it's based on, what it claims to be. Ed25519 signatures, zero ML dependencies, works with any model format.
 
 ## Install
 
@@ -79,6 +83,37 @@ from modelsign import (
 - Model safety, fairness, or legal compliance
 - Cryptographic timestamping (timestamps are metadata, not proofs)
 
+## How It Compares
+
+| | modelsign | OpenSSF Model Signing (OMS) |
+|---|---|---|
+| **Focus** | Simple signing + rich identity | Supply-chain integrity via Sigstore |
+| **Identity card** | Embedded (architecture, training, eval metrics) | Minimal (being expanded) |
+| **Setup** | `pip install modelsign` | Sigstore toolchain + transparency log |
+| **Signing** | Offline, Ed25519, one command | Keyless via OIDC + Rekor transparency |
+| **Best for** | Individual fine-tunes, HF uploads, quick sharing | Enterprise supply-chain, NGC publishing |
+| **Network required** | No | Yes (Sigstore/Rekor) |
+
+modelsign and OMS are **complementary**. Use modelsign for fast, offline, identity-rich signing. Use OMS when you need transparency logs and keyless verification at enterprise scale.
+
+## Identity Card Schema
+
+| Field | Required | Description |
+|---|---|---|
+| `name` | Yes | Model name |
+| `architecture` | No | Model class (e.g., `LlamaForCausalLM`) |
+| `base_model` | No | Parent model name/path |
+| `parent_signature` | No | Hash of parent's `.sig` (provenance chain) |
+| `version` | No | Semantic version |
+| `creator` | No | Person or organization |
+| `license` | No | SPDX identifier or name |
+| `intended_use` | No | What the model is for |
+| `restrictions` | No | What it should NOT be used for |
+| `training` | No | `{dataset, dataset_hash, epochs, hardware}` |
+| `quantization` | No | Method (e.g., `GPTQ-4bit`) |
+| `eval_metrics` | No | Benchmark results (`{mmlu: 0.68}`) |
+| `extra` | No | Any additional metadata |
+
 ## License
 
 MIT — QJ / ConstantOne (CIP1 LLC)