{
  "version": 1,
  "updated": "2026-06-01",
  "description": "Ed25519 public key manifest for KimonRecruit audit Merkle root verification. APPEND-ONLY — retired entries kept for historical checkpoint verification per Phase 08.1 D-03. See /.planning/compliance/runbooks/well-known-endpoints.md for rotation procedure.",
  "keys": [
    {
      "id": "kr-audit-2026",
      "algorithm": "ed25519",
      "publicKey": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=",
      "validFrom": "2026-05-06",
      "validUntil": "2026-05-28",
      "retired": true,
      "rotationPolicy": "annual",
      "usage": "Phase 1 development placeholder — never used to sign a production Merkle checkpoint.",
      "note": "Retired without production deploy per Phase 08.1 SC#2 (D-03). publicKey is the zero key as a syntactically-valid base64 placeholder; the entry is kept to preserve APPEND-ONLY semantics for any future verifier that walks the manifest history."
    },
    {
      "id": "kr-audit-2026-prod",
      "algorithm": "ed25519",
      "publicKey": "Y87oGByM94/mw0eKQVlJ+N5vYgp+va8yDQ6icFBBbUI=",
      "validFrom": "2026-05-28",
      "validUntil": "2026-06-01",
      "retired": true,
      "rotationPolicy": "annual",
      "usage": "Retired 2026-06-01 without ever signing a production Merkle checkpoint or any audit artifact.",
      "note": "The private seed for this key was generated VPS-side during the 2026-05-28 rotation ceremony and deleted immediately after the public key was derived; the GitHub Actions secret AUDIT_SIGNING_PRIVATE_KEY_BASE64 was set to a placeholder and the seed was never persisted to the file the signer reads (jobs.env). It therefore never signed anything (0 merkle_checkpoints, 0 audit artifacts on prod as of retirement). Kept in the manifest per APPEND-ONLY (D-03). Superseded by kr-audit-2026-v1, the seed actually held by the production signer."
    },
    {
      "id": "kr-audit-2026-v1",
      "algorithm": "ed25519",
      "publicKey": "jQ+0O3zsIIamqmUEBcCwM8gtqHrggFBtGOIP7eE9JKs=",
      "validFrom": "2026-06-01",
      "validUntil": "2027-06-01",
      "rotationPolicy": "annual; old keys retained in this manifest for historical Merkle checkpoint verification per D-03",
      "usage": "Active production audit-signing key. Verifies Ed25519 signatures on: daily Merkle root checkpoint files uploaded to the audit anchor (AUDIT_ANCHOR_PROVIDER); and the adversarial-CV / replay evidence cassettes recorded for GATE-01/02 (Phase 11). This is the seed held by the production signer (kr-jobs, /etc/kr/jobs.env). Blessed as canonical on 2026-06-01 after kr-audit-2026-prod was found unrecoverable; see .planning/debug/resolved/scoring-gateway-seam.md."
    }
  ]
}
