- F12: Device Authentication section now names the relicario-server crate
and its two subcommands (generate-hook, verify-commit), and notes that
signed commits without the server-side hook provide authorship only —
any pusher can still land an unsigned commit.
- F11: drop the "optional before v0.4.0" version line (v0.4.0 was never
tagged; v0.5.0 is the first release with the hook) and replace with a
one-liner: registration is optional but recommended for shared vaults.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Clarifies what AEAD protects (tampering) vs. what it doesn't (deletion,
rollback). Documents that git history is the audit trail and device
authentication is the mitigation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
