Supply-Chain Safety: Lockfile and Integrity Enforcement

Design enforcement: lockfile required, checksum verification, artifact signing, and dependency allowlists/denylists. Include alerting on suspicious updates.

Author: Assistant

Model: gpt-5.2