change(changelog): v1.2.3

Signed-off-by: nopeitsnothing <no@anonymousplanet.org>

.cz.toml

@@ -1,9 +0,0 @@
-[tool.commitizen]
-name = "cz_conventional_commits"
-version_scheme = "semver"
-tag_format = "v$version"
-update_changelog_on_bump = false
-major_version_zero = false
-
-[tool.commitizen.customize]
-schema_pattern = '^(feat|feature|add|fix|bugfix|revert|security|perf|refactor|change|chore|ci|docs|style|test|build)(\(.+\))?(!)?: .{1,72}(\n.*)*$'

.pre-commit-config.yaml

@@ -10,13 +10,14 @@ repos:
       - id: check-added-large-files
       - id: check-merge-conflict
       - id: check-symlinks
+      - id: detect-private-key
       - id: end-of-file-fixer
       - id: trailing-whitespace
       - id: mixed-line-ending
         args: [--fix=lf]
 
-  - repo: https://github.com/commitizen-tools/commitizen
+  - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v4.8.3
+    rev: v0.41.0
     hooks:
-      - id: commitizen
+      - id: markdownlint
-        stages: [commit-msg]
+      - id: markdownlint-fix

docs/changelog/index.md

@@ -20,30 +20,6 @@ Notable changes to the guide and its tooling. Follows [Keep a Changelog](https:/
 
 ---
 
-## [v2026.5.25]
-
-!!! Note "Meta"
-
-    - Released 2026-05-24 from [`3b55011`](https://github.com/Anon-Planet/thgtoa/commit/3b550119a8f70129096774b3303278b50fed1529)
-
-!!! Note "Added"
-
-    - Explain missing v1.2.2 tag
-
-!!! Note "Changed"
-
-    - Commitizen passes
-    - V1.2.3
-    - Auto-increment using [vX.X.X]
-    - Only use "vX.X.X" in version tags
-
-!!! Note "Fixed"
-
-    - We use the Anonymous Planet RSK for releases
-    - Sign using RSK instead
-    - Prevent history dump and filter noise commits
-    - Actually save per-page PDFs for qpdf, not PNGs
-
 ## [v1.2.3]
 
 CI/CD pipeline split into independent stages, dark PDF quality improved, release signing automated, and the changelog now updates itself on every build. Skipping v1.2.2 which was a placeholder and contained broken Python unsuitable for a tag/release.

docs/code/develop.md

@@ -49,7 +49,7 @@ You also need **Google Chrome** or **Microsoft Edge** installed for the light-mo
 
 ## Repository layout
 
-```bash
+```
 .github/
   workflows/
     build.yml        ← builds PDFs, uploads artifact
@@ -120,7 +120,7 @@ Opens at `http://127.0.0.1:8000`.
 
 The pipeline triggers automatically when you push to `main` — no manual steps are needed for normal contributions.
 
-```bash
+```
 push to main
     │
     ▼
@@ -294,7 +294,7 @@ b2sum     -c b2sums.txt
 
 A successful verify looks like:
 
-```bash
+```
 gpg: Signature made ...
 gpg: Good signature from "Anonymous Planet (Release) ..."
 ```

docs/guide/index.md

@@ -10043,17 +10043,28 @@ Again, regarding the PDFs of this guide and as explained in the README of my rep
 
 - Run "python pdfid.py file-to-check.pdf" and you should see these at 0 in the case of the PDF files in this repository:
 
-```text
+```
+
 /JS 0 #This indicates the presence of Javascript
+
 /JavaScript 0 #This indicates the presence of Javascript
+
 /AA 0 #This indicates the presence of automatic action on opening
+
 /OpenAction 0 #This indicates the presence of automatic action on opening
+
 /AcroForm 0 #This indicates the presence of AcroForm which could contain JavaScript
+
 /JBIG2Decode 0 #This indicates the use of JBIG2 compression which could be used for obfuscating content
+
 /RichMedia 0 #This indicates the presence of rich media within the PDF such as Flash
+
 /Launch 0 #This counts the launch actions
+
 /EmbeddedFile 0 #This indicates there are embedded files within the PDF
+
 /XFA 0 #This indicates the presence of XML Forms within the PDF
+
 ```
 
 Now, what if you think the PDF is still suspicious? Fear not ... there are more things you can do to ensure it is not malicious:

docs/verify/index.md

@@ -36,14 +36,12 @@ python scripts/verify_pdf.py --vt
 #### 1. Verify SHA256 Hash
 
 **Linux/macOS:**
-
 ```bash
 cd /path/to/repo
 sha256sum -c sha256sum-light.txt
 ```
 
 **Windows (PowerShell):**
-
 ```powershell
 Get-FileHash -Algorithm SHA256 export\thgtoa.pdf | Select-Object Hash
 # Compare with the hash in thgtoa.pdf.sha256
@@ -52,21 +50,18 @@ Get-FileHash -Algorithm SHA256 export\thgtoa.pdf | Select-Object Hash
 #### 2. Verify GPG Signature
 
 First, import the public key:
-
 ```bash
 gpg --import pgp/anonymousplanet-master.asc
 ```
 
 Then verify the signature:
-
 ```bash
 gpg --verify export/thgtoa.pdf.sig export/thgtoa.pdf
 gpg --verify export/thgtoa-dark.pdf.sig export/thgtoa-dark.pdf
 ```
 
 Expected output for successful verification:
-
+```
-```text
 gpg: Signature made Mon 20 Apr 2026 01:46:40 AM EDT
 gpg:                using EDDSA key 9FA5436D0EE360985157382517ECA05F768DEDF6
 gpg: Good signature from "Anonymous Planet Master Signing Key" [unknown]
@@ -82,7 +77,6 @@ Visit the VirusTotal report links (automatically generated in release notes):
 - Dark mode: `https://www.virustotal.com/gui/file/[hash]`
 
 Or use the Python script with API key:
-
 ```bash
 export VT_API_KEY=your_vt_api_key
 python scripts/verify_pdf.py --vt
@@ -109,18 +103,15 @@ The GitHub Actions workflows automatically:
 ## Troubleshooting
 
 ### "Good signature" but wrong owner?
-
 - Ensure you imported the correct public key
 - Check the key fingerprint matches the official one from the repository
 
 ### Hash mismatch?
-
 - Re-download the file (corruption during transfer)
 - Verify you're checking against the correct hash file
 - Check for disk errors on your system
 
 ### GPG not found?
-
 - Install GPG: `sudo apt install gnupg` (Debian/Ubuntu) or `brew install gnupg` (macOS)
 - On Windows, use [Gpg4win](https://www.gpg4win.org/)
 
@@ -132,4 +123,4 @@ The GitHub Actions workflows automatically:
 
 ---
 
-_For questions or issues with verification, please open an issue on GitHub._
+*For questions or issues with verification, please open an issue on GitHub.*