colangelo · colangelo · Feb 23, 2026 · Feb 23, 2026 · Feb 23, 2026 · Feb 23, 2026
@@ -52,6 +52,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: write
+      id-token: write
     steps:
       - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
         with:
@@ -66,6 +67,16 @@ jobs:
       - name: Generate checksums
         run: sha256sum hp-* > checksums.txt && cat checksums.txt
 
+      - name: Install cosign
+        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3
+
+      - name: Sign binaries with cosign
+        run: |
+          for file in hp-*; do
+            cosign sign-blob --yes --output-signature "${file}.sig" --output-certificate "${file}.pem" "${file}"
+          done
+          cosign sign-blob --yes --output-signature checksums.txt.sig --output-certificate checksums.txt.pem checksums.txt
+
       - name: Create/update beta release
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -79,7 +90,7 @@ jobs:
             --prerelease \
             --title "Beta (dev branch)" \
             --notes "Rolling beta build from \`${{ inputs.ref || 'dev' }}\` branch."$'\n\n'"Install: \`brew install colangelo/tap/hp-beta\`"$'\n'"Upgrade: \`brew update && brew upgrade hp-beta\`" \
-            hp-* checksums.txt
+            hp-* checksums.txt checksums.txt.sig checksums.txt.pem
 
   update-homebrew:
     name: Update Homebrew Formula

@@ -2,6 +2,16 @@
 
 All notable changes to hp (hittyping) will be documented in this file.
 
+## [0.8.3] - 2026-02-23
+
+### Fixed
+
+- Proxy support: HTTP transport now respects `HTTPS_PROXY`/`HTTP_PROXY`/`ALL_PROXY` environment variables (SOCKS5, HTTP proxies)
+
+### Security
+
+- Beta releases are now cosign-signed (fixes OpenSSF Scorecard Signed-Releases warning)
+
 ## [0.8.2] - 2026-02-22
 
 ### Fixed

@@ -51,6 +51,7 @@ hp -3 -d example.com                  # HTTP/3 with auto-downgrade on failures
 hp -3 -D example.com                  # Auto-downgrade including plain HTTP
 hp -b cloudflare.com                  # Braille mode (2x density)
 hp -g 100 -y 200 8.8.8.8              # Custom thresholds (or --green, --yellow)
+HTTPS_PROXY=socks5://host:port hp cloudflare.com  # Via SOCKS5 proxy
 ```
 
 ## Flags

@@ -98,6 +98,8 @@ hp -3 -d example.com            # HTTP/3 with auto-downgrade on failures
 hp -3 -D example.com            # Auto-downgrade including plain HTTP
 hp -b cloudflare.com            # Braille mode (2x density)
 hp -g 50 -y 100 cloudflare.com  # Custom thresholds (ms)
+HTTPS_PROXY=socks5://host:1080 hp site  # Via SOCKS5 proxy
+HTTP_PROXY=http://proxy:8080 hp -1 site # Via HTTP proxy
 ```
 
 ## Flags

@@ -74,6 +74,11 @@ If hp evolves toward interactive features, consider migrating to [Bubble Tea](ht
 
 ## Completed
 
+### v0.8.3 - Proxy Support & Signed Betas
+
+- [x] Proxy support via `HTTPS_PROXY`/`HTTP_PROXY` env vars (SOCKS5, HTTP)
+- [x] Cosign-signed beta releases (OpenSSF Scorecard compliance)
+
 ### v0.8.2 - Cursor Fix & Beta Channel
 
 - [x] Fix cursor positioning: replace saveCur/restCur with relative movement (immune to scroll)

@@ -22,7 +22,7 @@ import (
 // cleanly pause rendering before the process is actually stopped.
 var displayMu sync.Mutex
 
-const version = "0.8.2"
+const version = "0.8.3"
 
 const (
 	// ANSI colors
@@ -412,6 +412,7 @@ func createClient(protoLevel int, timeout time.Duration, insecure bool) *http.Cl
 	}
 
 	transport := &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
 		TLSClientConfig: &tls.Config{
 			InsecureSkipVerify: insecure,
 		},