Problem

Currently, model-transparency signs model artifacts (weights/files) but does not cryptographically bind the model's metadata (e.g., license, authorship, intended use) to the signature. This allows documentation to be altered without invalidating the model's signature.

Proposed Solution

Add a --readme flag to the CLI that parses Hugging Face-style YAML front matter from a Model Card (README.md). This metadata should be validated and injected into the in-toto predicate during the signing process.

This ensures that the model's context and metadata are verified alongside the artifacts themselves.