diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 063bf30..1f72fa1 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -77,12 +77,16 @@ jobs:
           COSIGN_EXPERIMENTAL: "1"
         run: |
           # cosign v3 deprecated --output-signature / --output-certificate in
-          # favour of a single --bundle file containing both the signature and
-          # the Sigstore certificate. The v1.1.4 release run failed on the
-          # legacy flags ("create bundle file: open : no such file or directory").
+          # favour of a single --bundle file. The bundles MUST live outside
+          # dist/ — pypa/gh-action-pypi-publish runs metadata verification on
+          # every file in dist/ and rejects unknown extensions (the v1.1.4
+          # first re-run failed with "InvalidDistribution: Unknown
+          # distribution format: pyaigis-1.1.4-py3-none-any.whl.cosign.bundle").
+          mkdir -p dist-signatures
           for artifact in dist/*; do
+            base=$(basename "${artifact}")
             cosign sign-blob --yes \
-              --bundle "${artifact}.cosign.bundle" \
+              --bundle "dist-signatures/${base}.cosign.bundle" \
               "${artifact}"
           done
 
@@ -92,6 +96,12 @@ jobs:
           name: python-package-distributions
           path: dist/
 
+      - name: Upload signatures
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+        with:
+          name: python-package-signatures
+          path: dist-signatures/
+
   # ── 2. Publish to PyPI ────────────────────────────────────────────────────
   publish-pypi:
     name: Publish → PyPI
@@ -180,13 +190,19 @@ jobs:
         uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: python-package-distributions
-          path: dist/
+          path: release-files/
+
+      - name: Download signatures
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        with:
+          name: python-package-signatures
+          path: release-files/
 
       - name: Create GitHub Release
         uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
         with:
           name: "aigis ${{ github.ref_name }}"
           body: ${{ steps.changelog.outputs.body }}
-          files: dist/*
+          files: release-files/*
           make_latest: true
           generate_release_notes: true   # appends GitHub auto-notes after our body