The integrity.Typed.Range() method has a critical issue when querying objects by name: it only searches for keys under the value key prefix (/{prefix}/{name}/), completely missing the associated hash and signature keys that are stored in separate directory structures:

• Value keys: /{prefix}/{name}
• Hash keys: /{prefix}/hash/{algorithm}/{name}
• Signature keys: /{prefix}/sig/{algorithm}/{name}

When Range() is called with a specific object name (e.g., Range(ctx, "my-object")), it constructs the prefix /prefix/my-object/ and performs a Get operation with this prefix. This only retrieves the value key (/prefix/my-object), but not the corresponding hash (/prefix/hash/sha256/my-object) or signature (/prefix/sig/rsa/my-object) keys.

That means:

• Validation fails with "hash not verified (missing)" and "signature not verified (missing)" errors
• Objects with integrity protection cannot be retrieved via Range() when specified by name
• The method only works correctly when called with an empty name (Range(ctx, "")), which searches the entire /prefix/ directory

Solution is Range queries should do multiple gets, for example ["/{prefix}/{name}", "/{prefix}/hash/*/{name}", "/{prefix}/sig/*/{name}"], where * means fetch all given names of hashes/sigs if name is not empty.