It does not mean the card is already cryptographically signed. It means the trust routes, policy, keyset location and signed artifact routes are already fixed and public, so activation can happen without breaking contracts.
The scaffold, signing policy, keyset route, signed artifact route and detached JWS route are already published.
agent.signature_status already explains the current trust state without pretending the signature is active.
Actual public signing keys, the real signed artifact and the real detached JWS still need to be published.
The messy version of this rollout would be: first talk about signatures, then change URLs later, then update docs later, then force every integrator to adapt to new trust routes. We are doing the opposite.
First we lock the public contract. Then we activate the cryptography. That keeps trust stable and makes future verification much cleaner.