Skip to main content

Module commit_trust

Module commit_trust 

Source
Expand description

KEL-native commit-trust resolution (successor to the allowed_signers allowlist). KEL-native commit-trust resolution — the single path that decides whether a git commit is authorized by a pinned trusted root.

Read the in-band Auths-Id / Auths-Device trailers, replay the device + root KELs from the registry, and check the signature against the pinned .auths/roots set. This is the successor to the .auths/allowed_signers SSH allowlist: trust is rooted in the replayed KEL, never an out-of-band list of keys. The verdict logic itself lives in auths_verifier::verify_commit_against_kel; this workflow owns the orchestration (trailer parse → KEL resolution → verdict).

Enums§

CommitTrustError
Failure resolving commit trust before a verdict can be reached.
PolicyOutcome
The org-policy outcome layered on a cryptographically-valid commit verdict.

Functions§

commit_signer_trailers
Extract (root_did, device_did) from a commit’s Auths-Id / Auths-Device trailers. Returns None when either trailer is absent (a commit not signed by auths).
evaluate_commit_policy
Evaluate the commit signer against the root’s org policy (if any).
local_self_root
The verifier’s own root identity DID, implicitly trusted for its own verifications.
trusted_root_from_bundle
The trusted root did:keri: a CI/stateless identity bundle pins.