Expand description
KEL-native commit-trust resolution (successor to the allowed_signers allowlist).
KEL-native commit-trust resolution — the single path that decides whether a
git commit is authorized by a pinned trusted root.
Read the in-band Auths-Id / Auths-Device trailers, replay the device + root
KELs from the registry, and check the signature against the pinned .auths/roots
set. This is the successor to the .auths/allowed_signers SSH allowlist: trust is
rooted in the replayed KEL, never an out-of-band list of keys. The verdict logic
itself lives in auths_verifier::verify_commit_against_kel; this workflow owns the
orchestration (trailer parse → KEL resolution → verdict).
Enums§
- Commit
Trust Error - Failure resolving commit trust before a verdict can be reached.
- Policy
Outcome - The org-policy outcome layered on a cryptographically-valid commit verdict.
Functions§
- commit_
signer_ trailers - Extract
(root_did, device_did)from a commit’sAuths-Id/Auths-Devicetrailers. ReturnsNonewhen either trailer is absent (a commit not signed byauths). - evaluate_
commit_ policy - Evaluate the commit signer against the root’s org policy (if any).
- local_
self_ root - The verifier’s own root identity DID, implicitly trusted for its own verifications.
- trusted_
root_ from_ bundle - The trusted root
did:keri:a CI/stateless identity bundle pins.