pub async fn verify_commit_signature(
commit_content: &[u8],
allowed_keys: &[DevicePublicKey],
provider: &dyn CryptoProvider,
_repo_path: Option<&Path>,
) -> Result<VerifiedCommit, CommitVerificationError>Expand description
Verify an SSH-signed git commit against a list of allowed keys.
Supports both Ed25519 and ECDSA P-256 signatures. The key type is auto-detected from the SSHSIG envelope.
Args:
commit_content: Raw output ofgit cat-file commit <sha>.allowed_keys: Public keys authorized to sign (Ed25519 or P-256).provider: Crypto backend for Ed25519 verification.repo_path: Optional path to the git repository.
Usage:
ⓘ
let verified = verify_commit_signature(content, &keys, &provider, Some(Path::new("/repo"))).await?;