pub fn endpoint_credential_trust(
cfg: &LayeredConfig,
endpoint: &str,
repo_chosen: bool,
) -> Result<(), String>Expand description
Per-endpoint credential trust check for the shared dispatch choke
point (crate::remote_dispatch::open_trusted) and named-remote
callers. repo_chosen is true when the endpoint was selected by
the repo-scoped config (the flat remote_endpoint or a
remote.<name>.url entry), false when it was supplied by the user
(user-scoped config or an explicit CLI argument). Trust is keyed on
the resolved ENDPOINT plus this provenance, never on a remote name.