pub fn import(
path: &Path,
storage: &Store,
verifier: &Verifier,
) -> Result<ArtifactId, BundleError>Expand description
Import a .treeship file into local storage.
Reads the export file, verifies every envelope’s signatures against the
provided verifier, re-derives content-addressed IDs, and stores everything
locally. Returns the bundle’s artifact ID.
P0 #5 (audit): import previously called record_from_envelope with no
signature check, which made imported bundles forged-record vectors. The
verifier argument carries the caller’s trust root — typically built from
the local keystore’s public keys. If verification fails for any envelope
the entire import is rejected; partial writes are avoided by verifying all
envelopes before writing any record.