Signing

Sign commits and artifacts.

CommitSigningResult dataclass

CommitSigningResult(signature_pem: str, method: str, namespace: str)

Result of signing git commit/tag data.

The .signature_pem is a valid SSHSIG PEM block that can be used with git verify-commit or written to a signature file.

signature_pem instance-attribute

signature_pem: str

SSHSIG PEM block suitable for git verify-commit.

method instance-attribute

method: str

Signing method used (e.g. "ssh-ed25519").

namespace instance-attribute

namespace: str

SSH namespace for the signature (e.g. "git").

ArtifactSigningResult dataclass

ArtifactSigningResult(attestation_json: str, rid: str, digest: str, file_size: int)

Result of signing a file or byte artifact.

The .attestation_json can be shipped alongside the artifact for downstream verification. The .digest and .rid identify the artifact.

attestation_json instance-attribute

attestation_json: str

JSON-serialized attestation for the signed artifact.

rid instance-attribute

rid: str

Resource identifier for this attestation.

digest instance-attribute

digest: str

SHA-256 hex digest of the artifact content.

file_size instance-attribute

file_size: int

Size of the artifact in bytes.

ArtifactPublishResult dataclass

ArtifactPublishResult(attestation_rid: str, package_name: str | None, signer_did: str)

Result of publishing an artifact attestation to a registry.

The .attestation_rid is the stable registry identifier for the stored attestation. Use it to reference the attestation in future queries.

attestation_rid instance-attribute

attestation_rid: str

Registry identifier for the stored attestation.

package_name instance-attribute

package_name: str | None

Package name in the registry, or None if not specified.

signer_did instance-attribute

signer_did: str

DID of the identity that signed the artifact.