auths verify should accept a GitHub URL as a target #154
Description
Problem
auths verify --repo https://github.com/auths-dev/auths doesn't do what a user expects. The --repo flag is a storage path override (default: ~/.auths), not a verification target. There's no way to verify a remote repo from the CLI without cloning it first.
A developer reading about Auths wants to run one command to check if a repo's commits and releases are signed — without cloning it.
Expected behavior
auths verify https://github.com/auths-dev/auths
# ✓ Commit a3f9c21 signed by did:keri:E8jsh...
# ✓ Release v1.2.0: 3 artifact attestations verifiedThe CLI would:
- Detect the input is a URL (not a local path or commit ref)
- Use the GitHub API to fetch the latest commit signature and release attestations
- Verify signatures locally (same WASM/native verifier)
- Print results
Context
The website already does this — hero.tsx fetches release attestations via /api/github/release-assets and commit signatures via the GitHub API, then verifies in WASM. The CLI should have the same capability.
Suggested approach
Add URL detection to the auths verify command's argument parser. If the input matches github.com/owner/repo or https://github.com/..., dispatch to a remote verification flow that uses the GitHub REST API instead of local git.
This could reuse the forge detection from auths_sdk::domains::ci::forge::Forge::from_url().