Epic B (plan fn-145, #200) drops allowed_signers entirely and verifies commit SSH signatures in-process against the KEL-replayed key (no ssh-keygen subprocess, no allowlist file). This makes the verifier embeddable (FFI/WASM) and fully log-native.
Consequence (accepted): native git log --show-signature / ssh-keygen -Y verify can no longer verify auths-signed commits locally without the auths binary, because they require a local gpg.ssh.allowedSignersFile.
If users want that native interop back, add an opt-in command (e.g. auths trust export-allowed-signers) that regenerates an allowed_signers file from the KEL (current keys of non-revoked delegated devices) purely as a convenience cache — never as the trust root. Roadmap: docs/architecture/keri-only-roadmap.md (Epic B). Epic: #200.
Epic B (plan
fn-145, #200) dropsallowed_signersentirely and verifies commit SSH signatures in-process against the KEL-replayed key (nossh-keygensubprocess, no allowlist file). This makes the verifier embeddable (FFI/WASM) and fully log-native.Consequence (accepted): native
git log --show-signature/ssh-keygen -Y verifycan no longer verify auths-signed commits locally without theauthsbinary, because they require a localgpg.ssh.allowedSignersFile.If users want that native interop back, add an opt-in command (e.g.
auths trust export-allowed-signers) that regenerates anallowed_signersfile from the KEL (current keys of non-revoked delegated devices) purely as a convenience cache — never as the trust root. Roadmap:docs/architecture/keri-only-roadmap.md(Epic B). Epic: #200.