Graphorin API reference v0.7.0
Graphorin API reference / @graphorin/security / / VerifySkillSignatureOptions
Interface: VerifySkillSignatureOptions
Defined in: packages/security/src/supply-chain/signature.ts:73
Options accepted by verifySkillSignature.
Stable
Properties
| Property | Modifier | Type | Description | Defined in |
|---|---|---|---|---|
publicKeyFetcher? | readonly | PublicKeyFetcher | Optional pre-installed strategy registry override. | packages/security/src/supply-chain/signature.ts:94 |
publicKeySource? | readonly | { publicKeyPem: string; publisher?: string; } | When supplied, overrides the publicKeyRef block discovered in the frontmatter. Useful for offline verification with a pinned publisher key. | packages/security/src/supply-chain/signature.ts:81 |
publicKeySource.publicKeyPem | readonly | string | - | packages/security/src/supply-chain/signature.ts:81 |
publicKeySource.publisher? | readonly | string | - | packages/security/src/supply-chain/signature.ts:81 |
signal? | readonly | AbortSignal | Cancellation. | packages/security/src/supply-chain/signature.ts:92 |
sigstoreVerifier? | readonly | SigstoreVerifier | - | packages/security/src/supply-chain/signature.ts:95 |
skillMd | readonly | string | Raw SKILL.md content (UTF-8 string). | packages/security/src/supply-chain/signature.ts:75 |
trustRoot? | readonly | SkillTrustRoot | Operator trust root (D4 / security-01). When supplied, the RESOLVED signing key must match the trust root or verification fails valid: false with reason: 'untrusted-key' - a self-signed skill whose inline key is not in the root can no longer verify green. The root is checked AFTER the ed25519 signature itself is valid, so the result distinguishes a bad signature from an untrusted signer. | packages/security/src/supply-chain/signature.ts:90 |