Adds an SSH Allowed Signers editor#5494
Conversation
2916c29 to
4e1e115
Compare
There was a problem hiding this comment.
Pull request overview
Adds a new “SSH Allowed Signers” editor webview to help users generate/merge an allowed_signers file (and optionally set gpg.ssh.allowedSignersFile) so SSH-signed commits can become “Signed & Verified / Trusted” in GitLens. The change spans webview UI + IPC, host-side signer discovery (from local SSHSIG blobs + provider APIs), and new git-cli parsing utilities/tests to extract SSH public keys from commit objects.
Changes:
- Adds a new
allowedSignerswebview panel + Lit app UI, including an “Add to allowed signers…” action surfaced from SSH signature details. - Implements signer discovery/merging: parse SSHSIG public keys from local commits, merge idempotently into
allowed_signers, and optionally set git config. - Extends GitHub/GitLab integrations/APIs to fetch users’ SSH signing keys for provenance cross-checking.
Reviewed changes
Copilot reviewed 39 out of 39 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| webpack.config.mjs | Adds the allowedSigners webview bundle entry. |
| src/webviews/apps/shared/components/commit/signature-details.ts | Adds a command-URI link to open the editor for unverified SSH signatures. |
| src/webviews/apps/shared/components/commit/commit-author.ts | Forwards repoPath into signature details for scoping the editor to a repo. |
| src/webviews/apps/commitDetails/components/gl-details-commit-panel.ts | Supplies repoPath to the commit author block in commit details. |
| src/webviews/apps/allowedSigners/stateProvider.ts | Adds state provider for allowed signers webview notifications → state updates. |
| src/webviews/apps/allowedSigners/context.ts | Adds Lit context for allowed signers state. |
| src/webviews/apps/allowedSigners/components/signer-row.ts | Introduces signer list row UI (checkbox + provenance + fingerprint). |
| src/webviews/apps/allowedSigners/allowedSigners.ts | Implements the main Allowed Signers Lit app (loading, selection, save/config UI). |
| src/webviews/apps/allowedSigners/allowedSigners.scss | Base styling/bootstrap for the allowed signers webview app. |
| src/webviews/apps/allowedSigners/allowedSigners.html | New webview HTML shell for Allowed Signers panel. |
| src/webviews/apps/allowedSigners/allowedSigners.css.ts | Lit CSS styles for the Allowed Signers app. |
| src/webviews/allowedSigners/registration.ts | Registers the new webview panel + lazy-loaded provider chunk. |
| src/webviews/allowedSigners/protocol.ts | Defines IPC scope, state, requests, and notifications for allowed signers. |
| src/webviews/allowedSigners/allowedSignersWebview.ts | Host-side implementation: discovery (commits + provider), merge/write, progress streaming. |
| src/git/utils/allowedSignersFile.ts | Adds parse/merge utilities for allowed_signers content with injection guards. |
| src/git/utils/tests/allowedSignersFile.test.ts | Unit tests for public key parsing + merge/idempotency + injection cases. |
| src/env/node/platform.ts | Adds getHomeDir() for node host. |
| src/env/browser/platform.ts | Adds getHomeDir() stub for web host. |
| src/container.ts | Registers the Allowed Signers webview panel in the extension container. |
| src/constants.views.ts | Adds allowedSigners to WebviewPanelTypes. |
| src/constants.commands.generated.ts | Adds gitlens.git.editAllowedSigners command type. |
| packages/plus/integrations/src/providers/gitlab/models.ts | Adds GitLab SSH key model for /users/:id/keys responses. |
| packages/plus/integrations/src/providers/gitlab/gitlab.ts | Adds GitLab API call to fetch user signing-capable SSH keys. |
| packages/plus/integrations/src/providers/gitlab.ts | Implements SSH signing-key lookup by email with bounded concurrency. |
| packages/plus/integrations/src/providers/github.ts | Implements SSH signing-key lookup by email (email→login + per-login key fetch). |
| packages/plus/integrations/src/models/integration.ts | Adds getSshSigningKeysForEmails to the sync usecase union. |
| packages/plus/integrations/src/models/gitHostIntegration.ts | Adds cross-provider integration method for SSH signing keys (default no-op). |
| packages/plus/git-github/src/models.ts | Adds REST response typing for GitHub SSH signing keys. |
| packages/plus/git-github/src/api/github.ts | Adds GitHub GraphQL email→login resolution + REST SSH signing keys endpoints. |
| packages/git/src/utils/sshKey.utils.ts | Adds strict allowlist validation for SSH key types/data and principal token. |
| packages/git/src/providers/commits.ts | Extends commits provider interface with getCommitsSshSigners. |
| packages/git/src/models/signature.ts | Adds SshPublicKey + SshSignedCommit types. |
| packages/git-cli/src/providers/commits.ts | Implements batched cat-file --batch parsing to extract SSH signer key + committer. |
| packages/git-cli/src/providers/tests/commits.sshSigners.test.ts | Tests for cat-file --batch parsing and boundary handling scenarios. |
| packages/git-cli/src/parsers/sshSignatureParser.ts | Adds SSHSIG + committer parsing from raw commit objects with validation. |
| packages/git-cli/src/parsers/tests/sshSignatureParser.test.ts | Tests for SSHSIG extraction, committer extraction, and malicious inputs. |
| package.json | Adds the new command contribution (generated output). |
| contributions.json | Adds the new command contribution source entry. |
| CHANGELOG.md | Documents the new SSH Allowed Signers editor feature. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
4e1e115 to
8b81237
Compare
|
augment review |
🤖 Augment PR SummarySummary: This PR adds an SSH Allowed Signers editor to help GitLens reach “Signed & Verified / Trusted” for SSH-signed commits by generating/maintaining an SSH Key changes:
Technical notes: Discovery scans recent commits via a single 🤖 Was this summary useful? React with 👍 or 👎 |
8b81237 to
dcd1884
Compare
Adds an 'Add to allowed signers…' action in the commit signature details (Inspect view / commit hover), shown only for an SSH signature that isn't verified yet (not already trusted, not tampered) — exactly where a user notices a commit won't verify. It opens the editor scoped to that commit's repository via a command link. The repo path is threaded from the commit-details panel through gl-commit-author to gl-signature-details; other consumers of the shared component (e.g. the Graph's multi-commit panel) don't pass a repo path, so the action doesn't appear there.
dcd1884 to
5695467
Compare
Description
Closes #5469.
SSH-signed commits can never reach the "Signed & Verified / Trusted" state in GitLens because Git can only validate an SSH signature when
gpg.ssh.allowedSignersFilelists the signer's email and full public key — andgit logonly exposes fingerprints. This PR adds an Edit SSH Allowed Signers editor that builds/maintains that file for you.What it does
git cat-file --batch.gpg.ssh.allowedSignersFileat it (globally or per-repo).Entry points
Verification
allowed_signersmerge logic.preselectAllvia the signature-action link; toggle; Save → file write + idempotent 2-entry merge with no clobber; signature-action render + hover-underline).