verify_pr_range
Verify signed and unsigned commits across a pull request commit range, supporting both hosted and offline verification modes.
Instructions
Scroll Gate: verify signed/unsigned commits across a PR commit range.
Hosted mode (default): calls ssx360.com with SSX360_API_KEY.
Set source=local|notes|bundle to verify offline without an API key.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| base | No | Range start Git ref (exclusive), typically origin/main. | origin/main |
| head | No | Range end Git ref (inclusive), e.g. HEAD or a PR head SHA. | HEAD |
| source | No | Envelope transport: hosted Scroll Gate (default, requires SSX360_API_KEY), local files, git notes, or bundle dir for offline verification. | hosted |
| notes_ref | No | Git notes ref when source=notes, default refs/notes/matrixscroll. | refs/notes/matrixscroll |
| workspace | No | Git repository root. Empty auto-detects from the working directory. | |
| bundle_dir | No | Directory containing exported envelope bundles when source=bundle. | |
| require_mode | No | Optional policy require_mode filter applied to every commit in the range. | |
| deny_actor_types | No | Optional deny-list of provenance.actor_type values. | |
| trusted_keys_file | No | Optional JSON file of trusted public keys for the range check. | |
| require_actor_types | No | Optional allow-list of provenance.actor_type values. |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||