@attest-it/core 0.8.0 → 0.9.0

package/dist/core-alpha.d.ts

@@ -395,16 +395,19 @@ declare const configSchema: z.ZodObject<{
         github: z.ZodOptional<z.ZodString>;
         name: z.ZodString;
         publicKey: z.ZodString;
+        publicKeyAlgorithm: z.ZodOptional<z.ZodEnum<["ed25519"]>>;
     }, "strict", z.ZodTypeAny, {
         email?: string | undefined;
         github?: string | undefined;
         name: string;
         publicKey: string;
+        publicKeyAlgorithm?: "ed25519" | undefined;
     }, {
         email?: string | undefined;
         github?: string | undefined;
         name: string;
         publicKey: string;
+        publicKeyAlgorithm?: "ed25519" | undefined;
     }>>>;
     version: z.ZodLiteral<1>;
 }, "strict", z.ZodTypeAny, {
@@ -452,6 +455,7 @@ declare const configSchema: z.ZodObject<{
         github?: string | undefined;
         name: string;
         publicKey: string;
+        publicKeyAlgorithm?: "ed25519" | undefined;
     }> | undefined;
     version: 1;
 }, {
@@ -525,6 +529,7 @@ declare const configSchema: z.ZodObject<{
         github?: string | undefined;
         name: string;
         publicKey: string;
+        publicKeyAlgorithm?: "ed25519" | undefined;
     }> | undefined;
     version: 1;
 }>;
@@ -885,9 +890,8 @@ export declare function getPreferencesPath(): string;
 /**
  * Get the project public keys directory.
  *
- * This returns .attest-it/public-keys relative to the given project root.
- * The project public keys directory is used for CI/GitHub Actions to
- * verify attestation seals.
+ * @deprecated Public keys are now stored inline in the team section of config.yaml.
+ * This function is kept for backward compatibility but should not be used in new code.
  *
  * @param projectRoot - The project root directory (defaults to cwd)
  * @returns Path to the project public keys directory
@@ -908,6 +912,9 @@ export declare function getPublicKeyFromPrivate(privateKeyPem: string): string;
 /**
  * Check if a project has attest-it configuration.
  *
+ * @deprecated This function is kept for backward compatibility but is no longer used
+ * by the core library. Public keys are now stored inline in config.yaml.
+ *
  * @param projectRoot - The project root directory (defaults to cwd)
  * @returns True if the project has .attest-it/config.yaml or similar
  * @public
@@ -1738,16 +1745,19 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
                     github: z.ZodOptional<z.ZodString>;
                     name: z.ZodString;
                     publicKey: z.ZodString;
+                    publicKeyAlgorithm: z.ZodOptional<z.ZodLiteral<"ed25519">>;
                 }, "strict", z.ZodTypeAny, {
                     email?: string | undefined;
                     github?: string | undefined;
                     name: string;
                     publicKey: string;
+                    publicKeyAlgorithm?: "ed25519" | undefined;
                 }, {
                     email?: string | undefined;
                     github?: string | undefined;
                     name: string;
                     publicKey: string;
+                    publicKeyAlgorithm?: "ed25519" | undefined;
                 }>>>;
                 version: z.ZodLiteral<1>;
             }, "strict", z.ZodTypeAny, {
@@ -1772,6 +1782,7 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
                     github?: string | undefined;
                     name: string;
                     publicKey: string;
+                    publicKeyAlgorithm?: "ed25519" | undefined;
                 }> | undefined;
                 version: 1;
             }, {
@@ -1796,6 +1807,7 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
                     github?: string | undefined;
                     name: string;
                     publicKey: string;
+                    publicKeyAlgorithm?: "ed25519" | undefined;
                 }> | undefined;
                 version: 1;
             }>;
@@ -1956,16 +1968,17 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
             export declare function savePreferences(preferences: UserPreferences): Promise<void>;
 
             /**
-             * Save a public key to the user's home directory and optionally to the project directory.
+             * Save a public key to the user's home directory.
              *
              * This saves the public key as a base64-encoded string (matching the format in config.yaml)
-             * to:
-             * 1. ~/.attest-it/public-keys/<slug>.pem (always)
-             * 2. ./.attest-it/public-keys/<slug>.pem (if project has attest-it config)
+             * to ~/.attest-it/public-keys/<slug>.pem for backup purposes.
+             *
+             * Public keys are now stored inline in the team section of config.yaml and no longer
+             * written to the project directory.
              *
              * @param slug - The identity slug (used for the filename)
              * @param publicKey - The base64-encoded public key
-             * @param projectRoot - The project root directory (defaults to cwd)
+             * @param projectRoot - The project root directory (deprecated, kept for backward compatibility)
              * @returns Paths where the key was saved
              * @public
              */
@@ -1983,16 +1996,17 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
             }
 
             /**
-             * Save a public key to the user's home directory and optionally to the project directory (sync).
+             * Save a public key to the user's home directory (sync).
              *
              * This saves the public key as a base64-encoded string (matching the format in config.yaml)
-             * to:
-             * 1. ~/.attest-it/public-keys/<slug>.pem (always)
-             * 2. ./.attest-it/public-keys/<slug>.pem (if project has attest-it config)
+             * to ~/.attest-it/public-keys/<slug>.pem for backup purposes.
+             *
+             * Public keys are now stored inline in the team section of config.yaml and no longer
+             * written to the project directory.
              *
              * @param slug - The identity slug (used for the filename)
              * @param publicKey - The base64-encoded public key
-             * @param projectRoot - The project root directory (defaults to cwd)
+             * @param projectRoot - The project root directory (deprecated, kept for backward compatibility)
              * @returns Paths where the key was saved
              * @public
              */
@@ -2193,6 +2207,8 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
                 github?: string | undefined;
                 /** Base64-encoded Ed25519 public key */
                 publicKey: string;
+                /** Public key algorithm (optional, for future-proofing format changes) */
+                publicKeyAlgorithm?: 'ed25519' | undefined;
             }
 
             /**

package/dist/core-beta.d.ts

@@ -395,16 +395,19 @@ declare const configSchema: z.ZodObject<{
         github: z.ZodOptional<z.ZodString>;
         name: z.ZodString;
         publicKey: z.ZodString;
+        publicKeyAlgorithm: z.ZodOptional<z.ZodEnum<["ed25519"]>>;
     }, "strict", z.ZodTypeAny, {
         email?: string | undefined;
         github?: string | undefined;
         name: string;
         publicKey: string;
+        publicKeyAlgorithm?: "ed25519" | undefined;
     }, {
         email?: string | undefined;
         github?: string | undefined;
         name: string;
         publicKey: string;
+        publicKeyAlgorithm?: "ed25519" | undefined;
     }>>>;
     version: z.ZodLiteral<1>;
 }, "strict", z.ZodTypeAny, {
@@ -452,6 +455,7 @@ declare const configSchema: z.ZodObject<{
         github?: string | undefined;
         name: string;
         publicKey: string;
+        publicKeyAlgorithm?: "ed25519" | undefined;
     }> | undefined;
     version: 1;
 }, {
@@ -525,6 +529,7 @@ declare const configSchema: z.ZodObject<{
         github?: string | undefined;
         name: string;
         publicKey: string;
+        publicKeyAlgorithm?: "ed25519" | undefined;
     }> | undefined;
     version: 1;
 }>;
@@ -885,9 +890,8 @@ export declare function getPreferencesPath(): string;
 /**
  * Get the project public keys directory.
  *
- * This returns .attest-it/public-keys relative to the given project root.
- * The project public keys directory is used for CI/GitHub Actions to
- * verify attestation seals.
+ * @deprecated Public keys are now stored inline in the team section of config.yaml.
+ * This function is kept for backward compatibility but should not be used in new code.
  *
  * @param projectRoot - The project root directory (defaults to cwd)
  * @returns Path to the project public keys directory
@@ -908,6 +912,9 @@ export declare function getPublicKeyFromPrivate(privateKeyPem: string): string;
 /**
  * Check if a project has attest-it configuration.
  *
+ * @deprecated This function is kept for backward compatibility but is no longer used
+ * by the core library. Public keys are now stored inline in config.yaml.
+ *
  * @param projectRoot - The project root directory (defaults to cwd)
  * @returns True if the project has .attest-it/config.yaml or similar
  * @public
@@ -1738,16 +1745,19 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
                     github: z.ZodOptional<z.ZodString>;
                     name: z.ZodString;
                     publicKey: z.ZodString;
+                    publicKeyAlgorithm: z.ZodOptional<z.ZodLiteral<"ed25519">>;
                 }, "strict", z.ZodTypeAny, {
                     email?: string | undefined;
                     github?: string | undefined;
                     name: string;
                     publicKey: string;
+                    publicKeyAlgorithm?: "ed25519" | undefined;
                 }, {
                     email?: string | undefined;
                     github?: string | undefined;
                     name: string;
                     publicKey: string;
+                    publicKeyAlgorithm?: "ed25519" | undefined;
                 }>>>;
                 version: z.ZodLiteral<1>;
             }, "strict", z.ZodTypeAny, {
@@ -1772,6 +1782,7 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
                     github?: string | undefined;
                     name: string;
                     publicKey: string;
+                    publicKeyAlgorithm?: "ed25519" | undefined;
                 }> | undefined;
                 version: 1;
             }, {
@@ -1796,6 +1807,7 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
                     github?: string | undefined;
                     name: string;
                     publicKey: string;
+                    publicKeyAlgorithm?: "ed25519" | undefined;
                 }> | undefined;
                 version: 1;
             }>;
@@ -1956,16 +1968,17 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
             export declare function savePreferences(preferences: UserPreferences): Promise<void>;
 
             /**
-             * Save a public key to the user's home directory and optionally to the project directory.
+             * Save a public key to the user's home directory.
              *
              * This saves the public key as a base64-encoded string (matching the format in config.yaml)
-             * to:
-             * 1. ~/.attest-it/public-keys/<slug>.pem (always)
-             * 2. ./.attest-it/public-keys/<slug>.pem (if project has attest-it config)
+             * to ~/.attest-it/public-keys/<slug>.pem for backup purposes.
+             *
+             * Public keys are now stored inline in the team section of config.yaml and no longer
+             * written to the project directory.
              *
              * @param slug - The identity slug (used for the filename)
              * @param publicKey - The base64-encoded public key
-             * @param projectRoot - The project root directory (defaults to cwd)
+             * @param projectRoot - The project root directory (deprecated, kept for backward compatibility)
              * @returns Paths where the key was saved
              * @public
              */
@@ -1983,16 +1996,17 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
             }
 
             /**
-             * Save a public key to the user's home directory and optionally to the project directory (sync).
+             * Save a public key to the user's home directory (sync).
              *
              * This saves the public key as a base64-encoded string (matching the format in config.yaml)
-             * to:
-             * 1. ~/.attest-it/public-keys/<slug>.pem (always)
-             * 2. ./.attest-it/public-keys/<slug>.pem (if project has attest-it config)
+             * to ~/.attest-it/public-keys/<slug>.pem for backup purposes.
+             *
+             * Public keys are now stored inline in the team section of config.yaml and no longer
+             * written to the project directory.
              *
              * @param slug - The identity slug (used for the filename)
              * @param publicKey - The base64-encoded public key
-             * @param projectRoot - The project root directory (defaults to cwd)
+             * @param projectRoot - The project root directory (deprecated, kept for backward compatibility)
              * @returns Paths where the key was saved
              * @public
              */
@@ -2193,6 +2207,8 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
                 github?: string | undefined;
                 /** Base64-encoded Ed25519 public key */
                 publicKey: string;
+                /** Public key algorithm (optional, for future-proofing format changes) */
+                publicKeyAlgorithm?: 'ed25519' | undefined;
             }
 
             /**

package/dist/core-public.d.ts

@@ -395,16 +395,19 @@ declare const configSchema: z.ZodObject<{
         github: z.ZodOptional<z.ZodString>;
         name: z.ZodString;
         publicKey: z.ZodString;
+        publicKeyAlgorithm: z.ZodOptional<z.ZodEnum<["ed25519"]>>;
     }, "strict", z.ZodTypeAny, {
         email?: string | undefined;
         github?: string | undefined;
         name: string;
         publicKey: string;
+        publicKeyAlgorithm?: "ed25519" | undefined;
     }, {
         email?: string | undefined;
         github?: string | undefined;
         name: string;
         publicKey: string;
+        publicKeyAlgorithm?: "ed25519" | undefined;
     }>>>;
     version: z.ZodLiteral<1>;
 }, "strict", z.ZodTypeAny, {
@@ -452,6 +455,7 @@ declare const configSchema: z.ZodObject<{
         github?: string | undefined;
         name: string;
         publicKey: string;
+        publicKeyAlgorithm?: "ed25519" | undefined;
     }> | undefined;
     version: 1;
 }, {
@@ -525,6 +529,7 @@ declare const configSchema: z.ZodObject<{
         github?: string | undefined;
         name: string;
         publicKey: string;
+        publicKeyAlgorithm?: "ed25519" | undefined;
     }> | undefined;
     version: 1;
 }>;
@@ -885,9 +890,8 @@ export declare function getPreferencesPath(): string;
 /**
  * Get the project public keys directory.
  *
- * This returns .attest-it/public-keys relative to the given project root.
- * The project public keys directory is used for CI/GitHub Actions to
- * verify attestation seals.
+ * @deprecated Public keys are now stored inline in the team section of config.yaml.
+ * This function is kept for backward compatibility but should not be used in new code.
  *
  * @param projectRoot - The project root directory (defaults to cwd)
  * @returns Path to the project public keys directory
@@ -908,6 +912,9 @@ export declare function getPublicKeyFromPrivate(privateKeyPem: string): string;
 /**
  * Check if a project has attest-it configuration.
  *
+ * @deprecated This function is kept for backward compatibility but is no longer used
+ * by the core library. Public keys are now stored inline in config.yaml.
+ *
  * @param projectRoot - The project root directory (defaults to cwd)
  * @returns True if the project has .attest-it/config.yaml or similar
  * @public
@@ -1738,16 +1745,19 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
                     github: z.ZodOptional<z.ZodString>;
                     name: z.ZodString;
                     publicKey: z.ZodString;
+                    publicKeyAlgorithm: z.ZodOptional<z.ZodLiteral<"ed25519">>;
                 }, "strict", z.ZodTypeAny, {
                     email?: string | undefined;
                     github?: string | undefined;
                     name: string;
                     publicKey: string;
+                    publicKeyAlgorithm?: "ed25519" | undefined;
                 }, {
                     email?: string | undefined;
                     github?: string | undefined;
                     name: string;
                     publicKey: string;
+                    publicKeyAlgorithm?: "ed25519" | undefined;
                 }>>>;
                 version: z.ZodLiteral<1>;
             }, "strict", z.ZodTypeAny, {
@@ -1772,6 +1782,7 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
                     github?: string | undefined;
                     name: string;
                     publicKey: string;
+                    publicKeyAlgorithm?: "ed25519" | undefined;
                 }> | undefined;
                 version: 1;
             }, {
@@ -1796,6 +1807,7 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
                     github?: string | undefined;
                     name: string;
                     publicKey: string;
+                    publicKeyAlgorithm?: "ed25519" | undefined;
                 }> | undefined;
                 version: 1;
             }>;
@@ -1956,16 +1968,17 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
             export declare function savePreferences(preferences: UserPreferences): Promise<void>;
 
             /**
-             * Save a public key to the user's home directory and optionally to the project directory.
+             * Save a public key to the user's home directory.
              *
              * This saves the public key as a base64-encoded string (matching the format in config.yaml)
-             * to:
-             * 1. ~/.attest-it/public-keys/<slug>.pem (always)
-             * 2. ./.attest-it/public-keys/<slug>.pem (if project has attest-it config)
+             * to ~/.attest-it/public-keys/<slug>.pem for backup purposes.
+             *
+             * Public keys are now stored inline in the team section of config.yaml and no longer
+             * written to the project directory.
              *
              * @param slug - The identity slug (used for the filename)
              * @param publicKey - The base64-encoded public key
-             * @param projectRoot - The project root directory (defaults to cwd)
+             * @param projectRoot - The project root directory (deprecated, kept for backward compatibility)
              * @returns Paths where the key was saved
              * @public
              */
@@ -1983,16 +1996,17 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
             }
 
             /**
-             * Save a public key to the user's home directory and optionally to the project directory (sync).
+             * Save a public key to the user's home directory (sync).
              *
              * This saves the public key as a base64-encoded string (matching the format in config.yaml)
-             * to:
-             * 1. ~/.attest-it/public-keys/<slug>.pem (always)
-             * 2. ./.attest-it/public-keys/<slug>.pem (if project has attest-it config)
+             * to ~/.attest-it/public-keys/<slug>.pem for backup purposes.
+             *
+             * Public keys are now stored inline in the team section of config.yaml and no longer
+             * written to the project directory.
              *
              * @param slug - The identity slug (used for the filename)
              * @param publicKey - The base64-encoded public key
-             * @param projectRoot - The project root directory (defaults to cwd)
+             * @param projectRoot - The project root directory (deprecated, kept for backward compatibility)
              * @returns Paths where the key was saved
              * @public
              */
@@ -2193,6 +2207,8 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
                 github?: string | undefined;
                 /** Base64-encoded Ed25519 public key */
                 publicKey: string;
+                /** Public key algorithm (optional, for future-proofing format changes) */
+                publicKeyAlgorithm?: 'ed25519' | undefined;
             }
 
             /**

package/dist/core-unstripped.d.ts

@@ -395,16 +395,19 @@ declare const configSchema: z.ZodObject<{
         github: z.ZodOptional<z.ZodString>;
         name: z.ZodString;
         publicKey: z.ZodString;
+        publicKeyAlgorithm: z.ZodOptional<z.ZodEnum<["ed25519"]>>;
     }, "strict", z.ZodTypeAny, {
         email?: string | undefined;
         github?: string | undefined;
         name: string;
         publicKey: string;
+        publicKeyAlgorithm?: "ed25519" | undefined;
     }, {
         email?: string | undefined;
         github?: string | undefined;
         name: string;
         publicKey: string;
+        publicKeyAlgorithm?: "ed25519" | undefined;
     }>>>;
     version: z.ZodLiteral<1>;
 }, "strict", z.ZodTypeAny, {
@@ -452,6 +455,7 @@ declare const configSchema: z.ZodObject<{
         github?: string | undefined;
         name: string;
         publicKey: string;
+        publicKeyAlgorithm?: "ed25519" | undefined;
     }> | undefined;
     version: 1;
 }, {
@@ -525,6 +529,7 @@ declare const configSchema: z.ZodObject<{
         github?: string | undefined;
         name: string;
         publicKey: string;
+        publicKeyAlgorithm?: "ed25519" | undefined;
     }> | undefined;
     version: 1;
 }>;
@@ -885,9 +890,8 @@ export declare function getPreferencesPath(): string;
 /**
  * Get the project public keys directory.
  *
- * This returns .attest-it/public-keys relative to the given project root.
- * The project public keys directory is used for CI/GitHub Actions to
- * verify attestation seals.
+ * @deprecated Public keys are now stored inline in the team section of config.yaml.
+ * This function is kept for backward compatibility but should not be used in new code.
  *
  * @param projectRoot - The project root directory (defaults to cwd)
  * @returns Path to the project public keys directory
@@ -908,6 +912,9 @@ export declare function getPublicKeyFromPrivate(privateKeyPem: string): string;
 /**
  * Check if a project has attest-it configuration.
  *
+ * @deprecated This function is kept for backward compatibility but is no longer used
+ * by the core library. Public keys are now stored inline in config.yaml.
+ *
  * @param projectRoot - The project root directory (defaults to cwd)
  * @returns True if the project has .attest-it/config.yaml or similar
  * @public
@@ -1738,16 +1745,19 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
                     github: z.ZodOptional<z.ZodString>;
                     name: z.ZodString;
                     publicKey: z.ZodString;
+                    publicKeyAlgorithm: z.ZodOptional<z.ZodLiteral<"ed25519">>;
                 }, "strict", z.ZodTypeAny, {
                     email?: string | undefined;
                     github?: string | undefined;
                     name: string;
                     publicKey: string;
+                    publicKeyAlgorithm?: "ed25519" | undefined;
                 }, {
                     email?: string | undefined;
                     github?: string | undefined;
                     name: string;
                     publicKey: string;
+                    publicKeyAlgorithm?: "ed25519" | undefined;
                 }>>>;
                 version: z.ZodLiteral<1>;
             }, "strict", z.ZodTypeAny, {
@@ -1772,6 +1782,7 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
                     github?: string | undefined;
                     name: string;
                     publicKey: string;
+                    publicKeyAlgorithm?: "ed25519" | undefined;
                 }> | undefined;
                 version: 1;
             }, {
@@ -1796,6 +1807,7 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
                     github?: string | undefined;
                     name: string;
                     publicKey: string;
+                    publicKeyAlgorithm?: "ed25519" | undefined;
                 }> | undefined;
                 version: 1;
             }>;
@@ -1956,16 +1968,17 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
             export declare function savePreferences(preferences: UserPreferences): Promise<void>;
 
             /**
-             * Save a public key to the user's home directory and optionally to the project directory.
+             * Save a public key to the user's home directory.
              *
              * This saves the public key as a base64-encoded string (matching the format in config.yaml)
-             * to:
-             * 1. ~/.attest-it/public-keys/<slug>.pem (always)
-             * 2. ./.attest-it/public-keys/<slug>.pem (if project has attest-it config)
+             * to ~/.attest-it/public-keys/<slug>.pem for backup purposes.
+             *
+             * Public keys are now stored inline in the team section of config.yaml and no longer
+             * written to the project directory.
              *
              * @param slug - The identity slug (used for the filename)
              * @param publicKey - The base64-encoded public key
-             * @param projectRoot - The project root directory (defaults to cwd)
+             * @param projectRoot - The project root directory (deprecated, kept for backward compatibility)
              * @returns Paths where the key was saved
              * @public
              */
@@ -1983,16 +1996,17 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
             }
 
             /**
-             * Save a public key to the user's home directory and optionally to the project directory (sync).
+             * Save a public key to the user's home directory (sync).
              *
              * This saves the public key as a base64-encoded string (matching the format in config.yaml)
-             * to:
-             * 1. ~/.attest-it/public-keys/<slug>.pem (always)
-             * 2. ./.attest-it/public-keys/<slug>.pem (if project has attest-it config)
+             * to ~/.attest-it/public-keys/<slug>.pem for backup purposes.
+             *
+             * Public keys are now stored inline in the team section of config.yaml and no longer
+             * written to the project directory.
              *
              * @param slug - The identity slug (used for the filename)
              * @param publicKey - The base64-encoded public key
-             * @param projectRoot - The project root directory (defaults to cwd)
+             * @param projectRoot - The project root directory (deprecated, kept for backward compatibility)
              * @returns Paths where the key was saved
              * @public
              */
@@ -2193,6 +2207,8 @@ export declare function listPackageFiles(packages: string[], ignore?: string[],
                 github?: string | undefined;
                 /** Base64-encoded Ed25519 public key */
                 publicKey: string;
+                /** Public key algorithm (optional, for future-proofing format changes) */
+                publicKeyAlgorithm?: 'ed25519' | undefined;
             }
 
             /**

package/dist/index.cjs

@@ -335,7 +335,8 @@ var teamMemberSchema = zod.z.object({
   name: zod.z.string().min(1, "Team member name cannot be empty"),
   email: zod.z.string().email().optional(),
   github: zod.z.string().min(1).optional(),
-  publicKey: zod.z.string().min(1, "Public key is required")
+  publicKey: zod.z.string().min(1, "Public key is required"),
+  publicKeyAlgorithm: zod.z.enum(["ed25519"]).optional()
 }).strict();
 var fingerprintConfigSchema = zod.z.object({
   paths: zod.z.array(zod.z.string().min(1, "Path cannot be empty")).min(1, "At least one path is required"),
@@ -566,7 +567,8 @@ var teamMemberSchema2 = zod.z.object({
   name: zod.z.string().min(1, "Team member name cannot be empty"),
   email: zod.z.string().email().optional(),
   github: zod.z.string().min(1).optional(),
-  publicKey: zod.z.string().min(1, "Public key is required")
+  publicKey: zod.z.string().min(1, "Public key is required"),
+  publicKeyAlgorithm: zod.z.literal("ed25519").optional()
 }).strict();
 var fingerprintConfigSchema2 = zod.z.object({
   paths: zod.z.array(zod.z.string().min(1, "Path cannot be empty")).min(1, "At least one path is required"),
@@ -2146,16 +2148,19 @@ function loadLocalConfigSync(configPath) {
     throw error;
   }
 }
+var IDENTITY_SCHEMA_HEADER = "# yaml-language-server: $schema=https://raw.githubusercontent.com/mike-north/attest-it/main/schemas/v1/identity.schema.json\n";
 async function saveLocalConfig(config, configPath) {
   const resolvedPath = configPath ?? getLocalConfigPath();
-  const content = yaml.stringify(config);
+  const yamlContent = yaml.stringify(config);
+  const content = IDENTITY_SCHEMA_HEADER + yamlContent;
   const dir = path2.dirname(resolvedPath);
   await fs8.mkdir(dir, { recursive: true });
   await fs8.writeFile(resolvedPath, content, "utf8");
 }
 function saveLocalConfigSync(config, configPath) {
   const resolvedPath = configPath ?? getLocalConfigPath();
-  const content = yaml.stringify(config);
+  const yamlContent = yaml.stringify(config);
+  const content = IDENTITY_SCHEMA_HEADER + yamlContent;
   const dir = path2.dirname(resolvedPath);
   fs.mkdirSync(dir, { recursive: true });
   fs.writeFileSync(resolvedPath, content, "utf8");
@@ -2186,13 +2191,6 @@ async function savePublicKey(slug, publicKey, projectRoot = process.cwd()) {
   const homePath = path2.join(homeDir, `${slug}.pem`);
   await fs8.writeFile(homePath, publicKey, "utf8");
   result.homePath = homePath;
-  if (hasProjectConfig(projectRoot)) {
-    const projectDir = getProjectPublicKeysDir(projectRoot);
-    await fs8.mkdir(projectDir, { recursive: true });
-    const projectPath = path2.join(projectDir, `${slug}.pem`);
-    await fs8.writeFile(projectPath, publicKey, "utf8");
-    result.projectPath = projectPath;
-  }
   return result;
 }
 function savePublicKeySync(slug, publicKey, projectRoot = process.cwd()) {
@@ -2204,13 +2202,6 @@ function savePublicKeySync(slug, publicKey, projectRoot = process.cwd()) {
   const homePath = path2.join(homeDir, `${slug}.pem`);
   fs.writeFileSync(homePath, publicKey, "utf8");
   result.homePath = homePath;
-  if (hasProjectConfig(projectRoot)) {
-    const projectDir = getProjectPublicKeysDir(projectRoot);
-    fs.mkdirSync(projectDir, { recursive: true });
-    const projectPath = path2.join(projectDir, `${slug}.pem`);
-    fs.writeFileSync(projectPath, publicKey, "utf8");
-    result.projectPath = projectPath;
-  }
   return result;
 }