Problem
configureGitIdentity in worktree.go:128-131 unconditionally disables commit signing in every worktree:
if g.gitAuthorName != "" || g.gitAuthorEmail != "" {
g.runner.Run(ctx, dir, "git", "config", "commit.gpgsign", "false")
g.runner.Run(ctx, dir, "git", "config", "tag.gpgsign", "false")
}The comment says "disables commit signing to avoid using the host's GPG/SSH keys" — this was a reasonable default when the committing identity might differ from the host's signing key. However, when oompa runs on a machine where the operator has configured SSH signing (e.g. gpg.format=ssh, user.signingkey=~/.ssh/github_signing_ed25519, commit.gpgsign=true) and the signing key matches the commit author, all oompa commits show as "unsigned" on GitHub unnecessarily.
Observed behavior
PR #232 commit 492720da shows verified: false, reason: unsigned despite the host having SSH commit signing fully configured and matching the commit author identity.
Proposed solution
Add a config option to control commit signing behavior:
Config
New field in Config (config.go):
CommitSign bool // when true, preserve the host's commit signing config instead of disabling it
YAML config
commit-sign: true # global default
CLI flag / env var
| Flag |
Env var |
Default |
Description |
--commit-sign |
OOMPA_COMMIT_SIGN |
false |
Preserve host commit signing config (GPG/SSH) |
Implementation
In worktree.go:configureGitIdentity:
if g.gitAuthorName != "" || g.gitAuthorEmail != "" {
if !g.commitSign {
g.runner.Run(ctx, dir, "git", "config", "commit.gpgsign", "false")
g.runner.Run(ctx, dir, "git", "config", "tag.gpgsign", "false")
}
}When commit-sign: true, the worktree inherits the global git config (commit.gpgsign=true, gpg.format, user.signingkey), so commits are signed as normal. Default false preserves current behavior — no breaking change.
Files to change
pkg/agent/config.go — add CommitSign boolpkg/agent/worktree.go — gate the disable on !g.commitSign; carry the field through GitWorktreeManagerpkg/agent/fileconfig.go — add CommitSign *bool to FileConfig (global level); wire through BuildRoleEntriescmd/oompa/main.go — add --commit-sign flag + env varspecs/config.md — document the new field
Problem
configureGitIdentityinworktree.go:128-131unconditionally disables commit signing in every worktree:The comment says "disables commit signing to avoid using the host's GPG/SSH keys" — this was a reasonable default when the committing identity might differ from the host's signing key. However, when oompa runs on a machine where the operator has configured SSH signing (e.g.
gpg.format=ssh,user.signingkey=~/.ssh/github_signing_ed25519,commit.gpgsign=true) and the signing key matches the commit author, all oompa commits show as "unsigned" on GitHub unnecessarily.Observed behavior
PR #232 commit
492720dashowsverified: false, reason: unsigneddespite the host having SSH commit signing fully configured and matching the commit author identity.Proposed solution
Add a config option to control commit signing behavior:
Config
New field in
Config(config.go):YAML config
CLI flag / env var
--commit-signOOMPA_COMMIT_SIGNfalseImplementation
In
worktree.go:configureGitIdentity:When
commit-sign: true, the worktree inherits the global git config (commit.gpgsign=true,gpg.format,user.signingkey), so commits are signed as normal. Defaultfalsepreserves current behavior — no breaking change.Files to change
pkg/agent/config.go— addCommitSign boolpkg/agent/worktree.go— gate the disable on!g.commitSign; carry the field throughGitWorktreeManagerpkg/agent/fileconfig.go— addCommitSign *booltoFileConfig(global level); wire throughBuildRoleEntriescmd/oompa/main.go— add--commit-signflag + env varspecs/config.md— document the new field