artwyman
commented
1 month ago I definitely think signing key should be revealed by default, and only hidden if the user explicitly says so. We could even go farther and reject a config which hides it without constraining it in some other way (such as tuples and lists) though that's harder to implement and less necessary. We should just make sure that if the developer shoots themselves in the foot, it's only because they went out of their way to aim the gun.
This PR adds virtual entry support to the GPC layer, which amounts to exposing the signer's public key as the entry
$signerPublicKey.Specifying this entry is optional and defaults to not revealing the signer's public key. I'm contemplating changing this to revealing the public key by default to ensure that users don't fall into the trap of forgetting to constrain the public key.