There are a number of things we can do here to make these APIs more ergonomic:
Remove all API-level foreign type dependencies: Attestation.verify should construct the sigstore types it needs internally, rather than having those foreign types passed in. #62
Make Attestation.verify() take a Publisher instead of a VerificationPolicy, since the former can be transformed into the latter.
Add some kind of Provenance.verify() API -- this needs a little more design thought.
There are a number of things we can do here to make these APIs more ergonomic:
Attestation.verifyshould construct thesigstoretypes it needs internally, rather than having those foreign types passed in. #62Attestation.verify()take aPublisherinstead of aVerificationPolicy, since the former can be transformed into the latter.Provenance.verify()API -- this needs a little more design thought.