Add composite identity checks for commit
What does this MR do and why?
When a service account makes a commit, the system now checks if the commit's author information matches the real human user that the service account is linked to, rather than just checking the service account itself. This allows DAP agents to make commits using the identity of the developer they're helping, while still maintaining security controls.
References
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
- In GDK enable Settings → Repository → Push rules → "Reject unverified users"
- Click on
Generate MR with Duo - You should see the agent struggling to push to the branch directly and trying workarounds
- Pull from this branch and try again
- You should be able to see a successful push
- You could also try steps from #594997 (closed)
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #594997 (closed)