GPG Verify Pack
V3 deterministic OpenPGP signature verification capability pack. By-value connector composition (service_kind=cli, no separate ingredient): the local gpgv CLI verifies one trusted local file path against a detached signature and trusted keyring via signature.verify. This pack uses gpgv, not generic gpg, so it is verification-only: no signing, import, trustdb mutation, keyserver access, or key management workflow. The operation is exit-code-only; a zero exit code means the signature verified. Requires gpgv on PATH (Debian/Ubuntu: apt install gpgv; macOS: install GnuPG). Local and no-egress.
What this pack installs
- gpg-verify Ingredient
Trust & control
What installing this whole pack would let it do. Recued grants these permissions at install — review them there before approving.
Where it runs
What it's allowed to do
Read
Local CLI
gpgv
read-only
Read: signature.verify · No approval