docs(nips): NIP-GS — Git Object Signing with Nostr Keys

[tlongwell-block]

Motivation

The sovereign git story has three layers: transport (NIP-98 authenticates the pusher), authorization (role-based push permissions enforce who can push where), and authorship (commit signatures prove who wrote the code). PRs #419 and #441 delivered the first two. PR #451 wired credential helpers into agent processes. This NIP defines the third layer — signing git commits and tags with the same nostr key used for everything else.

Agents already have a nostr keypair for relay auth, channel membership, and owner attestation (NIP-OA). This NIP lets that same key sign their commits. One identity, one key, across all surfaces — from relay messages to code authorship.

What this PR adds

A new NIP specification at docs/nips/NIP-GS.md (642 lines). No code changes.

The protocol

Git's pluggable signing interface (gpg.format=x509, gpg.x509.program) lets us drop in a custom signing program. The program:

1. Signs — reads commit/tag payload from stdin, computes a domain-separated hash (SHA-256("nostr:git:v1:" || timestamp || ":" || payload)), produces a BIP-340 Schnorr signature, outputs an armored JSON envelope
2. Verifies — reads signature file + payload, verifies the Schnorr signature, emits [GNUPG:] status lines that git's parser understands

git commit
    │
    └─ spawns: git-sign-nostr --status-fd=2 -bsau <npub>
         ├─ stdin:  commit payload bytes
         ├─ stdout: -----BEGIN SIGNED MESSAGE-----
         │          <base64 JSON: {v, pk, sig, t}>
         │          -----END SIGNED MESSAGE-----
         └─ fd 2:   [GNUPG:] SIG_CREATED ...

Key design decisions

Decision	Why
gpg.format=x509	Same signing/verify functions as openpgp in git's gpg-interface.c, but uses -----BEGIN SIGNED MESSAGE----- markers that don't collide with PGP/SSH. No extra verify args. Proven by sigstore/gitsign (1,000+ ⭐).
Domain-separated hash	"nostr:git:v1:" prefix prevents cross-protocol replay — a NIP-98 HTTP auth sig or NIP-01 event sig can't be reused as a commit signature. Timestamp bound into the hash.
JSON envelope in armor	Self-contained: pubkey embedded in signature. No external key lookup needed for verification. Forward-compatible via version field.
GIT_CONFIG_COUNT env vars	Ephemeral, per-process config. No filesystem writes. Composes with the credential helper config from PR #451.

What's specified

• Complete signature format with strict JSON validation rules
• Full [GNUPG:] status protocol (SIG_CREATED, GOODSIG, BADSIG, ERRSIG, VALIDSIG, TRUST_*)
• Deterministic test vector with computed hash and reproducible BIP-340 signature
• Key loading fallback chain (env var → keyfile)
• CLI interface matching git's invocation patterns
• Comprehensive invalid-case handling
• Security analysis: domain separation, key exposure, replay, nonce generation, signing program trust

Relationship to prior work

PR	Layer	What it does
#419	Transport	Smart HTTP git hosting with NIP-98 auth
#441	Authorization	Role-based push permissions via pre-receive hooks
#451	Credential wiring	Desktop app injects credential helper into agent processes
This PR	Authorship	NIP for signing commits/tags with nostr keys

Together they close the loop from VISION_SOVEREIGN.md: agents clone repos, push code, and sign their commits — all through the relay, all with nostr identity.

Review notes

• Docs only — no code changes, no new dependencies
• Scored 9/10 by codex CLI after 4 iterations (v1: 5/10 → v2: 8.2 → v3: 8.8 → v4: 9.0)
• Quality bar aligned with existing NIPs in docs/nips/ (NIP-OA, NIP-RS)
• No existing NIP covers git commit signing — checked the full nostr-protocol/nips repo
• Implementation PR will follow separately