At present, the commits API endpoint (/2.0/repositories/{workspace}/{repo}/commits) does not expose any information about the signature status of a commit (e.g., whether it's GPG-signed, the key used, or its verification status).

We kindly request that commit signature metadata (e.g., status, fingerprint, type) be included in the API response.