a2826a3da7
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
GHL uses RSA + SHA-256 for x-wh-signature, not ECDSA P-256 as documented in the original task files. Also adds forward-compatible Ed25519 support for X-GHL-Signature (GHL migration scheduled July 2026): handler checks X-GHL-Signature first, falls back to x-wh-signature. - webhook.go: replace ecdsa.VerifyASN1 with rsa.VerifyPKCS1v15; add verifyEd25519 + verifyIncomingSignature dispatch; update struct fields - webhook_test.go: regenerate test keys as RSA-2048, sign with PKCS1v15 - CLAUDE.md: correct crypto stack and key implementation notes - .env.example: clarify GHL_WEBHOOK_PUBLIC_KEY is a static RSA key from docs Co-Authored-By: SideKx <sidekx.ai@sds.dev>