Atmos Pro now has a repository setting for teams that want workflow dispatch tied to GitHub's commit verification signal. Turn on Require verified commits in a repository's Settings tab and Atmos Pro will check GitHub's verification result before dispatching infrastructure workflows.

When the setting is off, dispatch behavior is unchanged. When it is on, any commit GitHub reports as not verified blocks dispatch and records a failed workflow row with a clear verification error.

Even with enforcement off, Atmos Pro records GitHub's verification result when it can, so deployments can show whether the dispatch commit was verified without requiring teams to turn on blocking.

For pull requests, Atmos Pro checks the commit range instead of trusting only the head SHA. That means a verified bot commit at the tip of a PR cannot hide an unsigned commit earlier in the same PR.

Atmos Pro's Pro commit/autocommit endpoint now creates commits through GitHub's createCommitOnBranch API using the Atmos Pro GitHub App. We do not send custom author, committer, or signature metadata, so GitHub applies its verified bot signing path.

After the commit is created, Atmos Pro verifies the returned SHA before reporting success. That keeps Atmos Pro-created commits compatible with the new dispatch gate while still catching unsigned commits that were already present in the PR range.

The Deployments table now shows commit verification state next to a dispatch ref when Atmos Pro has metadata for that workflow run.