1  use std::path::PathBuf;
 2  
 3  use auths_sdk::workflows::git_integration::{
 4      format_allowed_signers_file, generate_allowed_signers,
 5  };
 6  use auths_storage::git::RegistryAttestationStorage;
 7  use pyo3::exceptions::PyRuntimeError;
 8  use pyo3::prelude::*;
 9  
10  /// Generate an `allowed_signers` file content from live Auths storage.
11  ///
12  /// Reads device attestations from the Git-backed identity store and formats
13  /// them for `gpg.ssh.allowedSignersFile`. Skips revoked attestations and
14  /// devices whose public key cannot be parsed.
15  ///
16  /// Args:
17  /// * `repo_path`: Path to the Auths identity repository (default: `~/.auths`).
18  ///
19  /// Usage:
20  /// ```ignore
21  /// let content = generate_allowed_signers_file(py, "~/.auths")?;
22  /// std::fs::write(".auths/allowed_signers", content).unwrap();
23  /// ```
24  #[pyfunction]
25  #[pyo3(signature = (repo_path = "~/.auths"))]
26  pub fn generate_allowed_signers_file(py: Python<'_>, repo_path: &str) -> PyResult<String> {
27      let rp = repo_path.to_string();
28      py.allow_threads(move || {
29          let repo = PathBuf::from(shellexpand::tilde(&rp).as_ref());
30          let storage = RegistryAttestationStorage::new(&repo);
31          let entries = generate_allowed_signers(&storage).map_err(
32              |e: auths_sdk::workflows::git_integration::GitIntegrationError| {
33                  PyRuntimeError::new_err(format!("[AUTHS_REGISTRY_ERROR] {e}"))
34              },
35          )?;
36          Ok(format_allowed_signers_file(&entries))
37      })
38  }