1  // PyO3 0.21 generates unsafe calls inside macro-expanded code that Edition 2024
  2  // flags; fixed in PyO3 0.22+. Suppress until we upgrade.
  3  #![allow(unsafe_op_in_unsafe_fn)]
  4  
  5  use pyo3::prelude::*;
  6  
  7  pub mod artifact_publish;
  8  pub mod artifact_sign;
  9  pub mod attestation_query;
 10  pub mod commit_sign;
 11  pub mod commit_verify;
 12  pub mod device_ext;
 13  pub mod git_integration;
 14  pub mod identity;
 15  pub mod identity_sign;
 16  pub mod policy;
 17  pub mod rotation;
 18  pub mod runtime;
 19  pub mod sign;
 20  pub mod token;
 21  pub mod types;
 22  pub mod verify;
 23  
 24  #[pymodule]
 25  fn _native(m: &Bound<'_, PyModule>) -> PyResult<()> {
 26      m.add("__version__", "0.1.0")?;
 27  
 28      m.add_class::<types::VerificationResult>()?;
 29      m.add_class::<types::VerificationStatus>()?;
 30      m.add_class::<types::ChainLink>()?;
 31      m.add_class::<types::VerificationReport>()?;
 32  
 33      m.add_function(wrap_pyfunction!(verify::verify_attestation, m)?)?;
 34      m.add_function(wrap_pyfunction!(verify::verify_chain, m)?)?;
 35      m.add_function(wrap_pyfunction!(verify::verify_device_authorization, m)?)?;
 36      m.add_function(wrap_pyfunction!(
 37          verify::verify_attestation_with_capability,
 38          m
 39      )?)?;
 40      m.add_function(wrap_pyfunction!(verify::verify_chain_with_capability, m)?)?;
 41      m.add_function(wrap_pyfunction!(verify::verify_at_time, m)?)?;
 42      m.add_function(wrap_pyfunction!(verify::verify_at_time_with_capability, m)?)?;
 43      m.add_function(wrap_pyfunction!(verify::verify_chain_with_witnesses, m)?)?;
 44  
 45      m.add_function(wrap_pyfunction!(sign::sign_bytes, m)?)?;
 46      m.add_function(wrap_pyfunction!(sign::sign_action, m)?)?;
 47      m.add_function(wrap_pyfunction!(sign::verify_action_envelope, m)?)?;
 48  
 49      m.add_function(wrap_pyfunction!(token::get_token, m)?)?;
 50  
 51      m.add_class::<identity::DelegatedAgentBundle>()?;
 52      m.add_class::<identity::AgentIdentityBundle>()?;
 53      m.add_function(wrap_pyfunction!(identity::create_identity, m)?)?;
 54      m.add_function(wrap_pyfunction!(identity::create_agent_identity, m)?)?;
 55      m.add_function(wrap_pyfunction!(identity::delegate_agent, m)?)?;
 56      m.add_function(wrap_pyfunction!(identity::link_device_to_identity, m)?)?;
 57      m.add_function(wrap_pyfunction!(identity::revoke_device_from_identity, m)?)?;
 58  
 59      m.add_function(wrap_pyfunction!(identity_sign::sign_as_identity, m)?)?;
 60      m.add_function(wrap_pyfunction!(identity_sign::sign_action_as_identity, m)?)?;
 61      m.add_function(wrap_pyfunction!(identity_sign::get_identity_public_key, m)?)?;
 62      m.add_function(wrap_pyfunction!(identity_sign::sign_as_agent, m)?)?;
 63      m.add_function(wrap_pyfunction!(identity_sign::sign_action_as_agent, m)?)?;
 64  
 65      m.add_class::<rotation::PyIdentityRotationResult>()?;
 66      m.add_function(wrap_pyfunction!(rotation::rotate_identity_ffi, m)?)?;
 67  
 68      m.add_class::<device_ext::PyDeviceExtension>()?;
 69      m.add_function(wrap_pyfunction!(
 70          device_ext::extend_device_authorization_ffi,
 71          m
 72      )?)?;
 73  
 74      m.add_class::<policy::PyCompiledPolicy>()?;
 75      m.add_class::<policy::PyEvalContext>()?;
 76      m.add_class::<policy::PyDecision>()?;
 77      m.add_function(wrap_pyfunction!(policy::compile_policy, m)?)?;
 78  
 79      m.add_class::<artifact_publish::PyArtifactPublishResult>()?;
 80      m.add_function(wrap_pyfunction!(artifact_publish::publish_artifact, m)?)?;
 81  
 82      m.add_class::<artifact_sign::PyArtifactResult>()?;
 83      m.add_function(wrap_pyfunction!(artifact_sign::sign_artifact, m)?)?;
 84      m.add_function(wrap_pyfunction!(artifact_sign::sign_artifact_bytes, m)?)?;
 85  
 86      m.add_class::<commit_sign::PyCommitSignResult>()?;
 87      m.add_function(wrap_pyfunction!(commit_sign::sign_commit, m)?)?;
 88  
 89      m.add_class::<commit_verify::PyCommitVerificationResult>()?;
 90      m.add_function(wrap_pyfunction!(commit_verify::verify_commit_native, m)?)?;
 91  
 92      m.add_function(wrap_pyfunction!(
 93          git_integration::generate_allowed_signers_file,
 94          m
 95      )?)?;
 96  
 97      m.add_class::<attestation_query::PyAttestation>()?;
 98      m.add_function(wrap_pyfunction!(attestation_query::list_attestations, m)?)?;
 99      m.add_function(wrap_pyfunction!(
100          attestation_query::list_attestations_by_device,
101          m
102      )?)?;
103      m.add_function(wrap_pyfunction!(
104          attestation_query::get_latest_attestation,
105          m
106      )?)?;
107  
108      Ok(())
109  }