Skip to content

feat: add auths signers commands piped from auths-sdk -> auths-cli -> python/node SDKs #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bordumb merged 4 commits into from
Mar 9, 2026
Merged

feat: add auths signers commands piped from auths-sdk -> auths-cli -> python/node SDKs #63

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1342d92
feat: add AllowedSigners SDK types, parsing, CRUD, and sync
bordumb Mar 9, 2026
e7abfb8
feat: add CLI signers command and refactor git_integration to use All…
bordumb Mar 9, 2026
100253a
feat: remove auths git allowed-signers, enhance doctor, update all re…
bordumb Mar 9, 2026
d45fd4d
fix: clippy fixes in auths-python
bordumb Mar 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 5 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,10 +98,10 @@ auths device revoke --device-did did:key:z6Mk...
auths verify attestation.json
```

**Export allowed-signers for Git verification**
**Sync allowed-signers for Git verification**

```bash
auths git allowed-signers >> ~/.ssh/allowed_signers
auths signers sync
```

---
Expand Down Expand Up @@ -161,7 +161,9 @@ No central server. No blockchain. Just Git and cryptography.
| `auths verify` | Verify an attestation |
| `auths verify-commit` | Verify a signed commit |
| `auths git setup` | Configure Git for signing |
| `auths git allowed-signers` | Generate allowed-signers file |
| `auths signers sync` | Sync allowed-signers from registry |
| `auths signers list` | List allowed signers |
| `auths signers add` | Add a manual signer |

Run `auths --help` for full documentation.

Expand Down
3 changes: 2 additions & 1 deletion crates/auths-cli/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,8 @@ sha2 = "0.10"
tempfile = "3"
thiserror.workspace = true
zeroize = "1.8"
reqwest = { version = "0.13.2", features = ["json", "form"] }
reqwest = { version = "0.13.2", features = ["json", "form", "blocking"] }
ssh-key = "0.6"
url = "2.5"
which = "8.0.0"
open = "5"
Expand Down
2 changes: 1 addition & 1 deletion crates/auths-cli/src/bin/verify.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ fn verify_file(
bail!(
"Allowed signers file not found: {:?}\n\n\
Create it with:\n \
auths git allowed-signers > {:?}",
auths signers sync --output {:?}",
allowed_signers,
allowed_signers
);
Expand Down
2 changes: 2 additions & 0 deletions crates/auths-cli/src/cli.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ use crate::commands::org::OrgCommand;
use crate::commands::policy::PolicyCommand;
use crate::commands::scim::ScimCommand;
use crate::commands::sign::SignCommand;
use crate::commands::signers::SignersCommand;
use crate::commands::status::StatusCommand;
use crate::commands::trust::TrustCommand;
use crate::commands::unified_verify::UnifiedVerifyCommand;
Expand Down Expand Up @@ -92,6 +93,7 @@ pub enum RootCommand {
Whoami(WhoamiCommand),
Tutorial(LearnCommand),
Doctor(DoctorCommand),
Signers(SignersCommand),
Pair(PairCommand),
#[command(hide = true)]
Completions(CompletionsCommand),
Expand Down
46 changes: 40 additions & 6 deletions crates/auths-cli/src/commands/doctor.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -180,22 +180,56 @@ fn check_identity_exists() -> Check {
}

fn check_allowed_signers_file() -> Check {
use auths_sdk::workflows::allowed_signers::{AllowedSigners, SignerSource};

let path = crate::factories::storage::read_git_config("gpg.ssh.allowedSignersFile")
.ok()
.flatten();

let (passed, detail, suggestion) = match path {
Some(path_str) => {
if std::path::Path::new(&path_str).exists() {
(true, format!("Set to: {path_str}"), None)
let file_path = std::path::Path::new(&path_str);
if file_path.exists() {
match AllowedSigners::load(file_path) {
Ok(signers) => {
let entries = signers.list();
let attestation_count = entries
.iter()
.filter(|e| e.source == SignerSource::Attestation)
.count();
let manual_count = entries
.iter()
.filter(|e| e.source == SignerSource::Manual)
.count();

let has_markers = std::fs::read_to_string(file_path)
.map(|c| c.contains("# auths:attestation"))
.unwrap_or(false);

let mut detail = format!(
"{path_str} ({} attestation, {} manual)",
attestation_count, manual_count
);

if !has_markers && !entries.is_empty() {
detail.push_str(
" [no auths markers — run `auths signers sync` to add them]",
);
}

(true, detail, None)
}
Err(_) => (
true,
format!("{path_str} (exists, could not parse entries)"),
None,
),
}
} else {
(
false,
format!("Configured but file not found: {path_str}"),
Some(
"Run: auths init --profile developer (regenerates allowed_signers)"
.to_string(),
),
Some("Run: auths signers sync (regenerates allowed_signers)".to_string()),
)
}
}
Expand Down
Loading
Loading