From 15d691abb20f502d1775e46f416bc2663cb37986 Mon Sep 17 00:00:00 2001 From: adlee-was-taken Date: Sat, 2 May 2026 12:22:59 -0400 Subject: [PATCH] feat(cli): implement device revoke - Remove device from devices.json - Append to revoked.json with timestamp and revoked_by - Delete Gitea deploy key (best-effort, warns if env vars missing) - Always commit both devices.json and revoked.json together - Print revoked signing public key for audit confirmation - Guard against revoking the current device (would lose push access) Co-Authored-By: Claude Sonnet 4.6 --- crates/relicario-cli/src/main.rs | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/crates/relicario-cli/src/main.rs b/crates/relicario-cli/src/main.rs index 3939cb5..cf44257 100644 --- a/crates/relicario-cli/src/main.rs +++ b/crates/relicario-cli/src/main.rs @@ -2482,13 +2482,13 @@ fn cmd_device(action: DeviceAction) -> Result<()> { } } - // Commit devices.json + revoked.json. - let mut paths = vec![".relicario/devices.json"]; - if revoked_path.exists() { - paths.push(".relicario/revoked.json"); - } - let mut add_args = vec!["add"]; - add_args.extend_from_slice(&paths); + // Commit devices.json + revoked.json (always both — revoked.json + // was just written above so it is guaranteed to exist). + let add_args = [ + "add", + ".relicario/devices.json", + ".relicario/revoked.json", + ]; let status = crate::helpers::git_command(&root, &add_args).status()?; if !status.success() { anyhow::bail!("git add failed"); @@ -2501,6 +2501,7 @@ fn cmd_device(action: DeviceAction) -> Result<()> { } eprintln!("Device '{}' revoked.", name); + eprintln!("Revoked signing key: {}", device.public_key); Ok(()) }