15d691abb2
- Remove device from devices.json - Append to revoked.json with timestamp and revoked_by - Delete Gitea deploy key (best-effort, warns if env vars missing) - Always commit both devices.json and revoked.json together - Print revoked signing public key for audit confirmation - Guard against revoking the current device (would lose push access) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>