feat: add debug logging to identity resolver, downgrade git2 to 0.19.0

Author: bordumb

Cargo.lock

@@ -37,7 +37,7 @@ ring = "0.17.14"
 base64 = "0.22.1"
 thiserror = "2"
 uuid = { version = "1", features = ["v4"] }
-git2 = "0.20.4"
+git2 = { version = "0.19.0", default-features = false, features = ["vendored-libgit2"] }
 parking_lot = "0.12"
 schemars = "0.8"
 subtle = "2.6"

Cargo.toml

@@ -47,7 +47,7 @@ tokio = { version = "1", features = ["rt-multi-thread", "macros", "time"] }
 ring.workspace = true
 base64.workspace = true
 bs58 = "0.5.1"
-git2 = "0.20.4"
+git2.workspace = true
 dirs = "6.0.0"
 chrono = "0.4.40"
 jsonschema = { version = "0.42.2", default-features = false }

crates/auths-cli/Cargo.toml

@@ -29,7 +29,7 @@ bs58 = "0.5.1"
 chrono = { version = "0.4.40", features = ["serde"] }
 der = "0.8.0"
 dirs = { version = "6.0.0", optional = true }
-git2 = { version = "0.19.0", optional = true }
+git2 = { workspace = true, optional = true }
 hex = { version = "0.4.3", features = ["serde"] }
 json-canon.workspace = true
 jsonschema = { version = "0.42.2", default-features = false }

crates/auths-id/Cargo.toml

@@ -19,7 +19,7 @@ log = "0.4"
 thiserror.workspace = true
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
-git2 = "0.20.4"
+git2.workspace = true
 
 [dev-dependencies]
 tempfile = "3"

crates/auths-index/Cargo.toml

@@ -14,7 +14,7 @@ homepage.workspace = true
 auths-core = { workspace = true }
 auths-sdk = { workspace = true }
 auths-verifier = { workspace = true, features = ["native"] }
-git2 = "0.20.4"
+git2.workspace = true
 thiserror.workspace = true
 chrono = "0.4"
 log = "0.4"

crates/auths-infra-git/Cargo.toml

@@ -40,7 +40,7 @@ thiserror.workspace = true
 auths-crypto = { workspace = true, optional = true }
 auths-id = { workspace = true, optional = true }
 chrono = { version = "0.4", features = ["serde"], optional = true }
-git2 = { version = "0.19.0", optional = true }
+git2 = { workspace = true, optional = true }
 ring = { workspace = true, optional = true }
 
 # WASM-only

crates/auths-radicle/Cargo.toml

@@ -321,9 +321,32 @@ impl RadicleIdentityResolver {
     /// at `v1/devices/{shard}/{sanitized_did}/attestation.json`.
     fn find_controller_for_device(&self, device_did: &Did) -> Option<Did> {
         let id_path = self.identity_repo_path.as_ref().unwrap_or(&self.repo_path);
-        let repo = Repository::open(id_path).ok()?;
-        let att = self.read_device_attestation(&repo, device_did)?;
-        att.issuer.to_string().parse::<Did>().ok()
+        eprintln!(
+            "[auths-debug] find_controller_for_device: id_path={}",
+            id_path.display()
+        );
+        let repo = match Repository::open(id_path) {
+            Ok(r) => r,
+            Err(e) => {
+                eprintln!("[auths-debug] Repository::open failed: {e}");
+                return None;
+            }
+        };
+        eprintln!("[auths-debug] Repository opened successfully");
+        let att = match self.read_device_attestation(&repo, device_did) {
+            Some(a) => a,
+            None => {
+                eprintln!("[auths-debug] read_device_attestation returned None");
+                return None;
+            }
+        };
+        eprintln!("[auths-debug] attestation found, issuer={}", att.issuer);
+        let result = att.issuer.to_string().parse::<Did>().ok();
+        eprintln!(
+            "[auths-debug] parsed issuer DID: {:?}",
+            result.as_ref().map(|d| d.to_string())
+        );
+        result
     }
 
     /// Scans the packed registry for all devices with attestations.
@@ -388,28 +411,76 @@ impl RadicleIdentityResolver {
         repo: &Repository,
         device_did: &Did,
     ) -> Option<auths_verifier::core::Attestation> {
-        let registry_tree = self.registry_tree(repo)?;
+        let registry_tree = match self.registry_tree(repo) {
+            Some(t) => t,
+            None => {
+                eprintln!("[auths-debug] registry_tree returned None");
+                return None;
+            }
+        };
         let sanitized = device_did.to_string().replace(':', "_");
-        let key_part = sanitized.strip_prefix("did_key_")?;
+        let key_part = match sanitized.strip_prefix("did_key_") {
+            Some(k) => k,
+            None => {
+                eprintln!("[auths-debug] strip_prefix(did_key_) failed for: {sanitized}");
+                return None;
+            }
+        };
         if key_part.len() < 4 {
+            eprintln!("[auths-debug] key_part too short: {key_part}");
             return None;
         }
         let s1 = &key_part[..2];
         let s2 = &key_part[2..4];
         let att_path = format!("v1/devices/{s1}/{s2}/{sanitized}/attestation.json");
+        eprintln!("[auths-debug] looking up att_path: {att_path}");
 
-        let entry = registry_tree
-            .get_path(std::path::Path::new(&att_path))
-            .ok()?;
-        let blob = repo.find_blob(entry.id()).ok()?;
-        serde_json::from_slice(blob.content()).ok()
+        let entry = match registry_tree.get_path(std::path::Path::new(&att_path)) {
+            Ok(e) => e,
+            Err(e) => {
+                eprintln!("[auths-debug] tree.get_path failed: {e}");
+                return None;
+            }
+        };
+        let blob = match repo.find_blob(entry.id()) {
+            Ok(b) => b,
+            Err(e) => {
+                eprintln!("[auths-debug] find_blob failed: {e}");
+                return None;
+            }
+        };
+        match serde_json::from_slice(blob.content()) {
+            Ok(att) => Some(att),
+            Err(e) => {
+                eprintln!("[auths-debug] serde_json::from_slice failed: {e}");
+                None
+            }
+        }
     }
 
     /// Returns the root tree at `refs/auths/registry`.
     fn registry_tree<'r>(&self, repo: &'r Repository) -> Option<git2::Tree<'r>> {
-        let reference = repo.find_reference(REGISTRY_REF).ok()?;
-        let commit = reference.peel_to_commit().ok()?;
-        commit.tree().ok()
+        let reference = match repo.find_reference(REGISTRY_REF) {
+            Ok(r) => r,
+            Err(e) => {
+                eprintln!("[auths-debug] find_reference({REGISTRY_REF}) failed: {e}");
+                return None;
+            }
+        };
+        let commit = match reference.peel_to_commit() {
+            Ok(c) => c,
+            Err(e) => {
+                eprintln!("[auths-debug] peel_to_commit failed: {e}");
+                return None;
+            }
+        };
+        match commit.tree() {
+            Ok(t) => Some(t),
+            Err(e) => {
+                eprintln!("[auths-debug] commit.tree() failed: {e}");
+                None
+            }
+        }
     }
 
     /// Reads KEL events by walking the commit chain from the given commit.

crates/auths-radicle/src/identity.rs

@@ -349,6 +349,7 @@ impl AuthsStorage for GitRadicleStorage {
 }
 
 #[cfg(test)]
+#[allow(clippy::unwrap_used, clippy::disallowed_methods)]
 mod tests {
     use super::*;
     use auths_id::keri::KeriSequence;

crates/auths-radicle/src/storage.rs

@@ -267,11 +267,12 @@ impl<S: AuthsStorage> RadicleAuthsBridge for DefaultBridge<S> {
         };
 
         // Step 6: Evaluate policy (revocation, expiry)
-        let decision = evaluate_compiled(&attestation, &self.policy, request.now)
-            .map_err(|e| BridgeError::PolicyEvaluation {
+        let decision = evaluate_compiled(&attestation, &self.policy, request.now).map_err(|e| {
+            BridgeError::PolicyEvaluation {
                 did: IdentityDID::new(identity_did.to_string()),
                 reason: e.to_string(),
-            })?;
+            }
+        })?;
 
         // Step 7: Capability check
         if let Some(required_cap) = request.required_capability
@@ -457,6 +458,7 @@ pub fn meets_threshold(
 }
 
 #[cfg(test)]
+#[allow(clippy::unwrap_used, clippy::disallowed_methods)]
 mod tests {
     use super::*;
     use auths_verifier::IdentityDID;