Issue an AgentIdentity from a validated CSR. The agent receives: - identity: DB record (server-side only) - certificate: proof of identity (agent stores this) - ca_fingerprint: for verification - private_key_pem: agent's private key (agent stores this
(
csr: AgentIdentityCSR,
db: Annotated[AsyncSession, Depends(get_db)],
)
| 125 | description="Step 2-3: validate CSR, sign certificate with Org CA, persist identity.", |
| 126 | ) |
| 127 | async def issue_from_csr( |
| 128 | csr: AgentIdentityCSR, |
| 129 | db: Annotated[AsyncSession, Depends(get_db)], |
| 130 | ) -> AgentIdentityIssueResult: |
| 131 | """ |
| 132 | Issue an AgentIdentity from a validated CSR. |
| 133 | |
| 134 | The agent receives: |
| 135 | - identity: DB record (server-side only) |
| 136 | - certificate: proof of identity (agent stores this) |
| 137 | - ca_fingerprint: for verification |
| 138 | - private_key_pem: agent's private key (agent stores this — NEVER sent again) |
| 139 | """ |
| 140 | svc = AgentIdentityService(db) |
| 141 | try: |
| 142 | return await svc.issue_from_csr(csr) |
| 143 | except ValueError as e: |
| 144 | raise HTTPException(status_code=409, detail=str(e)) |
| 145 | |
| 146 | |
| 147 | @_identity.post( |
nothing calls this directly
no test coverage detected