format

ellie · ellie · commit f0bded5f168a · 2026-01-07T18:17:46.000-08:00
diff --git a/crates/atuin-desktop-runtime/src/ssh/integration_tests.rs b/crates/atuin-desktop-runtime/src/ssh/integration_tests.rs
@@ -552,9 +552,7 @@ async fn test_auth_certificate_valid() {
     let key_path = test_keys_dir().join("id_ed25519_cert_only");
 
     let mut session = Session::open(&host).await.expect("Failed to open session");
-    let auth_result = session
-        .key_auth(&test_user(), &test_host(), key_path)
-        .await;
+    let auth_result = session.key_auth(&test_user(), &test_host(), key_path).await;
 
     assert!(
         auth_result.is_ok(),
@@ -588,9 +586,7 @@ async fn test_auth_certificate_expired_fallback() {
     let key_path = test_keys_dir().join("id_ed25519_expired_cert");
 
     let mut session = Session::open(&host).await.expect("Failed to open session");
-    let auth_result = session
-        .key_auth(&test_user(), &test_host(), key_path)
-        .await;
+    let auth_result = session.key_auth(&test_user(), &test_host(), key_path).await;
 
     assert!(
         auth_result.is_ok(),
@@ -606,9 +602,10 @@ async fn test_auth_certificate_expired_fallback() {
     );
 
     // Check the warning type
-    let has_expired_warning = auth_result.warnings.iter().any(|w| {
-        matches!(w, SshWarning::CertificateExpired { .. })
-    });
+    let has_expired_warning = auth_result
+        .warnings
+        .iter()
+        .any(|w| matches!(w, SshWarning::CertificateExpired { .. }));
     assert!(
         has_expired_warning,
         "Should have CertificateExpired warning, got: {:?}",
@@ -625,9 +622,7 @@ async fn test_auth_certificate_not_yet_valid_fallback() {
     let key_path = test_keys_dir().join("id_ed25519_future_cert");
 
     let mut session = Session::open(&host).await.expect("Failed to open session");
-    let auth_result = session
-        .key_auth(&test_user(), &test_host(), key_path)
-        .await;
+    let auth_result = session.key_auth(&test_user(), &test_host(), key_path).await;
 
     assert!(
         auth_result.is_ok(),
@@ -643,9 +638,10 @@ async fn test_auth_certificate_not_yet_valid_fallback() {
     );
 
     // Check the warning type
-    let has_future_warning = auth_result.warnings.iter().any(|w| {
-        matches!(w, SshWarning::CertificateNotYetValid { .. })
-    });
+    let has_future_warning = auth_result
+        .warnings
+        .iter()
+        .any(|w| matches!(w, SshWarning::CertificateNotYetValid { .. }));
     assert!(
         has_future_warning,
         "Should have CertificateNotYetValid warning, got: {:?}",
@@ -672,9 +668,7 @@ async fn test_auth_certificate_auto_detection() {
     let mut session = Session::open(&host).await.expect("Failed to open session");
 
     // key_auth should automatically detect and use the certificate
-    let auth_result = session
-        .key_auth(&test_user(), &test_host(), key_path)
-        .await;
+    let auth_result = session.key_auth(&test_user(), &test_host(), key_path).await;
 
     assert!(
         auth_result.is_ok(),
diff --git a/crates/atuin-desktop-runtime/src/ssh/pool.rs b/crates/atuin-desktop-runtime/src/ssh/pool.rs
@@ -92,7 +92,12 @@ impl Pool {
         let async_session = async {
             let mut session = Session::open_with_config(host, ssh_config_override).await?;
             let auth_result = session
-                .authenticate_with_config(auth, Some(&username), identity_key_config, certificate_config)
+                .authenticate_with_config(
+                    auth,
+                    Some(&username),
+                    identity_key_config,
+                    certificate_config,
+                )
                 .await?;
             Ok::<_, eyre::Report>((session, auth_result))
         };
diff --git a/crates/atuin-desktop-runtime/src/ssh/session.rs b/crates/atuin-desktop-runtime/src/ssh/session.rs
@@ -659,7 +659,12 @@ impl Session {
     /// Public key or certificate authentication
     /// If a companion certificate file exists (e.g., id_ed25519-cert.pub), uses certificate auth
     /// Returns AuthResult containing any warnings from the authentication process
-    pub async fn key_auth(&mut self, username: &str, host: &str, key_path: PathBuf) -> Result<AuthResult> {
+    pub async fn key_auth(
+        &mut self,
+        username: &str,
+        host: &str,
+        key_path: PathBuf,
+    ) -> Result<AuthResult> {
         // Check if there's a companion certificate for this key
         if let Some(cert_path) = Self::find_certificate_for_key(&key_path).await {
             return self.cert_auth(username, host, key_path, cert_path).await;
@@ -739,11 +744,16 @@ impl Session {
         };
 
         // Read certificate file content
-        let cert_content = std::fs::read_to_string(&cert_path)
-            .map_err(|e| eyre::eyre!("Failed to read certificate file {}: {e}", cert_path.display()))?;
+        let cert_content = std::fs::read_to_string(&cert_path).map_err(|e| {
+            eyre::eyre!(
+                "Failed to read certificate file {}: {e}",
+                cert_path.display()
+            )
+        })?;
 
         let cert_source = cert_path.display().to_string();
-        self.cert_auth_impl(username, host, key_pair, &cert_content, &cert_source).await
+        self.cert_auth_impl(username, host, key_pair, &cert_content, &cert_source)
+            .await
     }
 
     /// Attempt public key authentication with an already-loaded key.
@@ -784,7 +794,9 @@ impl Session {
             .map_err(|e| eyre::eyre!("Failed to write temp certificate: {e}"))?;
 
         // Guard ensures temp file is cleaned up on any exit path
-        let _temp_guard = TempFileGuard { path: temp_cert_path.clone() };
+        let _temp_guard = TempFileGuard {
+            path: temp_cert_path.clone(),
+        };
 
         // Load the certificate
         let cert = match russh::keys::load_openssh_certificate(&temp_cert_path) {
@@ -886,10 +898,16 @@ impl Session {
 
         match auth_res {
             russh::client::AuthResult::Success => {
-                tracing::info!("✓ Certificate authentication successful with {}", cert_source);
+                tracing::info!(
+                    "✓ Certificate authentication successful with {}",
+                    cert_source
+                );
                 Ok(AuthResult::default())
             }
-            russh::client::AuthResult::Failure { remaining_methods, partial_success } => {
+            russh::client::AuthResult::Failure {
+                remaining_methods,
+                partial_success,
+            } => {
                 tracing::warn!(
                     "Server rejected certificate {} (remaining methods: {:?}, partial: {})",
                     cert_source,
@@ -1014,7 +1032,10 @@ impl Session {
             identity_files.len()
         );
         for identity_file in &identity_files {
-            if let Ok(auth_result) = self.key_auth(username, &hostname, identity_file.clone()).await {
+            if let Ok(auth_result) = self
+                .key_auth(username, &hostname, identity_file.clone())
+                .await
+            {
                 return Ok(auth_result);
             }
         }
@@ -1121,7 +1142,12 @@ impl Session {
                     tracing::info!("Step 0: Trying block-provided pasted key");
                     // For pasted key content with explicit certificate, use cert_auth_from_content
                     match self
-                        .key_auth_from_content_with_cert(username, &hostname, content, certificate_config)
+                        .key_auth_from_content_with_cert(
+                            username,
+                            &hostname,
+                            content,
+                            certificate_config,
+                        )
                         .await
                     {
                         Ok(auth_result) => {
@@ -1139,7 +1165,12 @@ impl Session {
                 SshIdentityKeyConfig::Path { path } => {
                     tracing::info!("Step 0: Trying block-provided key path: {}", path);
                     match self
-                        .key_auth_with_cert_config(username, &hostname, PathBuf::from(path), certificate_config)
+                        .key_auth_with_cert_config(
+                            username,
+                            &hostname,
+                            PathBuf::from(path),
+                            certificate_config,
+                        )
                         .await
                     {
                         Ok(auth_result) => {
@@ -1238,11 +1269,16 @@ impl Session {
         cert_path: PathBuf,
     ) -> Result<AuthResult> {
         // Read certificate file content and delegate to impl
-        let cert_content = std::fs::read_to_string(&cert_path)
-            .map_err(|e| eyre::eyre!("Failed to read certificate file {}: {e}", cert_path.display()))?;
+        let cert_content = std::fs::read_to_string(&cert_path).map_err(|e| {
+            eyre::eyre!(
+                "Failed to read certificate file {}: {e}",
+                cert_path.display()
+            )
+        })?;
 
         let cert_source = cert_path.display().to_string();
-        self.cert_auth_impl(username, host, key_pair, &cert_content, &cert_source).await
+        self.cert_auth_impl(username, host, key_pair, &cert_content, &cert_source)
+            .await
     }
 
     /// Certificate auth with an already-loaded key pair and pasted certificate content
@@ -1254,7 +1290,8 @@ impl Session {
         cert_content: &str,
     ) -> Result<AuthResult> {
         // Delegate directly to impl with pasted content indicator
-        self.cert_auth_impl(username, host, key_pair, cert_content, "(pasted content)").await
+        self.cert_auth_impl(username, host, key_pair, cert_content, "(pasted content)")
+            .await
     }
 
     pub async fn disconnect(&self) -> Result<()> {
diff --git a/crates/atuin-desktop-runtime/src/ssh/ssh_pool.rs b/crates/atuin-desktop-runtime/src/ssh/ssh_pool.rs
@@ -116,7 +116,13 @@ pub enum SshPoolMessage {
         // The actual result of the open_pty command
         // returns a channel to send input to the pty, plus any auth warnings
         #[allow(clippy::type_complexity)]
-        reply_to: oneshot::Sender<Result<(mpsc::Sender<Bytes>, mpsc::Sender<(u16, u16)>, Vec<SshWarning>)>>,
+        reply_to: oneshot::Sender<
+            Result<(
+                mpsc::Sender<Bytes>,
+                mpsc::Sender<(u16, u16)>,
+                Vec<SshWarning>,
+            )>,
+        >,
     },
     ClosePty {
         channel: String,
@@ -319,7 +325,11 @@ impl SshPoolHandle {
         output_stream: mpsc::Sender<String>,
         width: u16,
         height: u16,
-    ) -> Result<(mpsc::Sender<Bytes>, mpsc::Sender<(u16, u16)>, Vec<SshWarning>)> {
+    ) -> Result<(
+        mpsc::Sender<Bytes>,
+        mpsc::Sender<(u16, u16)>,
+        Vec<SshWarning>,
+    )> {
         self.open_pty_with_config(host, username, channel, output_stream, width, height, None)
             .await
     }
@@ -334,7 +344,11 @@ impl SshPoolHandle {
         width: u16,
         height: u16,
         ssh_config: Option<DocumentSshConfig>,
-    ) -> Result<(mpsc::Sender<Bytes>, mpsc::Sender<(u16, u16)>, Vec<SshWarning>)> {
+    ) -> Result<(
+        mpsc::Sender<Bytes>,
+        mpsc::Sender<(u16, u16)>,
+        Vec<SshWarning>,
+    )> {
         let (reply_sender, reply_receiver) = oneshot::channel();
 
         let msg = SshPoolMessage::OpenPty {
