I added more documentation in the PyWell repo on how to run locally. Short version: just run python validate_key.py or python export_rsvps.py and it should be self-documenting from there. That doesn't start a web server, just runs the same function with command line input and output. The idea is that should be entirely interchangeable with the API Gateway version, so anything that works on command line should work the same via web. I believe that's true currently, but if there's ever a discrepancy, that would be a bug in PyWell, upstream of this repo, and this code shouldn't need to change to fix such bugs.

I think https://github.com/awslabs/aws-sam-cli can also be used to run lambdas with local web interfaces, though I haven't tried that.

Nothing about PyWell requires the functions be named main and I'm somewhat ambivalent about that, but it sounds like maybe that was a good indication that these are, in fact, self-contained scripts?

I'm not really trying to evangelize PyWell here, which is why it wasn't explained at all. Ideally the code would be more self-explanatory without any mention of PyWell, but maybe that's not possible.

The security model for this is somewhat independent of the code, and could be a little different for different instances. For MoveOn, the current plan is the key generation would be restricted to staff on VPN, who would then share individual keys with partners, who could then use the keys on an unrestricted site.

I'm interested in seeing how a Parsons version of this would compare, but I'm a little skeptical this code can get much smaller without making it too abstract. E.g. Seems like the biggest opportunity to minimize the code further is moving the query out of the code, but I think that would make this more of an open-ended keyed query tool and have much wider security concerns.