1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
use clap::{Args, Subcommand};
#[derive(Debug, Args)]
pub(crate) struct SkillArgs {
#[command(subcommand)]
pub command: SkillCommand,
}
#[derive(Debug, Subcommand)]
pub(crate) enum SkillCommand {
/// Manage Ed25519 signing keys for skill provenance.
Key(SkillKeyArgs),
/// Sign a skill manifest and emit `<path>.sig`.
Sign(SkillSignArgs),
/// Add an endorsement signature to an existing signed skill manifest.
Endorse(SkillEndorseArgs),
/// Verify a skill manifest against the trusted signer set.
Verify(SkillVerifyArgs),
/// Show the author, endorsement chain, and trust scores for a skill manifest.
WhoSigned(SkillWhoSignedArgs),
/// Manage the local trusted signer registry.
Trust(SkillTrustArgs),
}
#[derive(Debug, Args)]
pub(crate) struct SkillKeyArgs {
#[command(subcommand)]
pub command: SkillKeyCommand,
}
#[derive(Debug, Subcommand)]
pub(crate) enum SkillKeyCommand {
/// Generate an Ed25519 keypair and write PEM files to disk.
Generate(SkillKeyGenerateArgs),
}
#[derive(Debug, Args)]
pub(crate) struct SkillKeyGenerateArgs {
/// Path for the private-key PEM. The public key is written to `<path>.pub`.
#[arg(long, value_name = "PATH")]
pub out: String,
}
#[derive(Debug, Args)]
pub(crate) struct SkillSignArgs {
/// Path to the skill manifest to sign (typically `SKILL.md`).
pub skill: String,
/// Path to the private-key PEM generated by `harn skill key generate`.
#[arg(long, value_name = "PATH")]
pub key: String,
}
#[derive(Debug, Args)]
pub(crate) struct SkillEndorseArgs {
/// Path to the skill manifest to endorse (typically `SKILL.md`).
pub skill: String,
/// Path to the private-key PEM generated by `harn skill key generate`.
#[arg(long, value_name = "PATH")]
pub key: String,
}
#[derive(Debug, Args)]
pub(crate) struct SkillVerifyArgs {
/// Path to the skill manifest to verify.
pub skill: String,
/// Emit JSON instead of a human-readable report.
#[arg(long)]
pub json: bool,
}
#[derive(Debug, Args)]
pub(crate) struct SkillWhoSignedArgs {
/// Path to the skill manifest to inspect.
pub skill: String,
/// Emit JSON instead of a human-readable report.
#[arg(long)]
pub json: bool,
}
#[derive(Debug, Args)]
pub(crate) struct SkillTrustArgs {
#[command(subcommand)]
pub command: SkillTrustCommand,
}
#[derive(Debug, Subcommand)]
pub(crate) enum SkillTrustCommand {
/// Import a trusted signer from a PEM file or URL.
Add(SkillTrustAddArgs),
/// List the trusted signer fingerprints currently installed locally.
List(SkillTrustListArgs),
}
#[derive(Debug, Args)]
pub(crate) struct SkillTrustAddArgs {
/// PEM source for the public key. Accepts a local path or URL.
#[arg(long = "from", value_name = "URL|FILE")]
pub from: String,
}
#[derive(Debug, Args, Default)]
pub(crate) struct SkillTrustListArgs {}