openlatch-provider 0.1.0

Self-service onboarding CLI + runtime daemon for OpenLatch Editors and Providers
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

# openlatch-provider

> Self-service onboarding CLI + runtime daemon for OpenLatch Editors and Providers.

`openlatch-provider` is the third project in the OpenLatch family, sibling to [`openlatch-client`](https://github.com/OpenLatch/openlatch-client) (agent-side forwarder) and `openlatch-platform` (cloud control plane). It is **two things in one binary**:

| Mode | Trigger | Purpose |
| ---- | ------- | ------- |
| **Management CLI** | One-shot subcommands | Self-service onboarding + lifecycle ops for Editors and Providers |
| **Runtime daemon** | `openlatch-provider listen` | Receive HMAC-signed webhooks from `openlatch-platform`, verify, proxy events to vendor's localhost-hosted detection tools, return verdicts |

## Install

```bash
# npm (recommended)
npx @openlatch/provider --version

# crates.io
cargo install openlatch-provider

# GitHub Releases (signed binaries + shell installer)
curl -fsSL https://openlatch.ai/install.sh | sh
```

Cross-platform: macOS (arm64 + x64), Linux (x64 + arm64), Windows (x64).

## Quickstart

```bash
# 1. Authenticate (browser-based PKCE) — required, init validates slugs against the platform
openlatch-provider login

# 2. Scaffold a new editor + first tool. Each slug you pick is checked
#    against api.openlatch.ai before the manifest is written; collisions
#    re-prompt in TTY or surface as OL-4280..OL-4283 in CI mode.
openlatch-provider init

# 3. Edit openlatch.yaml to declare your tool(s) and provider(s)
$EDITOR openlatch.yaml

# 4. Validate before publishing
openlatch-provider publish --dry-run

# 5. Publish
openlatch-provider publish

# 6. Run the production daemon
openlatch-provider listen --port 8443
```

## Examples

- [`tools/coinflip-tool/`](tools/coinflip-tool/) — a dummy detection tool
  (FastAPI + [`openlatch-tool-sdk`](pypi/tool-sdk/)) that randomly returns
  `allow`/`deny` verdicts. Use it to validate the full
  agent → client → platform → provider → tool pipeline locally; it is
  also exercised deterministically by the
  `openlatch-provider-e2e coinflip` E2E command.

## Status

Pre-release (v0.0.0). See [CHANGELOG.md](CHANGELOG.md) for releases.

The Rust binary, [`openlatch-tool-sdk`](pypi/tool-sdk/) (PyPI), and
[`@openlatch/tool-sdk`](npm/tool-sdk/) (npm) version in lock-step — one
conventional-commit PR triggers a single release-please Release PR that
bumps all three packages to the same `X.Y.Z`.

## License

Apache-2.0 — see [LICENSE](LICENSE).

## Security

See [SECURITY.md](SECURITY.md).