openlatch-provider 0.2.1

# Command-Line Help for `openlatch-provider`

This document contains the help content for the `openlatch-provider` command-line program.

**Command Overview:**

* [`openlatch-provider`↴](#openlatch-provider)
* [`openlatch-provider login`↴](#openlatch-provider-login)
* [`openlatch-provider logout`↴](#openlatch-provider-logout)
* [`openlatch-provider whoami`↴](#openlatch-provider-whoami)
* [`openlatch-provider init`↴](#openlatch-provider-init)
* [`openlatch-provider new`↴](#openlatch-provider-new)
* [`openlatch-provider new tool`↴](#openlatch-provider-new-tool)
* [`openlatch-provider editor`↴](#openlatch-provider-editor)
* [`openlatch-provider editor update`↴](#openlatch-provider-editor-update)
* [`openlatch-provider register`↴](#openlatch-provider-register)
* [`openlatch-provider publish`↴](#openlatch-provider-publish)
* [`openlatch-provider deprecate`↴](#openlatch-provider-deprecate)
* [`openlatch-provider tools`↴](#openlatch-provider-tools)
* [`openlatch-provider tools list`↴](#openlatch-provider-tools-list)
* [`openlatch-provider tools delete`↴](#openlatch-provider-tools-delete)
* [`openlatch-provider tools deprecate`↴](#openlatch-provider-tools-deprecate)
* [`openlatch-provider tools status`↴](#openlatch-provider-tools-status)
* [`openlatch-provider tools logs`↴](#openlatch-provider-tools-logs)
* [`openlatch-provider tools restart`↴](#openlatch-provider-tools-restart)
* [`openlatch-provider tools probe`↴](#openlatch-provider-tools-probe)
* [`openlatch-provider providers`↴](#openlatch-provider-providers)
* [`openlatch-provider providers list`↴](#openlatch-provider-providers-list)
* [`openlatch-provider providers update`↴](#openlatch-provider-providers-update)
* [`openlatch-provider providers delete`↴](#openlatch-provider-providers-delete)
* [`openlatch-provider bindings`↴](#openlatch-provider-bindings)
* [`openlatch-provider bindings list`↴](#openlatch-provider-bindings-list)
* [`openlatch-provider bindings rotate-secret`↴](#openlatch-provider-bindings-rotate-secret)
* [`openlatch-provider bindings delete-secret`↴](#openlatch-provider-bindings-delete-secret)
* [`openlatch-provider bindings probe`↴](#openlatch-provider-bindings-probe)
* [`openlatch-provider bindings metrics`↴](#openlatch-provider-bindings-metrics)
* [`openlatch-provider bindings delete`↴](#openlatch-provider-bindings-delete)
* [`openlatch-provider listen`↴](#openlatch-provider-listen)
* [`openlatch-provider trigger`↴](#openlatch-provider-trigger)
* [`openlatch-provider tail`↴](#openlatch-provider-tail)
* [`openlatch-provider events`↴](#openlatch-provider-events)
* [`openlatch-provider events tail`↴](#openlatch-provider-events-tail)
* [`openlatch-provider doctor`↴](#openlatch-provider-doctor)
* [`openlatch-provider update`↴](#openlatch-provider-update)
* [`openlatch-provider completions`↴](#openlatch-provider-completions)
* [`openlatch-provider config`↴](#openlatch-provider-config)
* [`openlatch-provider config get`↴](#openlatch-provider-config-get)
* [`openlatch-provider config set`↴](#openlatch-provider-config-set)
* [`openlatch-provider config list`↴](#openlatch-provider-config-list)

## `openlatch-provider`

Publish and run security tools on OpenLatch

**Usage:** `openlatch-provider [OPTIONS] [COMMAND]`

###### **Subcommands:**

* `login` — Sign in to your OpenLatch account
* `logout` — Sign out and clear your saved credentials
* `whoami` — Show who you're signed in as
* `init` — Set up a new tool — sign in and create your manifest
* `new` — Create a starter tool project from a template
* `editor` — Manage your publisher profile
* `register` — Submit your manifest to OpenLatch
* `publish` — Publish a new version of your tool
* `deprecate` — Mark a tool version range as deprecated
* `tools` — List, delete, or deprecate your tools
* `providers` — List, update, or delete your providers
* `bindings` — Manage bindings and webhook secrets
* `listen` — Start the event listener that handles incoming requests
* `trigger` — Send a test event to your running listener
* `tail` — Watch live events as they arrive
* `events` — Inspect events recorded by `listen` (audit JSONL stream)
* `doctor` — Check that everything is set up correctly
* `update` — Auto-update via npm registry + minisign verify + atomic swap
* `completions` — Print shell completions for the given shell
* `config` — View or change your local settings

###### **Options:**

* `--profile <NAME>` — Activate a config profile (default: "default")
* `--output <FORMAT>` — Output format (TTY default = `table`, non-TTY default = `json`)

  Possible values: `table`, `json`, `yaml`, `sarif`

* `-q`, `--quiet` — Suppress info/warn output. Errors still print
* `-v`, `--verbose` — Verbose human output (extra operational detail)
* `--debug` — Internal state, timings, request/response bodies. Implies `--verbose`
* `--no-color` — Strip ANSI colors. Equivalent to setting `NO_COLOR=1`
* `-y`, `--yes` — Assume "yes" to all interactive prompts
* `--dry-run` — Show what would happen without actually doing it
* `--non-interactive` — Force-disable any interactive prompts



## `openlatch-provider login`

Sign in to your OpenLatch account

**Usage:** `openlatch-provider login [OPTIONS]`

###### **Options:**

* `--token-file <PATH>` — Read the token from a file instead of triggering the browser flow



## `openlatch-provider logout`

Sign out and clear your saved credentials

**Usage:** `openlatch-provider logout`



## `openlatch-provider whoami`

Show who you're signed in as

**Usage:** `openlatch-provider whoami`



## `openlatch-provider init`

Set up a new tool — sign in and create your manifest

**Usage:** `openlatch-provider init [OPTIONS]`

###### **Options:**

* `--force` — Overwrite an existing `<slug>.yaml` (backed up to .bak)
* `--editor-slug <EDITOR_SLUG>` — Editor slug — required when `--non-interactive`
* `--display-name <DISPLAY_NAME>` — Editor display name — required when `--non-interactive`
* `--description <DESCRIPTION>` — Editor description
* `--homepage-url <HOMEPAGE_URL>` — Editor homepage URL
* `--docs-url <DOCS_URL>` — Editor docs URL
* `--telemetry` — Force-enable PostHog telemetry (skips the consent prompt)
* `--no-telemetry` — Force-disable PostHog telemetry (skips the consent prompt)



## `openlatch-provider new`

Create a starter tool project from a template

**Usage:** `openlatch-provider new <COMMAND>`

###### **Subcommands:**

* `tool` — Create a starter tool project (Python, Rust, or Node)



## `openlatch-provider new tool`

Create a starter tool project (Python, Rust, or Node)

**Usage:** `openlatch-provider new tool [OPTIONS] --template <TEMPLATE>`

###### **Options:**

* `--template <TEMPLATE>`

  Possible values: `python`, `rust`, `node`

* `--out <OUT>` — Target directory (default: ./<slug>)



## `openlatch-provider editor`

Manage your publisher profile

**Usage:** `openlatch-provider editor <COMMAND>`

###### **Subcommands:**

* `update` — Update your publisher profile



## `openlatch-provider editor update`

Update your publisher profile

**Usage:** `openlatch-provider editor update [OPTIONS]`

###### **Options:**

* `--display-name <DISPLAY_NAME>`
* `--description <DESCRIPTION>`
* `--homepage-url <HOMEPAGE_URL>`
* `--docs-url <DOCS_URL>`



## `openlatch-provider register`

Submit your manifest to OpenLatch

**Usage:** `openlatch-provider register [OPTIONS]`

###### **Options:**

* `--manifest <PATH>` — Path to a manifest file (default: resolved from `[profiles.<profile>] manifest_slug` in `~/.openlatch/provider/config.toml`)
* `--allow-local-endpoints` — Permit binding endpoints that resolve to non-public IPs (loopback / private / cloud-metadata / IPv4-mapped). Intended for local development against a tool server on `localhost`. The platform's authoritative probe still enforces public-IP-only in production — never use this flag for live registrations
* `--skip-preflight` — Skip every pre-flight check that runs before the platform mutations: the client-side endpoint probe AND the whole-manifest `:validate` pass. Exists as an escape hatch when you know a partial write needs to be reconciled (e.g. tool #1 already created on the platform, retrying after a transient failure) or when an endpoint deliberately can't be reached from the developer's host (e.g. RFC 6761 reserved placeholders in fixtures). The platform's authoritative server-side probe still runs at provider-upsert time, so SSRF posture is preserved. Default off



## `openlatch-provider publish`

Publish a new version of your tool

**Usage:** `openlatch-provider publish [OPTIONS] [BUMP]`

###### **Arguments:**

* `<BUMP>` — Bump kind (mutually exclusive with `--version`)

  Possible values: `major`, `minor`, `patch`


###### **Options:**

* `--version <VERSION>` — Set an explicit version (overrides `bump`)
* `--manifest <PATH>` — Path to a manifest file (default: resolved from `[profiles.<profile>] manifest_slug` in `~/.openlatch/provider/config.toml`)
* `--git-tag` — Tag the resulting commit `<editor>/<tool>@vX.Y.Z` and push (no-op when not in a git repo). Off by default for v0.1
* `--skip-preflight` — Skip the pre-flight `:validate` pass on tool slugs. Use only when recovering from a partial publish; default off



## `openlatch-provider deprecate`

Mark a tool version range as deprecated

**Usage:** `openlatch-provider deprecate <SPEC> <MESSAGE>`

###### **Arguments:**

* `<SPEC>` — Tool slug (or `<slug>@<range>` when only a version range is targeted)
* `<MESSAGE>` — Deprecation message shown to consumers



## `openlatch-provider tools`

List, delete, or deprecate your tools

**Usage:** `openlatch-provider tools <COMMAND>`

###### **Subcommands:**

* `list` — Show all your tools
* `delete` — Permanently delete a tool
* `deprecate` — Mark a tool version range as deprecated
* `status` — Show live status of every managed tool process (PID, uptime, restart count, last health probe)
* `logs` — Tail a managed tool's JSONL log file
* `restart` — Force the daemon to restart a managed tool
* `probe` — Run a one-shot /healthz probe through the daemon



## `openlatch-provider tools list`

Show all your tools

**Usage:** `openlatch-provider tools list`



## `openlatch-provider tools delete`

Permanently delete a tool

**Usage:** `openlatch-provider tools delete [OPTIONS] <SLUG>`

###### **Arguments:**

* `<SLUG>`

###### **Options:**

* `--yes` — Skip confirmation prompt



## `openlatch-provider tools deprecate`

Mark a tool version range as deprecated

**Usage:** `openlatch-provider tools deprecate <SPEC> <MESSAGE>`

###### **Arguments:**

* `<SPEC>` — Tool slug (or `<slug>@<range>` when only a version range is targeted)
* `<MESSAGE>` — Deprecation message shown to consumers



## `openlatch-provider tools status`

Show live status of every managed tool process (PID, uptime, restart count, last health probe)

**Usage:** `openlatch-provider tools status [OPTIONS]`

###### **Options:**

* `--admin-port <PORT>` — Admin port the running daemon is listening on

  Default value: `8444`



## `openlatch-provider tools logs`

Tail a managed tool's JSONL log file

**Usage:** `openlatch-provider tools logs [OPTIONS] <SLUG>`

###### **Arguments:**

* `<SLUG>` — Tool slug

###### **Options:**

* `--follow` — Follow new lines as the daemon writes them
* `--tail <TAIL>` — Lines to print before following. Default 200

  Default value: `200`



## `openlatch-provider tools restart`

Force the daemon to restart a managed tool

**Usage:** `openlatch-provider tools restart [OPTIONS] <SLUG>`

###### **Arguments:**

* `<SLUG>` — Tool slug

###### **Options:**

* `--admin-port <PORT>` — Admin port the running daemon is listening on

  Default value: `8444`



## `openlatch-provider tools probe`

Run a one-shot /healthz probe through the daemon

**Usage:** `openlatch-provider tools probe [OPTIONS] <SLUG>`

###### **Arguments:**

* `<SLUG>` — Tool slug

###### **Options:**

* `--admin-port <PORT>` — Admin port the running daemon is listening on

  Default value: `8444`



## `openlatch-provider providers`

List, update, or delete your providers

**Usage:** `openlatch-provider providers <COMMAND>`

###### **Subcommands:**

* `list` — Show all your providers
* `update` — Update a provider's settings
* `delete` — Permanently delete a provider



## `openlatch-provider providers list`

Show all your providers

**Usage:** `openlatch-provider providers list`



## `openlatch-provider providers update`

Update a provider's settings

**Usage:** `openlatch-provider providers update <SLUG>`

###### **Arguments:**

* `<SLUG>`



## `openlatch-provider providers delete`

Permanently delete a provider

**Usage:** `openlatch-provider providers delete [OPTIONS] <SLUG>`

###### **Arguments:**

* `<SLUG>`

###### **Options:**

* `--yes`



## `openlatch-provider bindings`

Manage bindings and webhook secrets

**Usage:** `openlatch-provider bindings <COMMAND>`

###### **Subcommands:**

* `list` — Show all your bindings
* `rotate-secret` — Generate a new webhook signing secret (shown once)
* `delete-secret` — Remove a binding's webhook signing secret
* `probe` — Test that a binding's endpoint is reachable
* `metrics` — Show traffic and latency metrics for a binding
* `delete` — Permanently delete a binding



## `openlatch-provider bindings list`

Show all your bindings

**Usage:** `openlatch-provider bindings list`



## `openlatch-provider bindings rotate-secret`

Generate a new webhook signing secret (shown once)

**Usage:** `openlatch-provider bindings rotate-secret [OPTIONS] <ID>`

###### **Arguments:**

* `<ID>`

###### **Options:**

* `--yes`



## `openlatch-provider bindings delete-secret`

Remove a binding's webhook signing secret

**Usage:** `openlatch-provider bindings delete-secret [OPTIONS] <ID>`

###### **Arguments:**

* `<ID>`

###### **Options:**

* `--yes`



## `openlatch-provider bindings probe`

Test that a binding's endpoint is reachable

**Usage:** `openlatch-provider bindings probe <ID>`

###### **Arguments:**

* `<ID>`



## `openlatch-provider bindings metrics`

Show traffic and latency metrics for a binding

**Usage:** `openlatch-provider bindings metrics <ID>`

###### **Arguments:**

* `<ID>`



## `openlatch-provider bindings delete`

Permanently delete a binding

**Usage:** `openlatch-provider bindings delete [OPTIONS] <ID>`

###### **Arguments:**

* `<ID>`

###### **Options:**

* `--yes`



## `openlatch-provider listen`

Start the event listener that handles incoming requests

**Usage:** `openlatch-provider listen [OPTIONS]`

###### **Options:**

* `--port <PORT>` — HTTPS port to bind. Use `0` for an OS-assigned port (testing)

  Default value: `8443`
* `--bind-addr <ADDR>` — Address to bind. Default 0.0.0.0 (all interfaces)

  Default value: `0.0.0.0`
* `--manifest <PATH>` — Manifest path override; otherwise the active profile's `manifest_slug` is used
* `--cert <PATH>` — PEM bundle for the listener's TLS certificate
* `--key <PATH>` — PEM private key for the listener's TLS certificate
* `--no-tls` — Disable TLS — for tests behind a TLS-terminating reverse proxy only
* `--no-watch` — Disable the cross-platform manifest file-watcher (default-on)
* `--admin-port <PORT>` — Bind a control endpoint on `127.0.0.1:<PORT>` for `POST /v1/admin/reload`. Disabled by default. The token comes from `~/.openlatch/provider/admin.token`
* `--log-retention-days <DAYS>` — Days of audit-log retention. Older files are deleted at startup

  Default value: `14`



## `openlatch-provider trigger`

Send a test event to your running listener

**Usage:** `openlatch-provider trigger [OPTIONS] <EVENT_TYPE>`

###### **Arguments:**

* `<EVENT_TYPE>` — Event type — e.g. `pre_tool_use`, `before_shell_execution`

###### **Options:**

* `--binding <ID>` — Binding id to target. Required when more than one binding is configured
* `--tool <NAME>` — Tool name from the agent's perspective (e.g. `Bash`, `Read`)
* `--input <JSON|STRING>` — Tool-call input — JSON literal or plain string. Strings are wrapped as `{"command": "<value>"}` for shell-style hooks
* `--port <PORT>` — Listener port. Default 8443

  Default value: `8443`
* `--host <ADDR>` — Listener host (default `127.0.0.1`)

  Default value: `127.0.0.1`
* `--no-tls` — Send plain HTTP rather than HTTPS. Matches `listen --no-tls`
* `--from-file <PATH>` — Read the full event JSON from a file instead of building one from `--tool` / `--input`. Lets you replay payloads captured from prod
* `--deadline-ms <DEADLINE_MS>` — Synthetic deadline budget (ms). Default 200

  Default value: `200`
* `--agent <PLATFORM>` — Override the agent platform tag (default `claude-code`)

  Default value: `claude-code`



## `openlatch-provider tail`

Watch live events as they arrive

**Usage:** `openlatch-provider tail [OPTIONS]`

###### **Options:**

* `--binding <ID>` — Filter to a single binding id. Default: stream all owned bindings
* `--since <N>` — Print metrics N seconds back before tailing forward

  Default value: `0`
* `--interval <SECS>` — Polling interval (seconds). Default 2

  Default value: `2`



## `openlatch-provider events`

Inspect events recorded by `listen` (audit JSONL stream)

**Usage:** `openlatch-provider events <COMMAND>`

###### **Subcommands:**

* `tail` — Stream the runtime audit log (`~/.openlatch/provider/logs/runtime-*.jsonl`)



## `openlatch-provider events tail`

Stream the runtime audit log (`~/.openlatch/provider/logs/runtime-*.jsonl`)

**Usage:** `openlatch-provider events tail [OPTIONS]`

###### **Options:**

* `--follow` — Follow new lines as the daemon writes them
* `--tail <TAIL>` — Lines to print before following. Default 200

  Default value: `200`



## `openlatch-provider doctor`

Check that everything is set up correctly

**Usage:** `openlatch-provider doctor`



## `openlatch-provider update`

Auto-update via npm registry + minisign verify + atomic swap

**Usage:** `openlatch-provider update [OPTIONS]`

###### **Options:**

* `--check` — Only check for updates; don't apply
* `--apply` — Apply an available update without prompting
* `--registry <URL>` — Override the npm registry origin (default: `https://registry.npmjs.org`). Used by the E2E suite to point at a fake registry served on localhost. Also picked up from `OPENLATCH_PROVIDER_NPM_REGISTRY`
* `--force-cargo` — Bypass the cargo-install gate. Dangerous — see `.claude/rules/auto-update.md` for the rationale on when this is the right call



## `openlatch-provider completions`

Print shell completions for the given shell

**Usage:** `openlatch-provider completions <SHELL>`

###### **Arguments:**

* `<SHELL>` — Target shell

  Possible values: `bash`, `zsh`, `fish`, `power-shell`, `elvish`




## `openlatch-provider config`

View or change your local settings

**Usage:** `openlatch-provider config <COMMAND>`

###### **Subcommands:**

* `get` — Read a setting value
* `set` — Change a setting value
* `list` — Show all your profiles and their settings



## `openlatch-provider config get`

Read a setting value

**Usage:** `openlatch-provider config get <KEY>`

###### **Arguments:**

* `<KEY>`



## `openlatch-provider config set`

Change a setting value

**Usage:** `openlatch-provider config set <KEY> <VALUE>`

###### **Arguments:**

* `<KEY>`
* `<VALUE>`



## `openlatch-provider config list`

Show all your profiles and their settings

**Usage:** `openlatch-provider config list`



<hr/>

<small><i>
    This document was generated automatically by
    <a href="https://crates.io/crates/clap-markdown"><code>clap-markdown</code></a>.
</i></small>