Enum EnrollCommand 

pub enum EnrollCommand {
    Op {
        handle: String,
        json: bool,
    },
    OrgCreate {
        handle: String,
        json: bool,
    },
    OrgAddMember {
        op_did: String,
        org: String,
        json: bool,
    },
    Republish {
        json: bool,
    },
    AddMembership {
        bundle: Option<String>,
        org: Option<String>,
        org_pubkey: Option<String>,
        member_cert: Option<String>,
        json: bool,
    },
    RotateOpKey {
        json: bool,
    },
    RotateOrgKey {
        org_did: String,
        json: bool,
    },
}

wire enroll … — mint the operator/org identities + certs the offline org-membership layer (RFC-001) consumes. Keys are stored 0600 alongside private.key. (Publishing these claims on the agent’s own card — the card-emit integration — is a separate follow-up.)

Variants

Op

Mint this machine’s operator root key (op.key) and print its op_did.

Fields

handle: String

Operator handle (display only; the op_did commits to the key).

json: bool

OrgCreate

Mint an organization root key and print its org_did + org_pubkey.

Fields

handle: String

Org handle (display only; the org_did commits to the key).

json: bool

OrgAddMember

Issue a membership cert: the named org signs an operator’s op_did. Prints the {org_did, org_pubkey, member_cert} bundle for the operator to add to their card’s org_memberships[].

Fields

op_did: String

The operator DID to vouch for (did:wire:op:…).

org: String

Which org signs (its org_did).

json: bool

Republish

Rebuild the agent card with the current enrollment state and republish to the phonebook. Closes the enroll-after-init DX gap: claims are normally attached at card-build time, but an operator who enrolls AFTER init has a stored card that pre-dates the claims. Run this once after wire enroll op / org-add-member to surface them. Idempotent: not-enrolled rebuilds a claims-free card; not-bound prints “local only”.

Fields

json: bool

AddMembership

Ingest a membership cert handed to this operator by an org owner.

Closes the DX gap surfaced in #127 (slate-lotus 2026-05-30 audit): wire enroll org-add-member printed an {org_did, org_pubkey, member_cert} bundle but the receiver had no verb to store it — joining an org required hand-editing <config>/wire/memberships.json. This verb wraps the existing config::add_membership helper + verifies the cert against org_pubkey and this operator’s op_did before storing, so a malformed / wrong-key bundle fails loudly instead of corrupting the next wire enroll republish.

Accepts either a single --bundle '<json>' (the verbatim org-add-member output) or the three fields separately. Idempotent: re-running with the same org_did replaces the prior entry.

Fields

bundle: Option<String>

Verbatim org-add-member output (overrides individual flags when set). Shape: {"org_did":"…","org_pubkey":"…","member_cert":"…"}.

org: Option<String>

Required when --bundle is not set.

org_pubkey: Option<String>

Required when --bundle is not set. Base64.

member_cert: Option<String>

Required when --bundle is not set. Base64-encoded Ed25519 signature by org_pubkey over this operator’s op_did.

json: bool

RotateOpKey

Rotate the operator root key (RFC-001 §T20). Mints a fresh op keypair — which, because the op_did commits to the key, is a NEW op_did — and emits a succession cert: the old key signing the old_op_did → new_op_did handoff. Use after a suspected op-key compromise.

After rotating you MUST re-enroll: every org you’re in re-issues your member_cert against the new op_did (wire enroll org-add-member <new_op_did>), then wire enroll republish. Receiver-side automatic trust-migration from the succession cert is deferred (T20); the cert + the new op_did are recorded in succession.jsonl for that follow-up.

Fields

json: bool

RotateOrgKey

Rotate an organization root key (RFC-001 §T19). Mints a fresh org keypair (a NEW org_did) and emits a succession cert (old org key signs the old_org_did → new_org_did handoff). Use after a suspected org-key compromise.

After rotating you re-issue every member_cert with the new key and republish the org’s DNS-TXT binding to the new org_did. The new key is stored under the new org_did; the old key file is left in place for you to delete.

Fields

org_did: String

The current org_did to rotate (from wire enroll org-create).

json: bool

Trait Implementations

impl Debug for EnrollCommand

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl FromArgMatches for EnrollCommand

fn from_arg_matches(__clap_arg_matches: &ArgMatches) -> Result<Self, Error>

Instantiate Self from ArgMatches, parsing the arguments as needed.

fn from_arg_matches_mut( __clap_arg_matches: &mut ArgMatches, ) -> Result<Self, Error>

Instantiate Self from ArgMatches, parsing the arguments as needed.

fn update_from_arg_matches( &mut self, __clap_arg_matches: &ArgMatches, ) -> Result<(), Error>

Assign values from ArgMatches to self.

fn update_from_arg_matches_mut<'b>( &mut self, __clap_arg_matches: &mut ArgMatches, ) -> Result<(), Error>

Assign values from ArgMatches to self.

impl Subcommand for EnrollCommand

fn augment_subcommands<'b>(__clap_app: Command) -> Command

Append to Command so it can instantiate Self via FromArgMatches::from_arg_matches_mut

fn augment_subcommands_for_update<'b>(__clap_app: Command) -> Command

Append to Command so it can instantiate self via FromArgMatches::update_from_arg_matches_mut

fn has_subcommand(__clap_name: &str) -> bool

Test whether Self can parse a specific subcommand