npm - @attest-it/cli - Versions diffs - 0.1.0 → 0.2.0 - Mend

@attest-it/cli 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/index.js CHANGED Viewed

@@ -1,15 +1,42 @@
 import { Command } from 'commander';
 import * as fs from 'fs';
 import * as path from 'path';
-import pc from 'picocolors';
+import { join, dirname } from 'path';
+import { detectTheme } from 'chromaterm';
 import { confirm } from '@inquirer/prompts';
 import { loadConfig, readAttestations, computeFingerprint, findAttestation, createAttestation, upsertAttestation, getDefaultPrivateKeyPath, writeSignedAttestations, checkOpenSSL, getDefaultPublicKeyPath, generateKeyPair, setKeyPermissions, verifyAttestations, toAttestItConfig } from '@attest-it/core';
 import { spawn } from 'child_process';
 import * as os from 'os';
 import { parse } from 'shell-quote';
+import * as React7 from 'react';
+import { render, useApp, Box, Text, useInput } from 'ink';
+import { jsx, jsxs, Fragment } from 'react/jsx-runtime';
+import { readFile, unlink, mkdir, writeFile } from 'fs/promises';
 // src/index.ts
 var globalOptions = {};
+var theme;
+async function initTheme() {
+  theme = await detectTheme();
+}
+function getTheme() {
+  if (!theme) {
+    const noopFn = (str) => str;
+    const chainable = () => noopFn;
+    theme = {
+      red: Object.assign(noopFn, { bold: chainable, dim: chainable }),
+      green: Object.assign(noopFn, { bold: chainable, dim: chainable }),
+      yellow: Object.assign(noopFn, { bold: chainable, dim: chainable }),
+      blue: Object.assign(noopFn, { bold: chainable, dim: chainable }),
+      success: noopFn,
+      error: noopFn,
+      warning: noopFn,
+      info: noopFn,
+      muted: noopFn
+    };
+  }
+  return theme;
+}
 function setOutputOptions(options) {
   globalOptions = options;
 }
@@ -20,22 +47,22 @@ function log(message) {
 }
 function verbose(message) {
   if (globalOptions.verbose && !globalOptions.quiet) {
-    console.log(pc.dim(message));
+    console.log(getTheme().muted(message));
   }
 }
 function success(message) {
-  log(pc.green("\u2713 " + message));
+  log(getTheme().success("\u2713 " + message));
 }
 function error(message) {
-  console.error(pc.red("\u2717 " + message));
+  console.error(getTheme().error("\u2717 " + message));
 }
 function warn(message) {
   if (!globalOptions.quiet) {
-    console.warn(pc.yellow("\u26A0 " + message));
+    console.warn(getTheme().warning("\u26A0 " + message));
   }
 }
 function info(message) {
-  log(pc.blue("\u2139 " + message));
+  log(getTheme().info("\u2139 " + message));
 }
 function formatTable(rows) {
   const headers = ["Suite", "Status", "Fingerprint", "Age"];
@@ -64,17 +91,18 @@ function formatTable(rows) {
   return lines.join("\n");
 }
 function colorizeStatus(status) {
+  const t = getTheme();
   switch (status) {
     case "VALID":
-      return pc.green(status);
+      return t.green(status);
     case "NEEDS_ATTESTATION":
     case "FINGERPRINT_CHANGED":
-      return pc.yellow(status);
+      return t.yellow(status);
     case "EXPIRED":
     case "INVALIDATED_BY_PARENT":
-      return pc.red(status);
+      return t.red(status);
     case "SIGNATURE_INVALID":
-      return pc.red(pc.bold(status));
+      return t.red.bold()(status);
     default:
       return status;
   }
@@ -95,12 +123,14 @@ var ExitCode = {
   SUCCESS: 0,
   /** Tests failed or attestation invalid */
   FAILURE: 1,
+  /** Nothing needed attestation */
+  NO_WORK: 2,
   /** Configuration or validation error */
-  CONFIG_ERROR: 2,
+  CONFIG_ERROR: 3,
   /** User cancelled the operation */
-  CANCELLED: 3,
+  CANCELLED: 4,
   /** Missing required key file */
-  MISSING_KEY: 4
+  MISSING_KEY: 5
 };
 // src/commands/init.ts
@@ -294,92 +324,797 @@ function formatAge(result) {
   }
   return "-";
 }
-var runCommand = new Command("run").description("Execute tests and create attestation").option("-s, --suite <name>", "Run specific suite (required unless --all)").option("-a, --all", "Run all suites needing attestation").option("--no-attest", "Run tests without creating attestation").option("-y, --yes", "Skip confirmation prompt").action(async (options) => {
-  await runTests(options);
-});
-async function runTests(options) {
-  try {
-    if (!options.suite && !options.all) {
-      error("Either --suite or --all is required");
-      process.exit(ExitCode.CONFIG_ERROR);
+function Header({ pendingCount }) {
+  const message = `${pendingCount.toString()} suite${pendingCount === 1 ? "" : "s"} need${pendingCount === 1 ? "s" : ""} attestation`;
+  return /* @__PURE__ */ jsx(Box, { borderStyle: "single", paddingX: 1, children: /* @__PURE__ */ jsx(Text, { children: message }) });
+}
+function StatusBadge({ status }) {
+  const statusConfig = getStatusConfig(status);
+  if (statusConfig.bold) {
+    return /* @__PURE__ */ jsx(Text, { color: statusConfig.color, bold: true, children: statusConfig.text });
+  }
+  return /* @__PURE__ */ jsx(Text, { color: statusConfig.color, children: statusConfig.text });
+}
+function getStatusConfig(status) {
+  switch (status) {
+    case "VALID":
+      return { text: "\u2713 VALID", color: "green" };
+    case "NEEDS_ATTESTATION":
+      return { text: "MISSING", color: "yellow" };
+    case "FINGERPRINT_CHANGED":
+      return { text: "CHANGED", color: "yellow" };
+    case "EXPIRED":
+      return { text: "STALE", color: "red" };
+    case "SIGNATURE_INVALID":
+      return { text: "INVALID", color: "red", bold: true };
+    case "INVALIDATED_BY_PARENT":
+      return { text: "INVALIDATED", color: "red" };
+    default: {
+      const _exhaustive = status;
+      return { text: String(_exhaustive), color: "yellow" };
     }
-    const config = await loadConfig();
-    const suitesToRun = options.all ? Object.keys(config.suites) : options.suite ? [options.suite] : [];
-    if (options.suite && !config.suites[options.suite]) {
-      error(`Suite "${options.suite}" not found in config`);
-      process.exit(ExitCode.CONFIG_ERROR);
+  }
+}
+function SuiteTable({
+  suites,
+  selectable = false,
+  selected = /* @__PURE__ */ new Set()
+}) {
+  const columnWidths = calculateColumnWidths(suites);
+  return /* @__PURE__ */ jsxs(Box, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsxs(Box, { children: [
+      selectable && /* @__PURE__ */ jsx(Text, { children: " ".repeat(4) }),
+      /* @__PURE__ */ jsx(Text, { bold: true, children: padEnd("Status", columnWidths.status) }),
+      /* @__PURE__ */ jsx(Text, { children: " " }),
+      /* @__PURE__ */ jsx(Text, { bold: true, children: padEnd("Suite", columnWidths.suite) }),
+      /* @__PURE__ */ jsx(Text, { children: " " }),
+      /* @__PURE__ */ jsx(Text, { bold: true, children: "Reason" })
+    ] }),
+    /* @__PURE__ */ jsx(Box, { children: /* @__PURE__ */ jsx(Text, { color: "gray", children: "\u2500".repeat(
+      (selectable ? 4 : 0) + columnWidths.status + columnWidths.suite + columnWidths.reason
+    ) }) }),
+    suites.map((suite) => /* @__PURE__ */ jsxs(Box, { children: [
+      selectable && /* @__PURE__ */ jsx(Text, { children: selected.has(suite.name) ? "[\u2713] " : "[ ] " }),
+      /* @__PURE__ */ jsx(Box, { width: columnWidths.status, children: /* @__PURE__ */ jsx(StatusBadge, { status: suite.status }) }),
+      /* @__PURE__ */ jsx(Text, { children: " " }),
+      /* @__PURE__ */ jsx(Text, { children: padEnd(suite.name, columnWidths.suite) }),
+      /* @__PURE__ */ jsx(Text, { children: " " }),
+      /* @__PURE__ */ jsx(Text, { color: "gray", children: suite.reason })
+    ] }, suite.name))
+  ] });
+}
+function calculateColumnWidths(suites, _selectable) {
+  const statusHeader = "Status";
+  const suiteHeader = "Suite";
+  const reasonHeader = "Reason";
+  const statusWidth = Math.max(statusHeader.length, 13);
+  const suiteWidth = Math.max(suiteHeader.length, ...suites.map((s) => s.name.length));
+  const reasonWidth = Math.max(reasonHeader.length, ...suites.map((s) => s.reason.length));
+  return {
+    status: statusWidth,
+    suite: suiteWidth,
+    reason: reasonWidth
+  };
+}
+function padEnd(str, width) {
+  return str.padEnd(width, " ");
+}
+function SelectionPrompt({
+  message,
+  options,
+  onSelect,
+  groups
+}) {
+  useInput((input) => {
+    const matchedOption = options.find((opt) => opt.hint === input);
+    if (matchedOption) {
+      onSelect(matchedOption.value);
+      return;
     }
-    const isDirty = await checkDirtyWorkingTree();
-    if (isDirty) {
-      error("Working tree has uncommitted changes. Please commit or stash before attesting.");
-      process.exit(ExitCode.CONFIG_ERROR);
+    if (groups) {
+      const matchedGroup = groups.find((group) => group.name === input);
+      if (matchedGroup) {
+        onSelect(matchedGroup.name);
+      }
     }
-    for (const suiteName of suitesToRun) {
-      const suiteConfig = config.suites[suiteName];
-      if (!suiteConfig) continue;
-      log(`
-=== Running suite: ${suiteName} ===
-`);
-      const fingerprintOptions = {
-        packages: suiteConfig.packages,
-        ...suiteConfig.ignore && { ignore: suiteConfig.ignore }
-      };
-      const fingerprintResult = await computeFingerprint(fingerprintOptions);
-      verbose(`Fingerprint: ${fingerprintResult.fingerprint}`);
-      verbose(`Files: ${String(fingerprintResult.fileCount)}`);
-      const command = buildCommand(config, suiteConfig.command, suiteConfig.files);
-      log(`Running: ${command}`);
-      log("");
-      const exitCode = await executeCommand(command);
-      if (exitCode !== 0) {
-        error(`Tests failed with exit code ${String(exitCode)}`);
-        process.exit(ExitCode.FAILURE);
+  });
+  return /* @__PURE__ */ jsxs(Box, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsx(Text, { bold: true, children: message }),
+    /* @__PURE__ */ jsx(Box, { marginTop: 1, gap: 2, children: options.map((option) => /* @__PURE__ */ jsxs(Text, { children: [
+      option.hint && /* @__PURE__ */ jsxs(Fragment, { children: [
+        /* @__PURE__ */ jsxs(Text, { color: "cyan", children: [
+          "[",
+          option.hint,
+          "]"
+        ] }),
+        " "
+      ] }),
+      option.label
+    ] }, option.value)) }),
+    groups && groups.length > 0 && /* @__PURE__ */ jsx(Box, { marginTop: 1, gap: 2, children: groups.map((group) => /* @__PURE__ */ jsxs(Text, { children: [
+      /* @__PURE__ */ jsxs(Text, { color: "cyan", children: [
+        "[",
+        group.name,
+        "]"
+      ] }),
+      " ",
+      group.label
+    ] }, group.name)) })
+  ] });
+}
+function SuiteSelector({
+  pendingSuites,
+  validSuites,
+  groups,
+  onSelect,
+  onExit
+}) {
+  const [selectedSuites, setSelectedSuites] = React7.useState(/* @__PURE__ */ new Set());
+  const [cursorIndex, setCursorIndex] = React7.useState(0);
+  const toggleSuite = React7.useCallback((suiteName) => {
+    setSelectedSuites((prev) => {
+      const next = new Set(prev);
+      if (next.has(suiteName)) {
+        next.delete(suiteName);
+      } else {
+        next.add(suiteName);
       }
-      success("Tests passed!");
-      if (options.attest === false) {
-        log("Skipping attestation (--no-attest)");
-        continue;
+      return next;
+    });
+  }, []);
+  useInput((input, key) => {
+    if (input === "a") {
+      setSelectedSuites(new Set(pendingSuites.map((s) => s.name)));
+      return;
+    }
+    if (input === "n") {
+      onExit();
+      return;
+    }
+    if (/^[1-9]$/.test(input)) {
+      const idx = parseInt(input, 10) - 1;
+      if (idx < pendingSuites.length) {
+        const suite = pendingSuites[idx];
+        if (suite) {
+          toggleSuite(suite.name);
+        }
       }
-      const shouldAttest = options.yes ?? await confirmAction({
-        message: "Create attestation?",
-        default: true
-      });
-      if (!shouldAttest) {
-        warn("Attestation cancelled");
-        process.exit(ExitCode.CANCELLED);
+      return;
+    }
+    if (input.startsWith("g") && groups) {
+      const groupIdx = parseInt(input.slice(1), 10) - 1;
+      const groupNames = Object.keys(groups);
+      if (groupIdx >= 0 && groupIdx < groupNames.length) {
+        const groupName = groupNames[groupIdx];
+        if (groupName) {
+          const groupSuites = groups[groupName] ?? [];
+          const newSelected = new Set(selectedSuites);
+          groupSuites.forEach((s) => newSelected.add(s));
+          setSelectedSuites(newSelected);
+        }
       }
-      const attestation = createAttestation({
-        suite: suiteName,
-        fingerprint: fingerprintResult.fingerprint,
-        command,
-        attestedBy: os.userInfo().username
-      });
-      const attestationsPath = config.settings.attestationsPath;
-      const existingFile = await readAttestations(attestationsPath);
-      const existingAttestations = existingFile?.attestations ?? [];
-      const newAttestations = upsertAttestation(existingAttestations, attestation);
-      const privateKeyPath = getDefaultPrivateKeyPath();
-      if (!fs.existsSync(privateKeyPath)) {
-        error(`Private key not found: ${privateKeyPath}`);
-        error('Run "attest-it keygen" first to generate a keypair.');
-        process.exit(ExitCode.MISSING_KEY);
+      return;
+    }
+    if (key.return) {
+      onSelect(Array.from(selectedSuites));
+      return;
+    }
+    if (input === " ") {
+      const currentSuite = pendingSuites[cursorIndex];
+      if (currentSuite) {
+        toggleSuite(currentSuite.name);
       }
-      await writeSignedAttestations({
-        filePath: attestationsPath,
-        attestations: newAttestations,
-        privateKeyPath
-      });
-      success(`Attestation created for ${suiteName}`);
-      log(`  Fingerprint: ${fingerprintResult.fingerprint}`);
-      log(`  Attested by: ${attestation.attestedBy}`);
-      log(`  Attested at: ${attestation.attestedAt}`);
+      return;
     }
-    log("");
-    success("All suites completed!");
-    log(
-      `
-To commit: git add ${config.settings.attestationsPath} && git commit -m "Update attestations"`
+    if (key.upArrow) {
+      setCursorIndex(Math.max(0, cursorIndex - 1));
+      return;
+    }
+    if (key.downArrow) {
+      setCursorIndex(Math.min(pendingSuites.length - 1, cursorIndex + 1));
+      return;
+    }
+  });
+  return /* @__PURE__ */ jsxs(Box, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsx(Header, { pendingCount: pendingSuites.length }),
+    /* @__PURE__ */ jsx(Box, { marginY: 1, children: /* @__PURE__ */ jsx(SuiteTable, { suites: pendingSuites, selectable: true, selected: selectedSuites }) }),
+    validSuites.length > 0 && /* @__PURE__ */ jsxs(Box, { marginY: 1, flexDirection: "column", children: [
+      /* @__PURE__ */ jsx(Text, { dimColor: true, children: "Already valid:" }),
+      validSuites.map((s) => /* @__PURE__ */ jsxs(Text, { dimColor: true, children: [
+        "  ",
+        "\u2713 ",
+        s.name,
+        " (attested ",
+        String(s.age ?? 0),
+        " days ago)"
+      ] }, s.name))
+    ] }),
+    /* @__PURE__ */ jsx(
+      SelectionPrompt,
+      {
+        message: "Select suites to run:",
+        options: [
+          { label: "All pending", value: "all", hint: "a" },
+          { label: "By number", value: "number", hint: "1-9" },
+          { label: "None/exit", value: "none", hint: "n" }
+        ],
+        groups: groups ? Object.keys(groups).map((name, i) => ({
+          name: `g${String(i + 1)}`,
+          label: name
+        })) : void 0,
+        onSelect: () => {
+        }
+      }
+    ),
+    /* @__PURE__ */ jsxs(Text, { color: "cyan", children: [
+      selectedSuites.size,
+      " selected. Press Enter to confirm."
+    ] })
+  ] });
+}
+function ProgressSummary({
+  completed,
+  remaining,
+  failed,
+  skipped
+}) {
+  return /* @__PURE__ */ jsx(Box, { borderStyle: "single", paddingX: 1, children: /* @__PURE__ */ jsxs(Text, { children: [
+    /* @__PURE__ */ jsxs(Text, { color: "green", children: [
+      "Completed: ",
+      completed
+    ] }),
+    "    ",
+    /* @__PURE__ */ jsxs(Text, { color: "yellow", children: [
+      "Remaining: ",
+      remaining
+    ] }),
+    "    ",
+    /* @__PURE__ */ jsxs(Text, { color: "red", children: [
+      "Failed: ",
+      failed
+    ] }),
+    "    ",
+    /* @__PURE__ */ jsxs(Text, { color: "gray", children: [
+      "Skipped: ",
+      skipped
+    ] })
+  ] }) });
+}
+function TestRunner({
+  suites,
+  executeTest,
+  createAttestation: createAttestation3,
+  onComplete
+}) {
+  const [currentIndex, setCurrentIndex] = React7.useState(0);
+  const [phase, setPhase] = React7.useState("running");
+  const [results, setResults] = React7.useState({
+    completed: [],
+    failed: [],
+    skipped: []
+  });
+  const [_testPassed, setTestPassed] = React7.useState(false);
+  const resultsRef = React7.useRef(results);
+  React7.useEffect(() => {
+    resultsRef.current = results;
+  }, [results]);
+  React7.useEffect(() => {
+    if (phase !== "running") return;
+    const currentSuite2 = suites[currentIndex];
+    if (!currentSuite2) {
+      onComplete(resultsRef.current);
+      setPhase("complete");
+      return;
+    }
+    let cancelled = false;
+    executeTest(currentSuite2).then((passed) => {
+      if (cancelled) return;
+      setTestPassed(passed);
+      if (passed) {
+        setPhase("confirming");
+      } else {
+        setResults((prev) => ({
+          ...prev,
+          failed: [...prev.failed, currentSuite2]
+        }));
+        setCurrentIndex((prev) => prev + 1);
+      }
+    }).catch(() => {
+      if (cancelled) return;
+      setResults((prev) => ({
+        ...prev,
+        failed: [...prev.failed, currentSuite2]
+      }));
+      setCurrentIndex((prev) => prev + 1);
+    });
+    return () => {
+      cancelled = true;
+    };
+  }, [currentIndex, phase, suites, executeTest, onComplete]);
+  useInput(
+    (input, key) => {
+      if (phase !== "confirming") return;
+      const currentSuite2 = suites[currentIndex];
+      if (!currentSuite2) return;
+      if (input.toLowerCase() === "y" || key.return) {
+        createAttestation3(currentSuite2).then(() => {
+          setResults((prev) => ({
+            ...prev,
+            completed: [...prev.completed, currentSuite2]
+          }));
+          setCurrentIndex((prev) => prev + 1);
+          setPhase("running");
+        }).catch(() => {
+          setResults((prev) => ({
+            ...prev,
+            skipped: [...prev.skipped, currentSuite2]
+          }));
+          setCurrentIndex((prev) => prev + 1);
+          setPhase("running");
+        });
+      }
+      if (input.toLowerCase() === "n") {
+        setResults((prev) => ({
+          ...prev,
+          skipped: [...prev.skipped, currentSuite2]
+        }));
+        setCurrentIndex((prev) => prev + 1);
+        setPhase("running");
+      }
+    },
+    { isActive: phase === "confirming" }
+  );
+  const currentSuite = suites[currentIndex];
+  return /* @__PURE__ */ jsxs(Box, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsx(
+      ProgressSummary,
+      {
+        completed: results.completed.length,
+        failed: results.failed.length,
+        remaining: suites.length - currentIndex,
+        skipped: results.skipped.length
+      }
+    ),
+    /* @__PURE__ */ jsxs(Box, { marginY: 1, children: [
+      phase === "running" && currentSuite && /* @__PURE__ */ jsxs(Box, { children: [
+        /* @__PURE__ */ jsx(SimpleSpinner, {}),
+        /* @__PURE__ */ jsxs(Text, { children: [
+          " Running ",
+          currentSuite,
+          "..."
+        ] })
+      ] }),
+      phase === "confirming" && currentSuite && /* @__PURE__ */ jsxs(Box, { flexDirection: "column", children: [
+        /* @__PURE__ */ jsx(Text, { color: "green", children: "\u2713 Tests passed!" }),
+        /* @__PURE__ */ jsxs(Text, { children: [
+          "Create attestation for ",
+          currentSuite,
+          "? [Y/n]: "
+        ] })
+      ] }),
+      phase === "complete" && /* @__PURE__ */ jsxs(Box, { flexDirection: "column", children: [
+        /* @__PURE__ */ jsx(Text, { color: "green", children: "\u2713 All suites processed" }),
+        /* @__PURE__ */ jsxs(Text, { children: [
+          "Completed: ",
+          results.completed.length,
+          ", Failed: ",
+          results.failed.length,
+          ", Skipped:",
+          " ",
+          results.skipped.length
+        ] })
+      ] })
+    ] })
+  ] });
+}
+function SimpleSpinner() {
+  const [frame, setFrame] = React7.useState(0);
+  const frames = ["\u280B", "\u2819", "\u2839", "\u2838", "\u283C", "\u2834", "\u2826", "\u2827", "\u2807", "\u280F"];
+  React7.useEffect(() => {
+    const timer = setInterval(() => {
+      setFrame((f) => (f + 1) % frames.length);
+    }, 80);
+    return () => {
+      clearInterval(timer);
+    };
+  }, []);
+  return /* @__PURE__ */ jsx(Text, { color: "cyan", children: frames[frame] });
+}
+function InteractiveRun({
+  allSuites,
+  config,
+  executeTest,
+  createAttestation: createAttestation3,
+  saveSession: saveSession2,
+  preSelected
+}) {
+  const { exit } = useApp();
+  const [phase, setPhase] = React7.useState(preSelected ? "running" : "selecting");
+  const [selectedSuites, setSelectedSuites] = React7.useState(preSelected ?? []);
+  const [results, setResults] = React7.useState({
+    completed: [],
+    failed: [],
+    skipped: []
+  });
+  const pendingSuites = React7.useMemo(
+    () => allSuites.filter((s) => s.status !== "VALID"),
+    [allSuites]
+  );
+  const validSuites = React7.useMemo(
+    () => allSuites.filter((s) => s.status === "VALID"),
+    [allSuites]
+  );
+  const handleSelect = React7.useCallback(
+    (selected) => {
+      if (selected.length === 0) {
+        exit();
+        return;
+      }
+      setSelectedSuites(selected);
+      setPhase("running");
+    },
+    [exit]
+  );
+  const handleRunComplete = React7.useCallback(
+    (runResults) => {
+      void (async () => {
+        setResults(runResults);
+        if (runResults.failed.length === 0 && runResults.skipped.length === 0) {
+          await saveSession2([], [], []);
+        } else {
+          await saveSession2(runResults.completed, runResults.failed, []);
+        }
+        setPhase("complete");
+      })();
+    },
+    [saveSession2]
+  );
+  if (pendingSuites.length === 0) {
+    return /* @__PURE__ */ jsxs(Box, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsx(Text, { color: "green", children: "\u2713 All suites are valid. Nothing to run." }),
+      validSuites.length > 0 && /* @__PURE__ */ jsxs(Text, { dimColor: true, children: [
+        validSuites.length,
+        " suite(s) already attested."
+      ] })
+    ] });
+  }
+  return /* @__PURE__ */ jsxs(Box, { flexDirection: "column", children: [
+    phase === "selecting" && /* @__PURE__ */ jsx(
+      SuiteSelector,
+      {
+        pendingSuites,
+        validSuites,
+        groups: config.groups,
+        onSelect: handleSelect,
+        onExit: () => {
+          exit();
+        }
+      }
+    ),
+    phase === "running" && /* @__PURE__ */ jsx(
+      TestRunner,
+      {
+        suites: selectedSuites,
+        executeTest,
+        createAttestation: createAttestation3,
+        onComplete: handleRunComplete
+      }
+    ),
+    phase === "complete" && /* @__PURE__ */ jsxs(Box, { flexDirection: "column", children: [
+      /* @__PURE__ */ jsx(
+        ProgressSummary,
+        {
+          completed: results.completed.length,
+          failed: results.failed.length,
+          remaining: 0,
+          skipped: results.skipped.length
+        }
+      ),
+      /* @__PURE__ */ jsx(Box, { marginY: 1, children: results.failed.length === 0 && results.skipped.length === 0 ? /* @__PURE__ */ jsx(Text, { color: "green", children: "\u2713 All suites attested successfully!" }) : /* @__PURE__ */ jsxs(Box, { flexDirection: "column", children: [
+        results.failed.length > 0 && /* @__PURE__ */ jsxs(Text, { color: "red", children: [
+          "\u2717 ",
+          results.failed.length,
+          " suite(s) failed: ",
+          results.failed.join(", ")
+        ] }),
+        /* @__PURE__ */ jsx(Text, { children: "Run `attest-it run` again to continue with remaining suites." })
+      ] }) })
+    ] })
+  ] });
+}
+function determineStatus2(attestation, currentFingerprint, maxAgeDays) {
+  if (!attestation) {
+    return "NEEDS_ATTESTATION";
+  }
+  if (attestation.fingerprint !== currentFingerprint) {
+    return "FINGERPRINT_CHANGED";
+  }
+  const attestedAt = new Date(attestation.attestedAt);
+  const ageInDays = Math.floor((Date.now() - attestedAt.getTime()) / (1e3 * 60 * 60 * 24));
+  if (ageInDays > maxAgeDays) {
+    return "EXPIRED";
+  }
+  return "VALID";
+}
+async function getAllSuiteStatuses(config) {
+  let attestationsFile = null;
+  try {
+    attestationsFile = await readAttestations(config.settings.attestationsPath);
+  } catch (err) {
+    if (err instanceof Error && !err.message.includes("ENOENT")) {
+      throw err;
+    }
+  }
+  const attestations = attestationsFile?.attestations ?? [];
+  const results = [];
+  for (const [suiteName, suiteConfig] of Object.entries(config.suites)) {
+    const fingerprintResult = await computeFingerprint({
+      packages: suiteConfig.packages,
+      ...suiteConfig.ignore && { ignore: suiteConfig.ignore }
+    });
+    const attestation = findAttestation(
+      { schemaVersion: "1", attestations, signature: "" },
+      suiteName
+    );
+    const status = determineStatus2(
+      attestation,
+      fingerprintResult.fingerprint,
+      config.settings.maxAgeDays
     );
+    let age;
+    if (attestation) {
+      const attestedAt = new Date(attestation.attestedAt);
+      age = Math.floor((Date.now() - attestedAt.getTime()) / (1e3 * 60 * 60 * 24));
+    }
+    results.push({
+      name: suiteName,
+      status,
+      reason: formatStatusReason(status, age, config.settings.maxAgeDays),
+      currentFingerprint: fingerprintResult.fingerprint,
+      attestedFingerprint: attestation?.fingerprint,
+      attestedAt: attestation?.attestedAt,
+      age
+    });
+  }
+  return results;
+}
+function formatStatusReason(status, age, maxAgeDays) {
+  switch (status) {
+    case "VALID":
+      return `Attested ${String(age ?? 0)} days ago`;
+    case "NEEDS_ATTESTATION":
+      return "No attestation found";
+    case "FINGERPRINT_CHANGED":
+      return "Source files modified";
+    case "EXPIRED":
+      return `${String(age ?? 0)} days old (max: ${String(maxAgeDays ?? 30)})`;
+    case "SIGNATURE_INVALID":
+      return "Signature verification failed";
+    case "INVALIDATED_BY_PARENT":
+      return "Invalidated by parent suite";
+    default:
+      return status;
+  }
+}
+function getSessionPath() {
+  return join(process.cwd(), ".attest-it", "session.json");
+}
+async function loadSession() {
+  try {
+    const content = await readFile(getSessionPath(), "utf-8");
+    const data = JSON.parse(content);
+    if (!isValidSession(data)) {
+      return null;
+    }
+    return data;
+  } catch {
+    return null;
+  }
+}
+async function saveSession(session) {
+  const sessionPath = getSessionPath();
+  const dir = dirname(sessionPath);
+  await mkdir(dir, { recursive: true });
+  await writeFile(sessionPath, JSON.stringify(session, null, 2), "utf-8");
+}
+async function clearSession() {
+  try {
+    await unlink(getSessionPath());
+  } catch {
+  }
+}
+function isValidSession(data) {
+  if (typeof data !== "object" || data === null) {
+    return false;
+  }
+  const obj = data;
+  return typeof obj.started === "string" && Array.isArray(obj.selected) && obj.selected.every((item) => typeof item === "string") && Array.isArray(obj.completed) && obj.completed.every((item) => typeof item === "string") && Array.isArray(obj.failed) && obj.failed.every((item) => typeof item === "string") && Array.isArray(obj.remaining) && obj.remaining.every((item) => typeof item === "string");
+}
+async function runInteractive(options) {
+  const config = await loadConfig();
+  const allSuites = await getAllSuiteStatuses(config);
+  let preSelected;
+  if (options.continue) {
+    const session = await loadSession();
+    if (session && session.remaining.length > 0) {
+      preSelected = session.remaining;
+      log(`Resuming session with ${String(preSelected.length)} remaining suite(s)`);
+    }
+  }
+  if (options.dryRun) {
+    handleDryRun(allSuites, config, options.filter);
+    return;
+  }
+  const pendingSuites = allSuites.filter((s) => s.status !== "VALID");
+  if (pendingSuites.length === 0) {
+    log("All suites are valid. Nothing to run.");
+    process.exit(ExitCode.NO_WORK);
+  }
+  const isDirty = await checkDirtyWorkingTree();
+  if (isDirty) {
+    error("Working tree has uncommitted changes. Please commit or stash before attesting.");
+    process.exit(ExitCode.CONFIG_ERROR);
+  }
+  const executeTest = createTestExecutor(config);
+  const createAttestationFn = createAttestationCreator(config);
+  const saveSessionFn = createSessionSaver();
+  const interactiveRunProps = {
+    allSuites,
+    config,
+    executeTest,
+    createAttestation: createAttestationFn,
+    saveSession: saveSessionFn,
+    ...preSelected !== void 0 && { preSelected }
+  };
+  const { waitUntilExit } = render(/* @__PURE__ */ jsx(InteractiveRun, { ...interactiveRunProps }));
+  await waitUntilExit();
+}
+function handleDryRun(allSuites, config, filterPattern) {
+  let pendingSuites = allSuites.filter((s) => s.status !== "VALID");
+  if (filterPattern) {
+    const regex = new RegExp("^" + filterPattern.replace(/\*/g, ".*") + "$", "i");
+    pendingSuites = pendingSuites.filter((s) => regex.test(s.name));
+  }
+  if (pendingSuites.length === 0) {
+    log("No suites would run (all valid or filtered out).");
+    process.exit(ExitCode.NO_WORK);
+  }
+  log(`Would run ${String(pendingSuites.length)} suite(s):`);
+  pendingSuites.forEach((s, i) => {
+    log(`  ${String(i + 1)}. ${s.name} (${s.status})`);
+  });
+  log("");
+  log("Use `attest-it run` to execute.");
+  process.exit(ExitCode.SUCCESS);
+}
+function createTestExecutor(config) {
+  return async (suiteName) => {
+    const suiteConfig = config.suites[suiteName];
+    if (!suiteConfig) {
+      error(`Suite "${suiteName}" not found in config`);
+      return false;
+    }
+    let command = suiteConfig.command ?? config.settings.defaultCommand;
+    if (!command) {
+      error(`No command specified for suite "${suiteName}"`);
+      return false;
+    }
+    if (command.includes("${files}") && suiteConfig.files) {
+      command = command.replaceAll("${files}", suiteConfig.files.join(" "));
+    }
+    log(`Running: ${command}`);
+    const exitCode = await executeCommand(command);
+    return exitCode === 0;
+  };
+}
+function createAttestationCreator(config) {
+  return async (suiteName) => {
+    const suiteConfig = config.suites[suiteName];
+    if (!suiteConfig) {
+      throw new Error(`Suite "${suiteName}" not found`);
+    }
+    const fingerprintResult = await computeFingerprint({
+      packages: suiteConfig.packages,
+      ...suiteConfig.ignore && { ignore: suiteConfig.ignore }
+    });
+    const attestation = createAttestation({
+      suite: suiteName,
+      fingerprint: fingerprintResult.fingerprint,
+      command: suiteConfig.command ?? config.settings.defaultCommand ?? "",
+      attestedBy: os.userInfo().username
+    });
+    const attestationsPath = config.settings.attestationsPath;
+    const existingFile = await readAttestations(attestationsPath).catch(() => null);
+    const existingAttestations = existingFile?.attestations ?? [];
+    const newAttestations = upsertAttestation(existingAttestations, attestation);
+    const privateKeyPath = getDefaultPrivateKeyPath();
+    if (!fs.existsSync(privateKeyPath)) {
+      throw new Error(`Private key not found: ${privateKeyPath}. Run "attest-it keygen" first.`);
+    }
+    await writeSignedAttestations({
+      filePath: attestationsPath,
+      attestations: newAttestations,
+      privateKeyPath
+    });
+    log(`\u2713 Attestation created for ${suiteName}`);
+  };
+}
+function createSessionSaver() {
+  return async (completed, failed, remaining) => {
+    if (completed.length === 0 && failed.length === 0 && remaining.length === 0) {
+      await clearSession();
+    } else {
+      await saveSession({
+        started: (/* @__PURE__ */ new Date()).toISOString(),
+        selected: [...completed, ...failed, ...remaining],
+        completed,
+        failed,
+        remaining
+      });
+    }
+  };
+}
+async function executeCommand(command) {
+  return new Promise((resolve2) => {
+    const parsed = parse(command);
+    const stringArgs = parsed.filter((t) => typeof t === "string");
+    if (stringArgs.length === 0) {
+      error("Empty command");
+      resolve2(1);
+      return;
+    }
+    const [executable, ...args] = stringArgs;
+    if (!executable) {
+      resolve2(1);
+      return;
+    }
+    const child = spawn(executable, args, { stdio: "inherit" });
+    child.on("close", (code) => {
+      resolve2(code ?? 1);
+    });
+    child.on("error", (err) => {
+      error(`Command failed: ${err.message}`);
+      resolve2(1);
+    });
+  });
+}
+async function checkDirtyWorkingTree() {
+  return new Promise((resolve2) => {
+    const child = spawn("git", ["status", "--porcelain"], {
+      stdio: ["ignore", "pipe", "pipe"]
+    });
+    let output = "";
+    child.stdout.on("data", (data) => {
+      output += data.toString();
+    });
+    child.on("close", () => {
+      resolve2(output.trim().length > 0);
+    });
+    child.on("error", () => {
+      resolve2(false);
+    });
+  });
+}
+// src/commands/run.ts
+var runCommand = new Command("run").description("Execute tests and create attestation").option("-s, --suite <name>", "Run specific suite (required unless --all or interactive mode)").option("-a, --all", "Run all suites needing attestation").option("--no-attest", "Run tests without creating attestation").option("-y, --yes", "Skip confirmation prompt").option("--dry-run", "Show what would run without executing").option("-c, --continue", "Resume interrupted session").option("--filter <pattern>", "Filter suites by pattern (glob-style)").action(async (options) => {
+  await runTests(options);
+});
+async function runTests(options) {
+  try {
+    if (options.suite) {
+      await runDirectMode(options);
+      return;
+    }
+    if (options.all) {
+      await runAllPending(options);
+      return;
+    }
+    await runInteractive({
+      dryRun: options.dryRun,
+      continue: options.continue,
+      filter: options.filter
+    });
   } catch (err) {
     if (err instanceof Error) {
       error(err.message);
@@ -415,7 +1150,7 @@ function parseCommand(command) {
   }
   return { executable, args };
 }
-async function executeCommand(command) {
+async function executeCommand2(command) {
   return new Promise((resolve2) => {
     let parsed;
     try {
@@ -442,7 +1177,7 @@ async function executeCommand(command) {
     });
   });
 }
-async function checkDirtyWorkingTree() {
+async function checkDirtyWorkingTree2() {
   return new Promise((resolve2) => {
     const child = spawn("git", ["status", "--porcelain"], {
       stdio: ["ignore", "pipe", "pipe"]
@@ -459,6 +1194,131 @@ async function checkDirtyWorkingTree() {
     });
   });
 }
+async function runDirectMode(options) {
+  if (!options.suite) {
+    error("Suite name is required for direct mode");
+    process.exit(ExitCode.CONFIG_ERROR);
+  }
+  const config = await loadConfig();
+  if (!config.suites[options.suite]) {
+    error(`Suite "${options.suite}" not found in config`);
+    process.exit(ExitCode.CONFIG_ERROR);
+  }
+  const isDirty = await checkDirtyWorkingTree2();
+  if (isDirty) {
+    error("Working tree has uncommitted changes. Please commit or stash before attesting.");
+    process.exit(ExitCode.CONFIG_ERROR);
+  }
+  await runSingleSuite(options.suite, config, options);
+  log("");
+  success("Suite completed!");
+  log(
+    `
+To commit: git add ${config.settings.attestationsPath} && git commit -m "Update attestations"`
+  );
+}
+async function runAllPending(options) {
+  const config = await loadConfig();
+  const allSuites = await getAllSuiteStatuses(config);
+  const pendingSuites = allSuites.filter((s) => s.status !== "VALID");
+  if (pendingSuites.length === 0) {
+    log("All suites are valid. Nothing to run.");
+    process.exit(ExitCode.NO_WORK);
+  }
+  let suitesToRun = pendingSuites;
+  if (options.filter) {
+    const regex = new RegExp("^" + options.filter.replace(/\*/g, ".*") + "$", "i");
+    suitesToRun = pendingSuites.filter((s) => regex.test(s.name));
+    if (suitesToRun.length === 0) {
+      log(`No suites match filter: ${options.filter}`);
+      process.exit(ExitCode.NO_WORK);
+    }
+  }
+  if (options.dryRun) {
+    log(`Would run ${String(suitesToRun.length)} suite(s):`);
+    suitesToRun.forEach((s, i) => {
+      log(`  ${String(i + 1)}. ${s.name} (${s.status})`);
+    });
+    process.exit(ExitCode.SUCCESS);
+  }
+  const isDirty = await checkDirtyWorkingTree2();
+  if (isDirty) {
+    error("Working tree has uncommitted changes. Please commit or stash before attesting.");
+    process.exit(ExitCode.CONFIG_ERROR);
+  }
+  for (const suite of suitesToRun) {
+    await runSingleSuite(suite.name, config, options);
+  }
+  log("");
+  success("All suites completed!");
+  log(
+    `
+To commit: git add ${config.settings.attestationsPath} && git commit -m "Update attestations"`
+  );
+}
+async function runSingleSuite(suiteName, config, options) {
+  const suiteConfig = config.suites[suiteName];
+  if (!suiteConfig) {
+    error(`Suite "${suiteName}" not found in config`);
+    process.exit(ExitCode.CONFIG_ERROR);
+  }
+  log(`
+=== Running suite: ${suiteName} ===
+`);
+  const fingerprintOptions = {
+    packages: suiteConfig.packages,
+    ...suiteConfig.ignore && { ignore: suiteConfig.ignore }
+  };
+  const fingerprintResult = await computeFingerprint(fingerprintOptions);
+  verbose(`Fingerprint: ${fingerprintResult.fingerprint}`);
+  verbose(`Files: ${String(fingerprintResult.fileCount)}`);
+  const command = buildCommand(config, suiteConfig.command, suiteConfig.files);
+  log(`Running: ${command}`);
+  log("");
+  const exitCode = await executeCommand2(command);
+  if (exitCode !== 0) {
+    error(`Tests failed with exit code ${String(exitCode)}`);
+    process.exit(ExitCode.FAILURE);
+  }
+  success("Tests passed!");
+  if (options.attest === false) {
+    log("Skipping attestation (--no-attest)");
+    return;
+  }
+  const shouldAttest = options.yes ?? await confirmAction({
+    message: "Create attestation?",
+    default: true
+  });
+  if (!shouldAttest) {
+    warn("Attestation cancelled");
+    process.exit(ExitCode.CANCELLED);
+  }
+  const attestation = createAttestation({
+    suite: suiteName,
+    fingerprint: fingerprintResult.fingerprint,
+    command,
+    attestedBy: os.userInfo().username
+  });
+  const attestationsPath = config.settings.attestationsPath;
+  const existingFile = await readAttestations(attestationsPath);
+  const existingAttestations = existingFile?.attestations ?? [];
+  const newAttestations = upsertAttestation(existingAttestations, attestation);
+  const privateKeyPath = getDefaultPrivateKeyPath();
+  if (!fs.existsSync(privateKeyPath)) {
+    error(`Private key not found: ${privateKeyPath}`);
+    error('Run "attest-it keygen" first to generate a keypair.');
+    process.exit(ExitCode.MISSING_KEY);
+  }
+  await writeSignedAttestations({
+    filePath: attestationsPath,
+    attestations: newAttestations,
+    privateKeyPath
+  });
+  success(`Attestation created for ${suiteName}`);
+  log(`  Fingerprint: ${fingerprintResult.fingerprint}`);
+  log(`  Attested by: ${attestation.attestedBy}`);
+  log(`  Attested at: ${attestation.attestedAt}`);
+}
 var keygenCommand = new Command("keygen").description("Generate a new RSA keypair for signing attestations").option("-o, --output <path>", "Private key output path").option("-p, --public <path>", "Public key output path").option("-f, --force", "Overwrite existing keys").action(async (options) => {
   await runKeygen(options);
 });
@@ -607,7 +1467,7 @@ async function runPrune(options) {
     } else {
       error("Unknown error occurred");
     }
-    process.exit(2);
+    process.exit(ExitCode.CONFIG_ERROR);
     return;
   }
 }
@@ -668,7 +1528,7 @@ async function runVerify(options) {
     } else {
       error("Unknown error occurred");
     }
-    process.exit(2);
+    process.exit(ExitCode.CONFIG_ERROR);
   }
 }
 function displayResults(result, maxAgeDays, strict) {
@@ -754,7 +1614,8 @@ program.addCommand(runCommand);
 program.addCommand(keygenCommand);
 program.addCommand(pruneCommand);
 program.addCommand(verifyCommand);
-function run() {
+async function run() {
+  await initTheme();
   program.parse();
   const options = program.opts();
   const outputOptions = {};