npm - @attest-it/cli - Versions diffs - 0.4.0 → 0.5.0 - Mend

@attest-it/cli 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/bin/attest-it.js CHANGED Viewed

@@ -6,10 +6,9 @@ import * as path from 'path';
 import { join, dirname } from 'path';
 import { detectTheme } from 'chromaterm';
 import { input, select, confirm, checkbox } from '@inquirer/prompts';
-import { loadConfig, toAttestItConfig, readSealsSync, computeFingerprintSync, verifyGateSeal, verifyAllSeals, computeFingerprint, createAttestation, readAttestations, upsertAttestation, KeyProviderRegistry, getDefaultPrivateKeyPath, FilesystemKeyProvider, writeSignedAttestations, loadLocalConfigSync, getActiveIdentity, isAuthorizedSigner, createSeal, writeSealsSync, checkOpenSSL, getDefaultPublicKeyPath, OnePasswordKeyProvider, MacOSKeychainKeyProvider, generateKeyPair, setKeyPermissions, getGate, loadLocalConfig, generateEd25519KeyPair, saveLocalConfig, findConfigPath, findAttestation } from '@attest-it/core';
+import { loadConfig, toAttestItConfig, readSealsSync, computeFingerprintSync, verifyGateSeal, verifyAllSeals, computeFingerprint, createAttestation, readAttestations, upsertAttestation, KeyProviderRegistry, getDefaultPrivateKeyPath, FilesystemKeyProvider, writeSignedAttestations, loadLocalConfigSync, getActiveIdentity, isAuthorizedSigner, createSeal, writeSealsSync, checkOpenSSL, getDefaultPublicKeyPath, OnePasswordKeyProvider, MacOSKeychainKeyProvider, generateKeyPair, setKeyPermissions, getGate, loadLocalConfig, getAttestItConfigDir, generateEd25519KeyPair, saveLocalConfig, findConfigPath, findAttestation, setAttestItHomeDir } from '@attest-it/core';
 import { spawn } from 'child_process';
 import * as os from 'os';
-import { homedir } from 'os';
 import { parse } from 'shell-quote';
 import * as React7 from 'react';
 import { useState, useEffect } from 'react';
@@ -18,6 +17,7 @@ import { jsx, jsxs, Fragment } from 'react/jsx-runtime';
 import { mkdir, writeFile, unlink, readFile } from 'fs/promises';
 import { Spinner, Select, TextInput } from '@inkjs/ui';
 import { stringify } from 'yaml';
+import tabtab from '@pnpm/tabtab';
 import { fileURLToPath } from 'url';
 var globalOptions = {};
@@ -2464,31 +2464,46 @@ async function runList() {
     process.exit(ExitCode.CONFIG_ERROR);
   }
 }
+// src/commands/identity/validation.ts
+function validateSlug(value, existingIdentities) {
+  const trimmed = value.trim();
+  if (!trimmed) {
+    return "Slug cannot be empty";
+  }
+  if (!/^[a-z0-9-]+$/.test(trimmed)) {
+    return "Slug must contain only lowercase letters, numbers, and hyphens";
+  }
+  if (existingIdentities?.[trimmed]) {
+    return `Identity "${trimmed}" already exists`;
+  }
+  return true;
+}
+var EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+function validateEmail(value, required = false) {
+  const trimmed = value.trim();
+  if (!trimmed) {
+    return required ? "Email cannot be empty" : true;
+  }
+  if (!EMAIL_REGEX.test(trimmed)) {
+    return "Please enter a valid email address";
+  }
+  return true;
+}
 var createCommand = new Command("create").description("Create a new identity with Ed25519 keypair").action(async () => {
   await runCreate();
 });
 async function runCreate() {
   try {
-    const theme3 = getTheme2();
+    const theme3 = getTheme();
     log("");
     log(theme3.blue.bold()("Create New Identity"));
     log("");
     const existingConfig = await loadLocalConfig();
-    const slug = await input({
+    const slug = (await input({
       message: "Identity slug (unique identifier):",
-      validate: (value) => {
-        if (!value || value.trim().length === 0) {
-          return "Slug cannot be empty";
-        }
-        if (!/^[a-z0-9-]+$/.test(value)) {
-          return "Slug must contain only lowercase letters, numbers, and hyphens";
-        }
-        if (existingConfig?.identities[value]) {
-          return `Identity "${value}" already exists`;
-        }
-        return true;
-      }
-    });
+      validate: (value) => validateSlug(value, existingConfig?.identities)
+    })).trim();
     const name = await input({
       message: "Display name:",
       validate: (value) => {
@@ -2498,21 +2513,31 @@ async function runCreate() {
         return true;
       }
     });
-    const email = await input({
+    const email = (await input({
       message: "Email (optional):",
-      default: ""
-    });
+      default: "",
+      validate: validateEmail
+    })).trim();
     const github = await input({
       message: "GitHub username (optional):",
       default: ""
     });
+    info("Checking available key storage providers...");
+    const opAvailable = await OnePasswordKeyProvider.isInstalled();
+    const keychainAvailable = MacOSKeychainKeyProvider.isAvailable();
+    const configDir = getAttestItConfigDir();
+    const storageChoices = [
+      { name: `File system (${join(configDir, "keys")})`, value: "file" }
+    ];
+    if (keychainAvailable) {
+      storageChoices.push({ name: "macOS Keychain", value: "keychain" });
+    }
+    if (opAvailable) {
+      storageChoices.push({ name: "1Password", value: "1password" });
+    }
     const keyStorageType = await select({
       message: "Where should the private key be stored?",
-      choices: [
-        { name: "File system (~/.config/attest-it/keys/)", value: "file" },
-        { name: "macOS Keychain", value: "keychain" },
-        { name: "1Password", value: "1password" }
-      ]
+      choices: storageChoices
     });
     log("");
     log("Generating Ed25519 keypair...");
@@ -2521,7 +2546,7 @@ async function runCreate() {
     let keyStorageDescription;
     switch (keyStorageType) {
       case "file": {
-        const keysDir = join(homedir(), ".config", "attest-it", "keys");
+        const keysDir = join(getAttestItConfigDir(), "keys");
         await mkdir(keysDir, { recursive: true });
         const keyPath = join(keysDir, `${slug}.pem`);
         await writeFile(keyPath, keyPair.privateKey, { mode: 384 });
@@ -2530,44 +2555,138 @@ async function runCreate() {
         break;
       }
       case "keychain": {
-        const { MacOSKeychainKeyProvider: MacOSKeychainKeyProvider3 } = await import('@attest-it/core');
-        if (!MacOSKeychainKeyProvider3.isAvailable()) {
+        if (!MacOSKeychainKeyProvider.isAvailable()) {
           error("macOS Keychain is not available on this system");
           process.exit(ExitCode.CONFIG_ERROR);
         }
+        const keychains = await MacOSKeychainKeyProvider.listKeychains();
+        if (keychains.length === 0) {
+          throw new Error("No keychains found on this system");
+        }
+        const formatKeychainChoice = (kc) => {
+          return `${theme3.blue.bold()(kc.name)} ${theme3.muted(`(${kc.path})`)}`;
+        };
+        let selectedKeychain;
+        if (keychains.length === 1 && keychains[0]) {
+          selectedKeychain = keychains[0];
+          info(`Using keychain: ${formatKeychainChoice(selectedKeychain)}`);
+        } else {
+          const selectedPath = await select({
+            message: "Select keychain:",
+            choices: keychains.map((kc) => ({
+              name: formatKeychainChoice(kc),
+              value: kc.path
+            }))
+          });
+          const foundKeychain = keychains.find((kc) => kc.path === selectedPath);
+          if (!foundKeychain) {
+            throw new Error("Selected keychain not found");
+          }
+          selectedKeychain = foundKeychain;
+        }
+        const keychainItemName = await input({
+          message: "Keychain item name:",
+          default: `attest-it-${slug}`,
+          validate: (value) => {
+            if (!value || value.trim().length === 0) {
+              return "Item name cannot be empty";
+            }
+            return true;
+          }
+        });
         const { execFile } = await import('child_process');
         const { promisify } = await import('util');
         const execFileAsync = promisify(execFile);
         const encodedKey = Buffer.from(keyPair.privateKey).toString("base64");
         try {
-          await execFileAsync("security", [
+          const addArgs = [
             "add-generic-password",
             "-a",
             "attest-it",
             "-s",
-            slug,
+            keychainItemName,
             "-w",
             encodedKey,
-            "-U"
-          ]);
+            "-U",
+            selectedKeychain.path
+          ];
+          await execFileAsync("security", addArgs);
         } catch (err) {
           throw new Error(
             `Failed to store key in macOS Keychain: ${err instanceof Error ? err.message : String(err)}`
           );
         }
-        privateKeyRef = { type: "keychain", service: slug, account: "attest-it" };
-        keyStorageDescription = "macOS Keychain (" + slug + "/attest-it)";
+        privateKeyRef = {
+          type: "keychain",
+          service: keychainItemName,
+          account: "attest-it",
+          keychain: selectedKeychain.path
+        };
+        keyStorageDescription = `macOS Keychain: ${selectedKeychain.name}/${keychainItemName}`;
         break;
       }
       case "1password": {
-        const vault = await input({
-          message: "1Password vault name:",
-          validate: (value) => {
-            if (!value || value.trim().length === 0) {
-              return "Vault name cannot be empty";
+        const accounts = await OnePasswordKeyProvider.listAccounts();
+        if (accounts.length === 0) {
+          throw new Error(
+            '1Password CLI is installed but no accounts are signed in. Run "op signin" first.'
+          );
+        }
+        const { execFile } = await import('child_process');
+        const { promisify } = await import('util');
+        const execFileAsync = promisify(execFile);
+        const accountDetails = await Promise.all(
+          accounts.map(async (acc) => {
+            try {
+              const { stdout } = await execFileAsync("op", [
+                "account",
+                "get",
+                "--account",
+                acc.user_uuid,
+                "--format=json"
+              ]);
+              const details = JSON.parse(stdout);
+              const name2 = details !== null && typeof details === "object" && "name" in details && typeof details.name === "string" ? details.name : acc.url;
+              return {
+                url: acc.url,
+                email: acc.email,
+                name: name2
+              };
+            } catch {
+              return {
+                url: acc.url,
+                email: acc.email,
+                name: acc.url
+              };
             }
-            return true;
-          }
+          })
+        );
+        const formatAccountChoice = (acc) => {
+          return `${theme3.blue.bold()(acc.name)} ${theme3.muted(`(${acc.url})`)}`;
+        };
+        let selectedAccount;
+        if (accountDetails.length === 1 && accountDetails[0]) {
+          selectedAccount = accountDetails[0].url;
+          info(`Using 1Password account: ${formatAccountChoice(accountDetails[0])}`);
+        } else {
+          selectedAccount = await select({
+            message: "Select 1Password account:",
+            choices: accountDetails.map((acc) => ({
+              name: formatAccountChoice(acc),
+              value: acc.url
+            }))
+          });
+        }
+        const vaults = await OnePasswordKeyProvider.listVaults(selectedAccount);
+        if (vaults.length === 0) {
+          throw new Error(`No vaults found in 1Password account: ${selectedAccount}`);
+        }
+        const selectedVault = await select({
+          message: "Select vault for private key storage:",
+          choices: vaults.map((v) => ({
+            name: v.name,
+            value: v.name
+          }))
         });
         const item = await input({
           message: "1Password item name:",
@@ -2579,26 +2698,40 @@ async function runCreate() {
             return true;
           }
         });
-        const { execFile } = await import('child_process');
-        const { promisify } = await import('util');
-        const execFileAsync = promisify(execFile);
+        const { tmpdir } = await import('os');
+        const tempDir = join(tmpdir(), `attest-it-${String(Date.now())}`);
+        await mkdir(tempDir, { recursive: true });
+        const tempPrivatePath = join(tempDir, "private.pem");
         try {
-          await execFileAsync("op", [
-            "item",
+          await writeFile(tempPrivatePath, keyPair.privateKey, { mode: 384 });
+          const { execFile: execFile2 } = await import('child_process');
+          const { promisify: promisify2 } = await import('util');
+          const execFileAsync2 = promisify2(execFile2);
+          const opArgs = [
+            "document",
             "create",
-            "--category=SecureNote",
+            tempPrivatePath,
+            "--title",
+            item,
             "--vault",
-            vault,
-            `--title=${item}`,
-            `privateKey[password]=${keyPair.privateKey}`
-          ]);
-        } catch (err) {
-          throw new Error(
-            `Failed to store key in 1Password: ${err instanceof Error ? err.message : String(err)}`
-          );
+            selectedVault
+          ];
+          if (selectedAccount) {
+            opArgs.push("--account", selectedAccount);
+          }
+          await execFileAsync2("op", opArgs);
+        } finally {
+          const { rm } = await import('fs/promises');
+          await rm(tempDir, { recursive: true, force: true }).catch(() => {
+          });
         }
-        privateKeyRef = { type: "1password", vault, item, field: "privateKey" };
-        keyStorageDescription = `1Password (${vault}/${item})`;
+        privateKeyRef = {
+          type: "1password",
+          vault: selectedVault,
+          item,
+          ...selectedAccount && { account: selectedAccount }
+        };
+        keyStorageDescription = `1Password (${selectedVault}/${item})`;
         break;
       }
       default:
@@ -2910,6 +3043,32 @@ async function runEdit(slug) {
     process.exit(ExitCode.CONFIG_ERROR);
   }
 }
+// src/utils/format-key-location.ts
+function formatKeyLocation(privateKey) {
+  const theme3 = getTheme();
+  switch (privateKey.type) {
+    case "file":
+      return `${theme3.blue.bold()("File")}: ${theme3.muted(privateKey.path)}`;
+    case "keychain": {
+      let keychainName = "default";
+      if (privateKey.keychain) {
+        const filename = privateKey.keychain.split("/").pop() ?? privateKey.keychain;
+        keychainName = filename.replace(/\.keychain(-db)?$/, "");
+      }
+      return `${theme3.blue.bold()("macOS Keychain")}: ${theme3.muted(`${keychainName}/${privateKey.service}`)}`;
+    }
+    case "1password": {
+      const parts = [privateKey.vault, privateKey.item];
+      if (privateKey.account) {
+        parts.unshift(privateKey.account);
+      }
+      return `${theme3.blue.bold()("1Password")}: ${theme3.muted(parts.join("/"))}`;
+    }
+    default:
+      return "Unknown storage";
+  }
+}
 var removeCommand = new Command("remove").description("Delete identity and optionally delete private key").argument("<slug>", "Identity slug to remove").action(async (slug) => {
   await runRemove(slug);
 });
@@ -2925,7 +3084,7 @@ async function runRemove(slug) {
       error(`Identity "${slug}" not found`);
       process.exit(ExitCode.CONFIG_ERROR);
     }
-    const theme3 = getTheme2();
+    const theme3 = getTheme();
     log("");
     log(theme3.blue.bold()(`Remove Identity: ${slug}`));
     log("");
@@ -2942,6 +3101,9 @@ async function runRemove(slug) {
       log("Cancelled");
       process.exit(ExitCode.CANCELLED);
     }
+    const keyLocation = formatKeyLocation(identity.privateKey);
+    log(`  Private key: ${keyLocation}`);
+    log("");
     const deletePrivateKey = await confirm({
       message: "Also delete the private key from storage?",
       default: false
@@ -2964,13 +3126,17 @@ async function runRemove(slug) {
           const { promisify } = await import('util');
           const execFileAsync = promisify(execFile);
           try {
-            await execFileAsync("security", [
+            const deleteArgs = [
               "delete-generic-password",
               "-s",
               identity.privateKey.service,
               "-a",
               identity.privateKey.account
-            ]);
+            ];
+            if (identity.privateKey.keychain) {
+              deleteArgs.push(identity.privateKey.keychain);
+            }
+            await execFileAsync("security", deleteArgs);
             log(`  Deleted private key from macOS Keychain`);
           } catch (err) {
             if (err instanceof Error && !err.message.includes("could not be found") && !err.message.includes("does not exist")) {
@@ -3108,17 +3274,20 @@ async function runWhoami() {
       error("Active identity not found");
       process.exit(ExitCode.CONFIG_ERROR);
     }
-    const theme3 = getTheme2();
+    const theme3 = getTheme();
     log("");
-    log(theme3.green.bold()(identity.name));
+    log(theme3.blue.bold()("Active Identity"));
+    log("");
+    log(`  Slug:       ${theme3.green.bold()(config.activeIdentity)}`);
+    log(`  Name:       ${identity.name}`);
     if (identity.email) {
-      log(theme3.muted(identity.email));
+      log(`  Email:      ${theme3.muted(identity.email)}`);
     }
     if (identity.github) {
-      log(theme3.muted("@" + identity.github));
+      log(`  GitHub:     ${theme3.muted("@" + identity.github)}`);
     }
-    log("");
-    log(`Identity: ${theme3.blue(config.activeIdentity)}`);
+    log(`  Public Key: ${theme3.muted(identity.publicKey.slice(0, 24) + "...")}`);
+    log(`  Key Store:  ${formatKeyLocation(identity.privateKey)}`);
     log("");
   } catch (err) {
     if (err instanceof Error) {
@@ -3569,6 +3738,207 @@ async function runRemove2(slug, options) {
 // src/commands/team/index.ts
 var teamCommand = new Command("team").description("Manage team members and authorizations").addCommand(listCommand2).addCommand(addCommand).addCommand(editCommand2).addCommand(removeCommand2);
+var PROGRAM_NAME = "attest-it";
+async function getCompletions(env) {
+  let shell;
+  try {
+    const detectedShell = tabtab.getShellFromEnv(process.env);
+    shell = detectedShell === "pwsh" ? "bash" : detectedShell;
+  } catch {
+    shell = "bash";
+  }
+  const commands = [
+    { name: "init", description: "Initialize a new config file" },
+    { name: "status", description: "Show status of all gates" },
+    { name: "run", description: "Run test suites interactively" },
+    { name: "verify", description: "Verify all seals are valid" },
+    { name: "seal", description: "Create a seal for a gate" },
+    { name: "keygen", description: "Generate a new keypair" },
+    { name: "prune", description: "Remove stale attestations" },
+    { name: "identity", description: "Manage identities" },
+    { name: "team", description: "Manage team members" },
+    { name: "whoami", description: "Show active identity" },
+    { name: "completion", description: "Shell completion commands" }
+  ];
+  const globalOptions2 = [
+    { name: "--help", description: "Show help" },
+    { name: "--version", description: "Show version" },
+    { name: "--verbose", description: "Verbose output" },
+    { name: "--quiet", description: "Minimal output" },
+    { name: "--config", description: "Path to config file" }
+  ];
+  const identitySubcommands = [
+    { name: "create", description: "Create a new identity" },
+    { name: "list", description: "List all identities" },
+    { name: "use", description: "Switch active identity" },
+    { name: "remove", description: "Remove an identity" }
+  ];
+  const teamSubcommands = [
+    { name: "add", description: "Add yourself to the team" },
+    { name: "list", description: "List team members" },
+    { name: "remove", description: "Remove a team member" }
+  ];
+  const completionSubcommands = [
+    { name: "install", description: "Install shell completion" },
+    { name: "uninstall", description: "Uninstall shell completion" }
+  ];
+  const words = env.line.split(/\s+/).filter(Boolean);
+  const lastWord = env.last;
+  const prevWord = env.prev;
+  if (prevWord === "--config" || prevWord === "-c") {
+    tabtab.logFiles();
+    return;
+  }
+  if (lastWord.startsWith("-")) {
+    tabtab.log(globalOptions2, shell, console.log);
+    return;
+  }
+  const commandIndex = words.findIndex(
+    (w) => !w.startsWith("-") && w !== PROGRAM_NAME && w !== "npx"
+  );
+  const currentCommand = commandIndex >= 0 ? words[commandIndex] ?? null : null;
+  if (currentCommand === "identity") {
+    const subcommandIndex = words.findIndex(
+      (w, i) => i > commandIndex && !w.startsWith("-")
+    );
+    const subcommand = subcommandIndex >= 0 ? words[subcommandIndex] ?? null : null;
+    if (subcommand === "use" || subcommand === "remove") {
+      const identities = await getIdentitySlugs();
+      if (identities.length > 0) {
+        tabtab.log(identities, shell, console.log);
+        return;
+      }
+    }
+    if (!subcommand || subcommandIndex < 0) {
+      tabtab.log(identitySubcommands, shell, console.log);
+      return;
+    }
+  }
+  if (currentCommand === "team") {
+    const subcommandIndex = words.findIndex(
+      (w, i) => i > commandIndex && !w.startsWith("-")
+    );
+    const subcommand = subcommandIndex >= 0 ? words[subcommandIndex] ?? null : null;
+    if (!subcommand || subcommandIndex < 0) {
+      tabtab.log(teamSubcommands, shell, console.log);
+      return;
+    }
+  }
+  if (currentCommand === "completion") {
+    const subcommandIndex = words.findIndex(
+      (w, i) => i > commandIndex && !w.startsWith("-")
+    );
+    const subcommand = subcommandIndex >= 0 ? words[subcommandIndex] ?? null : null;
+    if (subcommand === "install") {
+      tabtab.log(["bash", "zsh", "fish"], shell, console.log);
+      return;
+    }
+    if (!subcommand || subcommandIndex < 0) {
+      tabtab.log(completionSubcommands, shell, console.log);
+      return;
+    }
+  }
+  if (currentCommand === "status" || currentCommand === "verify" || currentCommand === "seal") {
+    const gates = await getGateNames();
+    if (gates.length > 0) {
+      tabtab.log(gates, shell, console.log);
+      return;
+    }
+  }
+  if (currentCommand === "run") {
+    const suites = await getSuiteNames();
+    if (suites.length > 0) {
+      tabtab.log(suites, shell, console.log);
+      return;
+    }
+  }
+  if (!currentCommand) {
+    tabtab.log([...commands, ...globalOptions2], shell, console.log);
+  }
+}
+async function getIdentitySlugs() {
+  try {
+    const config = await loadLocalConfig();
+    if (config?.identities) {
+      return Object.keys(config.identities);
+    }
+  } catch {
+  }
+  return [];
+}
+async function getGateNames() {
+  try {
+    const config = await loadConfig();
+    if (config.gates) {
+      return Object.keys(config.gates);
+    }
+  } catch {
+  }
+  return [];
+}
+async function getSuiteNames() {
+  try {
+    const config = await loadConfig();
+    return Object.keys(config.suites);
+  } catch {
+  }
+  return [];
+}
+var completionCommand = new Command("completion").description("Shell completion commands");
+completionCommand.command("install [shell]").description("Install shell completion (bash, zsh, or fish)").action(async (shellArg) => {
+  try {
+    let shell;
+    if (shellArg !== void 0) {
+      if (tabtab.isShellSupported(shellArg)) {
+        shell = shellArg;
+      } else {
+        error(`Shell "${shellArg}" is not supported. Use bash, zsh, or fish.`);
+        process.exit(ExitCode.CONFIG_ERROR);
+      }
+    }
+    await tabtab.install({
+      name: PROGRAM_NAME,
+      completer: PROGRAM_NAME,
+      shell
+    });
+    log("");
+    success("Shell completion installed!");
+    log("");
+    info("Restart your shell or run:");
+    if (shell === "bash" || !shell) {
+      log("  source ~/.bashrc");
+    }
+    if (shell === "zsh" || !shell) {
+      log("  source ~/.zshrc");
+    }
+    if (shell === "fish" || !shell) {
+      log("  source ~/.config/fish/config.fish");
+    }
+    log("");
+  } catch (err) {
+    error(`Failed to install completion: ${err instanceof Error ? err.message : String(err)}`);
+    process.exit(ExitCode.CONFIG_ERROR);
+  }
+});
+completionCommand.command("uninstall").description("Uninstall shell completion").action(async () => {
+  try {
+    await tabtab.uninstall({
+      name: PROGRAM_NAME
+    });
+    log("");
+    success("Shell completion uninstalled!");
+    log("");
+  } catch (err) {
+    error(`Failed to uninstall completion: ${err instanceof Error ? err.message : String(err)}`);
+    process.exit(ExitCode.CONFIG_ERROR);
+  }
+});
+completionCommand.command("server", { hidden: true }).description("Completion server (internal)").action(async () => {
+  const env = tabtab.parseEnv(process.env);
+  if (env.complete) {
+    await getCompletions(env);
+  }
+});
 function hasVersion(data) {
   return typeof data === "object" && data !== null && "version" in data && // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
   typeof data.version === "string";
@@ -3612,7 +3982,19 @@ program.addCommand(sealCommand);
 program.addCommand(identityCommand);
 program.addCommand(teamCommand);
 program.addCommand(whoamiCommand);
+program.addCommand(completionCommand);
+function processHomeDirOption() {
+  const homeDirIndex = process.argv.indexOf("--home-dir");
+  if (homeDirIndex !== -1 && homeDirIndex + 1 < process.argv.length) {
+    const homeDir = process.argv[homeDirIndex + 1];
+    if (homeDir && !homeDir.startsWith("-")) {
+      setAttestItHomeDir(homeDir);
+      process.argv.splice(homeDirIndex, 2);
+    }
+  }
+}
 async function run() {
+  processHomeDirOption();
   if (process.argv.includes("--version") || process.argv.includes("-V")) {
     console.log(getPackageVersion());
     process.exit(0);