@calimero-network/agent-skills 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (78) hide show
  1. package/README.md +137 -17
  2. package/SKILL.md +31 -28
  3. package/package.json +1 -1
  4. package/scripts/install.js +3 -3
  5. package/scripts/test.js +6 -15
  6. package/skills/calimero-abi-codegen/SKILL.md +121 -22
  7. package/skills/calimero-abi-codegen/references/abi-format.md +3 -5
  8. package/skills/calimero-abi-codegen/references/generated-output.md +12 -4
  9. package/skills/calimero-abi-codegen/rules/schema-version.md +11 -4
  10. package/skills/calimero-abi-codegen/rules/unique-names.md +2 -6
  11. package/skills/calimero-client-js/SKILL.md +126 -31
  12. package/skills/calimero-client-js/references/auth.md +18 -10
  13. package/skills/calimero-client-js/references/rpc-calls.md +15 -21
  14. package/skills/calimero-client-js/references/sso.md +9 -9
  15. package/skills/calimero-client-js/references/websocket-events.md +73 -92
  16. package/skills/calimero-client-js/rules/camelcase-api.md +10 -7
  17. package/skills/calimero-client-js/rules/token-refresh.md +11 -11
  18. package/skills/calimero-client-py/SKILL.md +25 -13
  19. package/skills/calimero-client-py/references/api.md +41 -43
  20. package/skills/calimero-client-py/references/auth.md +7 -7
  21. package/skills/calimero-client-py/rules/async-usage.md +27 -31
  22. package/skills/calimero-client-py/rules/stable-node-name.md +7 -7
  23. package/skills/calimero-core/SKILL.md +135 -0
  24. package/skills/calimero-core/references/architecture.md +101 -0
  25. package/skills/calimero-core/references/jsonrpc-protocol.md +192 -0
  26. package/skills/calimero-core/references/namespaces-groups.md +94 -0
  27. package/skills/calimero-core/references/storage-types.md +118 -0
  28. package/skills/calimero-core/references/websocket-events.md +142 -0
  29. package/skills/calimero-core/rules/context-is-not-app.md +35 -0
  30. package/skills/calimero-core/rules/crdt-types-only.md +55 -0
  31. package/skills/calimero-desktop/SKILL.md +24 -19
  32. package/skills/calimero-desktop/references/sso-integration.md +2 -2
  33. package/skills/calimero-desktop/rules/sso-fallback.md +3 -2
  34. package/skills/calimero-merobox/SKILL.md +255 -28
  35. package/skills/calimero-merobox/references/ci-integration.md +3 -2
  36. package/skills/calimero-merobox/references/workflow-files.md +7 -5
  37. package/skills/calimero-merobox/rules/docker-required.md +7 -6
  38. package/skills/calimero-meroctl/SKILL.md +68 -0
  39. package/skills/calimero-meroctl/references/commands.md +177 -0
  40. package/skills/calimero-meroctl/references/scripting.md +80 -0
  41. package/skills/calimero-meroctl/rules/call-view-flag.md +28 -0
  42. package/skills/calimero-meroctl/rules/register-node-once.md +34 -0
  43. package/skills/calimero-merod/SKILL.md +49 -0
  44. package/skills/calimero-merod/references/health-endpoints.md +90 -0
  45. package/skills/calimero-merod/references/init-flags.md +84 -0
  46. package/skills/calimero-merod/rules/init-before-run.md +40 -0
  47. package/skills/calimero-merod/rules/port-assignments.md +33 -0
  48. package/skills/calimero-node/SKILL.md +50 -39
  49. package/skills/calimero-node/references/context-lifecycle.md +34 -17
  50. package/skills/calimero-node/references/meroctl-commands.md +89 -99
  51. package/skills/calimero-node/rules/app-vs-context.md +4 -4
  52. package/skills/calimero-registry/SKILL.md +110 -31
  53. package/skills/calimero-registry/references/bundle-and-push.md +99 -34
  54. package/skills/calimero-registry/references/manifest-format.md +56 -35
  55. package/skills/calimero-registry/references/mero-sign.md +10 -9
  56. package/skills/calimero-registry/rules/key-security.md +3 -2
  57. package/skills/calimero-registry/rules/sign-before-pack.md +5 -5
  58. package/skills/calimero-rust-sdk/SKILL.md +154 -44
  59. package/skills/calimero-rust-sdk/references/blob-api.md +119 -0
  60. package/skills/calimero-rust-sdk/references/event-handlers.md +122 -0
  61. package/skills/calimero-rust-sdk/references/events.md +2 -1
  62. package/skills/calimero-rust-sdk/references/examples.md +81 -29
  63. package/skills/calimero-rust-sdk/references/migrations.md +123 -0
  64. package/skills/calimero-rust-sdk/references/nested-crdts.md +113 -0
  65. package/skills/calimero-rust-sdk/references/private-storage.md +76 -34
  66. package/skills/calimero-rust-sdk/references/state-collections.md +106 -21
  67. package/skills/calimero-rust-sdk/references/user-and-frozen-storage.md +169 -0
  68. package/skills/calimero-rust-sdk/rules/app-macro-placement.md +5 -2
  69. package/skills/calimero-rust-sdk/rules/no-std-collections.md +5 -2
  70. package/skills/calimero-rust-sdk/rules/state-derives.md +9 -10
  71. package/skills/calimero-rust-sdk/rules/wasm-constraints.md +12 -10
  72. package/skills/calimero-sdk-js/SKILL.md +34 -26
  73. package/skills/calimero-sdk-js/references/build-pipeline.md +6 -6
  74. package/skills/calimero-sdk-js/references/collections.md +11 -11
  75. package/skills/calimero-sdk-js/references/events.md +7 -3
  76. package/skills/calimero-sdk-js/rules/crdt-only-state.md +18 -18
  77. package/skills/calimero-sdk-js/rules/no-console-log.md +6 -6
  78. package/skills/calimero-sdk-js/rules/view-decorator.md +6 -4
@@ -1,51 +1,130 @@
1
1
  # calimero-registry — Agent Instructions
2
2
 
3
- You are helping a developer **sign and publish a Calimero app bundle** to the App Registry.
3
+ You are helping a developer **build and publish a Calimero app bundle** to the App Registry.
4
4
 
5
- ## Two tools required
5
+ ## Two tools
6
6
 
7
- | Tool | Install | Purpose |
8
- | --- | --- | --- |
9
- | `mero-sign` | `cargo install mero-sign` | Ed25519 key management and manifest signing |
10
- | `calimero-registry` | `npm install -g calimero-registry` | Bundle creation and registry push |
7
+ | Tool | Install | Purpose |
8
+ | ------------------- | ----------------------------------------------- | ----------------------------------------------------------- |
9
+ | `calimero-registry` | `npm install -g @calimero-network/registry-cli` | Bundle creation and registry push |
10
+ | `mero-sign` | `cargo install mero-sign` | Ed25519 key management and manifest signing (for ownership) |
11
11
 
12
- ## Critical: sign BEFORE bundling
12
+ ## Quick workflow
13
13
 
14
- mero-sign operates on `manifest.json` **before** it is packed. The registry verifies the
15
- signature on upload signing after bundling will fail.
14
+ ```bash
15
+ # 1. Install registry CLI
16
+ npm install -g @calimero-network/registry-cli
16
17
 
17
- **Correct order:**
18
- 1. Build WASM
19
- 2. Write `manifest.json`
20
- 3. `mero-sign sign manifest.json --key key.json` ← sign first
21
- 4. `calimero-registry bundle create ...` ← bundle second
22
- 5. `calimero-registry bundle push ...` ← then push
18
+ # 2. Configure registry (one-time)
19
+ calimero-registry config set registry-url https://apps.calimero.network
20
+ calimero-registry config set api-key your-api-key
23
21
 
24
- ## Quick reference
22
+ # 3. Build WASM (your app's build script)
23
+ ./build.sh
25
24
 
26
- ```bash
27
- # 1. Install tools
28
- cargo install mero-sign
29
- npm install -g calimero-registry
25
+ # 4. Create bundle (WASM + metadata → .mpk)
26
+ calimero-registry bundle create \
27
+ --output myapp-1.0.0.mpk \
28
+ --name "My App" \
29
+ --description "Does something useful" \
30
+ --author "Your Name" \
31
+ --frontend "https://my-app.com" \
32
+ --github "https://github.com/yourorg/myapp" \
33
+ path/to/app.wasm \
34
+ com.yourorg.myapp \
35
+ 1.0.0
36
+
37
+ # 5. Push to registry
38
+ calimero-registry bundle push myapp-1.0.0.mpk --remote
39
+ ```
40
+
41
+ ## Signing for ownership (optional but recommended)
42
+
43
+ The registry tracks package ownership via Ed25519 signatures. If you sign the manifest, your key
44
+ becomes the package owner — only your key (or keys in `manifest.owners`) can push future versions.
30
45
 
31
- # 2. Generate signing key (one-time per developer)
46
+ ```bash
47
+ # Generate signing key (one-time)
32
48
  mero-sign generate-key --output my-key.json
33
49
  echo "my-key.json" >> .gitignore
34
50
 
35
- # 3. Sign
36
- mero-sign sign dist/myapp/manifest.json --key my-key.json
51
+ # After bundle create, sign the manifest inside the bundle:
52
+ mero-sign sign path/to/manifest.json --key my-key.json
53
+
54
+ # Then push
55
+ calimero-registry bundle push myapp-1.0.0.mpk --remote
56
+ ```
57
+
58
+ ## Bundle create flags
59
+
60
+ | Flag | Required | Description |
61
+ | ----------------------- | -------- | ------------------------------------------------------ |
62
+ | `<wasm-file>` | Yes | Path to WASM binary (positional) |
63
+ | `[package]` | Yes | Reverse-domain package name (e.g. `com.yourorg.myapp`) |
64
+ | `[version]` | Yes | SemVer version (e.g. `1.0.0`) |
65
+ | `-o, --output <path>` | No | Output `.mpk` filename |
66
+ | `-m, --manifest <path>` | No | Read config from a manifest JSON file |
67
+ | `--name <name>` | No | App display name |
68
+ | `--description <text>` | No | Short description |
69
+ | `--author <name>` | No | Author name |
70
+ | `--frontend <url>` | No | Frontend URL (used by Desktop to open the app) |
71
+ | `--github <url>` | No | Source repository URL |
72
+ | `--docs <url>` | No | Documentation URL |
73
+
74
+ ## Bundle push flags
75
+
76
+ ```bash
77
+ # Push to local registry (default)
78
+ calimero-registry bundle push myapp-1.0.0.mpk --local
37
79
 
38
- # 4. Bundle
80
+ # Push to remote registry (uses config file)
81
+ calimero-registry bundle push myapp-1.0.0.mpk --remote
82
+
83
+ # Override config with flags
84
+ calimero-registry bundle push myapp-1.0.0.mpk \
85
+ --remote \
86
+ --url https://apps.calimero.network \
87
+ --api-key your-api-key
88
+ ```
89
+
90
+ ## Configuration
91
+
92
+ ```bash
93
+ # Set defaults (stored in ~/.calimero-registry/remote-config.json)
94
+ calimero-registry config set registry-url https://apps.calimero.network
95
+ calimero-registry config set api-key your-api-key
96
+ calimero-registry config list
97
+
98
+ # Or use environment variables
99
+ export CALIMERO_REGISTRY_URL=https://apps.calimero.network
100
+ export CALIMERO_API_KEY=your-api-key
101
+ ```
102
+
103
+ ## Package naming rules
104
+
105
+ - Must be reverse-domain format: `com.yourorg.appname`
106
+ - Version must be SemVer without `v` prefix: `1.0.0` not `v1.0.0`
107
+
108
+ ## Updating an existing app (new version)
109
+
110
+ ```bash
39
111
  calimero-registry bundle create \
40
- --output myapp-1.0.0.mpk \
41
- dist/myapp/app.wasm \
42
- com.yourorg.myapp
112
+ --output myapp-1.1.0.mpk \
113
+ --name "My App" \
114
+ path/to/app.wasm \
115
+ com.yourorg.myapp \
116
+ 1.1.0
43
117
 
44
- # 5. Push
45
- calimero-registry bundle push myapp-1.0.0.mpk --key my-key.json
118
+ calimero-registry bundle push myapp-1.1.0.mpk --remote
46
119
  ```
47
120
 
121
+ ## Related skills
122
+
123
+ - **`calimero-rust-sdk`** — building the WASM app that gets published
124
+ - **`calimero-core`** — application/context model and how the registry integrates with node app
125
+ install
126
+
48
127
  ## References
49
128
 
50
- See `references/` for manifest format, signing details, and push workflow.
51
- See `rules/` for hard constraints.
129
+ See `references/` for manifest format, signing details, and push workflow. See `rules/` for hard
130
+ constraints.
@@ -1,16 +1,31 @@
1
1
  # Bundle Create & Push
2
2
 
3
- ## calimero-registry CLI
3
+ ## Install
4
4
 
5
5
  ```bash
6
- npm install -g calimero-registry
6
+ npm install -g @calimero-network/registry-cli
7
7
  # or
8
- pnpm add -g calimero-registry
8
+ pnpm add -g @calimero-network/registry-cli
9
+ ```
10
+
11
+ ## One-time configuration
12
+
13
+ ```bash
14
+ calimero-registry config set registry-url https://apps.calimero.network
15
+ calimero-registry config set api-key your-api-key
16
+ calimero-registry config list
17
+ ```
18
+
19
+ Or use environment variables:
20
+
21
+ ```bash
22
+ export CALIMERO_REGISTRY_URL=https://apps.calimero.network
23
+ export CALIMERO_API_KEY=your-api-key
9
24
  ```
10
25
 
11
26
  ## Bundle create
12
27
 
13
- Packages the signed manifest and WASM binary into a `.mpk` file:
28
+ Creates an `.mpk` bundle from a WASM file:
14
29
 
15
30
  ```bash
16
31
  calimero-registry bundle create \
@@ -18,52 +33,102 @@ calimero-registry bundle create \
18
33
  --name "My App" \
19
34
  --description "Does something useful" \
20
35
  --author "Your Name" \
21
- --frontend "https://my-app-frontend.com" \
22
- --github "https://github.com/yourorg/your-app" \
36
+ --frontend "https://my-app.com" \
37
+ --github "https://github.com/yourorg/myapp" \
23
38
  path/to/app.wasm \
24
- com.yourorg.myapp
39
+ com.yourorg.myapp \
40
+ 1.0.0
25
41
  ```
26
42
 
27
- | Flag | Required | Description |
28
- | --- | --- | --- |
29
- | `--output` | Yes | Output `.mpk` filename |
30
- | `--name` | Yes | App display name |
31
- | `--description` | Yes | Short description |
32
- | `--author` | Yes | Author name |
33
- | `--frontend` | No | Frontend URL (used by Desktop) |
34
- | `--github` | No | Source repository URL |
43
+ Positional arguments: `<wasm-file> [package] [version]`
44
+
45
+ | Flag | Required | Description |
46
+ | ----------------------- | -------- | ------------------------------------------------ |
47
+ | `-o, --output <path>` | No | Output `.mpk` filename |
48
+ | `-m, --manifest <path>` | No | Read metadata from a manifest JSON file |
49
+ | `--name <name>` | No | App display name |
50
+ | `--description <text>` | No | Short description |
51
+ | `--author <name>` | No | Author name |
52
+ | `--frontend <url>` | No | Frontend URL (Desktop uses this to open the app) |
53
+ | `--github <url>` | No | Source repository URL |
54
+ | `--docs <url>` | No | Documentation URL |
35
55
 
36
- The positional args are: `<wasm-path>` `<app-id>` (reverse-domain, e.g. `com.yourorg.appname`).
56
+ After creating, the CLI prints sign instructions:
57
+
58
+ ```text
59
+ 1. Sign the manifest: mero-sign sign <output>/manifest.json --key key.json
60
+ 2. Push the bundle: calimero-registry bundle push <output> --remote
61
+ ```
37
62
 
38
63
  ## Bundle push
39
64
 
40
65
  ```bash
41
- calimero-registry bundle push myapp-1.0.0.mpk --key my-key.json
66
+ # Push to remote registry (uses config file values)
67
+ calimero-registry bundle push myapp-1.0.0.mpk --remote
68
+
69
+ # Push to local registry
70
+ calimero-registry bundle push myapp-1.0.0.mpk --local
71
+
72
+ # Override config
73
+ calimero-registry bundle push myapp-1.0.0.mpk \
74
+ --remote \
75
+ --url https://apps.calimero.network \
76
+ --api-key your-api-key
42
77
  ```
43
78
 
44
- The registry will:
45
- 1. Unpack the `.mpk`
46
- 2. Verify the Ed25519 signature against the manifest
47
- 3. Validate your authenticated email against org membership (if publishing to an org)
48
- 4. Store the bundle and make it discoverable
79
+ ## Full publish workflow
49
80
 
50
- ## On signature mismatch
81
+ ```bash
82
+ # 1. Build WASM
83
+ ./build.sh
51
84
 
52
- If the manifest was modified after signing, the push returns:
53
- ```
54
- 400 invalid_signature
55
- ```
85
+ # 2. Create bundle
86
+ calimero-registry bundle create \
87
+ --output myapp-1.0.0.mpk \
88
+ --name "My App" \
89
+ --frontend "https://my-app.com" \
90
+ path/to/app.wasm \
91
+ com.yourorg.myapp \
92
+ 1.0.0
56
93
 
57
- Re-sign the manifest and recreate the bundle.
94
+ # 3. (Optional) Sign manifest for ownership
95
+ mero-sign sign myapp-1.0.0/manifest.json --key my-key.json
96
+
97
+ # 4. Push
98
+ calimero-registry bundle push myapp-1.0.0.mpk --remote
99
+ ```
58
100
 
59
101
  ## Updating an existing app (new version)
60
102
 
61
103
  ```bash
62
- # Bump version in manifest.json
63
- mero-sign sign dist/myapp-1.1.0/manifest.json --key my-key.json
64
- calimero-registry bundle create --output myapp-1.1.0.mpk ...
65
- calimero-registry bundle push myapp-1.1.0.mpk --key my-key.json
104
+ calimero-registry bundle create \
105
+ --output myapp-1.1.0.mpk \
106
+ --name "My App" \
107
+ path/to/app.wasm \
108
+ com.yourorg.myapp \
109
+ 1.1.0
110
+
111
+ calimero-registry bundle push myapp-1.1.0.mpk --remote
66
112
  ```
67
113
 
68
- The registry accepts any new semver version. The first publisher of an app name becomes
69
- the owner; only org members can push subsequent versions (validated by email).
114
+ ## CI/CD (GitHub Actions)
115
+
116
+ ```yaml
117
+ - name: Install Registry CLI
118
+ run: npm install -g @calimero-network/registry-cli
119
+
120
+ - name: Create Bundle
121
+ run: |
122
+ calimero-registry bundle create \
123
+ --output app-${{ github.event.release.tag_name }}.mpk \
124
+ --name "My Application" \
125
+ ./app.wasm \
126
+ com.yourorg.myapp \
127
+ ${{ github.event.release.tag_name }}
128
+
129
+ - name: Publish Bundle
130
+ env:
131
+ CALIMERO_API_KEY: ${{ secrets.CALIMERO_API_KEY }}
132
+ run: |
133
+ calimero-registry bundle push app-${{ github.event.release.tag_name }}.mpk --remote
134
+ ```
@@ -1,46 +1,47 @@
1
- # Manifest Format
1
+ # Manifest Format (V2)
2
2
 
3
- `manifest.json` describes the app bundle. mero-sign reads and signs it.
3
+ The manifest describes the app bundle. It is generated by `calimero-registry bundle create` and can
4
+ optionally be signed with `mero-sign` before pushing.
4
5
 
5
- ## Minimal manifest
6
+ ## Bundle create generates this automatically
6
7
 
7
- ```json
8
- {
9
- "name": "My App",
10
- "version": "1.0.0",
11
- "description": "A short description of what this app does.",
12
- "repository": "https://github.com/yourorg/your-app",
13
- "authors": ["Your Name <you@example.com>"],
14
- "license": "MIT"
15
- }
16
- ```
8
+ When you run `calimero-registry bundle create`, the CLI generates a `manifest.json` inside the
9
+ bundle directory. You can also supply a manifest via `-m, --manifest <path>` to pre-fill fields.
17
10
 
18
- ## Full manifest with optional fields
11
+ ## Manifest V2 format
19
12
 
20
13
  ```json
21
14
  {
22
- "name": "My App",
23
- "version": "1.0.0",
24
- "description": "A short description.",
25
- "repository": "https://github.com/yourorg/your-app",
26
- "authors": ["Your Name <you@example.com>"],
27
- "license": "MIT",
15
+ "version": "1.0",
16
+ "package": "com.example.myapp",
17
+ "appVersion": "1.0.0",
18
+ "metadata": {
19
+ "name": "My Application",
20
+ "description": "Application description",
21
+ "author": "Your Name"
22
+ },
23
+ "wasm": {
24
+ "path": "app.wasm",
25
+ "hash": "sha256:...",
26
+ "size": 12345
27
+ },
28
28
  "links": {
29
- "frontend": "https://my-app-frontend.com",
30
- "docs": "https://docs.my-app.com"
29
+ "frontend": "https://example.com",
30
+ "github": "https://github.com/example/myapp",
31
+ "docs": "https://example.com/docs"
31
32
  },
32
- "min_runtime_version": "0.3.0"
33
+ "minRuntimeVersion": "0.3.0"
33
34
  }
34
35
  ```
35
36
 
36
- ## After signing
37
+ ## After signing with mero-sign
37
38
 
38
39
  mero-sign injects a `signature` block:
39
40
 
40
41
  ```json
41
42
  {
42
- "name": "My App",
43
- "version": "1.0.0",
43
+ "version": "1.0",
44
+ "package": "com.example.myapp",
44
45
  ...
45
46
  "signature": {
46
47
  "alg": "ed25519",
@@ -51,13 +52,33 @@ mero-sign injects a `signature` block:
51
52
  }
52
53
  ```
53
54
 
54
- ## Requirements
55
+ ## Package ownership
56
+
57
+ - The first push establishes the package owner via the Ed25519 `signature.pubkey`
58
+ - Only the owner (or keys in `manifest.owners`) can push subsequent versions
59
+ - For team publishing, add teammates' public keys to `manifest.owners`:
60
+
61
+ ```json
62
+ {
63
+ "version": "1.0",
64
+ "package": "com.example.myapp",
65
+ "owners": [
66
+ "yuKE404BaldXazEIUC4XrVGFyXxxyoRVjrrGhcKk1P4",
67
+ "anotherTeammatePubKey..."
68
+ ],
69
+ ...
70
+ }
71
+ ```
72
+
73
+ ## Package naming
74
+
75
+ | Rule | Example |
76
+ | --------------------------- | ------------------------ |
77
+ | Must be reverse-domain | `com.yourorg.appname` ✅ |
78
+ | Version must be full SemVer | `1.0.0` ✅ |
79
+ | No `v` prefix on version | `v1.0.0` ❌ |
80
+
81
+ ## `links.frontend` is used by Desktop
55
82
 
56
- | Field | Required | Notes |
57
- | --- | --- | --- |
58
- | `name` | Yes | Display name |
59
- | `version` | Yes | Semver — `MAJOR.MINOR.PATCH` |
60
- | `description` | Yes | Short description |
61
- | `repository` | Yes | GitHub or other source URL |
62
- | `links.frontend` | No | Used by Desktop to open the app UI |
63
- | `min_runtime_version` | No | Minimum `merod` version required |
83
+ The Desktop app reads `links.frontend` to know which URL to open when a user opens this app. Always
84
+ include it.
@@ -25,16 +25,16 @@ Produces:
25
25
  ```json
26
26
  {
27
27
  "private_key": "PZbZ5yM9t63qOHMM-CCzExbNv8u79XTxZT9UW8GQJ60",
28
- "public_key": "yuKE404BaldXazEIUC4XrVGFyXxxyoRVjrrGhcKk1P4",
29
- "signer_id": "did:key:z6Mkt7Ejb12a1BxvRiUpd5YWkMrk8KVjaShW2vMt6trm7FGH"
28
+ "public_key": "yuKE404BaldXazEIUC4XrVGFyXxxyoRVjrrGhcKk1P4",
29
+ "signer_id": "did:key:z6Mkt7Ejb12a1BxvRiUpd5YWkMrk8KVjaShW2vMt6trm7FGH"
30
30
  }
31
31
  ```
32
32
 
33
- | Field | Description |
34
- | --- | --- |
35
- | `private_key` | Base64url Ed25519 secret (32 bytes). Never share or commit. |
36
- | `public_key` | Base64url public key (32 bytes). Embedded in every signed manifest. |
37
- | `signer_id` | `did:key` DID representation. Used as identity reference in the registry. |
33
+ | Field | Description |
34
+ | ------------- | ------------------------------------------------------------------------- |
35
+ | `private_key` | Base64url Ed25519 secret (32 bytes). Never share or commit. |
36
+ | `public_key` | Base64url public key (32 bytes). Embedded in every signed manifest. |
37
+ | `signer_id` | `did:key` DID representation. Used as identity reference in the registry. |
38
38
 
39
39
  ## Sign a manifest
40
40
 
@@ -45,7 +45,7 @@ mero-sign sign manifest.json --key key.json
45
45
 
46
46
  ## How signing works
47
47
 
48
- ```
48
+ ```text
49
49
  manifest.json (signature field absent or empty)
50
50
 
51
51
  ▼ Remove signature + all _* prefixed fields
@@ -63,7 +63,8 @@ mero-sign sign manifest.json --key key.json
63
63
 
64
64
  ## Team workflow
65
65
 
66
- Each developer keeps their own key — the registry validates org membership via authenticated email, not by which key was used.
66
+ Each developer keeps their own key — the registry validates org membership via authenticated email,
67
+ not by which key was used.
67
68
 
68
69
  ```bash
69
70
  # Each developer once:
@@ -1,7 +1,7 @@
1
1
  # Rule: Never commit key.json
2
2
 
3
- The signing key file contains your Ed25519 private key. If committed to version control,
4
- anyone with repo access can sign bundles as you and publish malicious apps under your identity.
3
+ The signing key file contains your Ed25519 private key. If committed to version control, anyone with
4
+ repo access can sign bundles as you and publish malicious apps under your identity.
5
5
 
6
6
  ## Required steps
7
7
 
@@ -34,6 +34,7 @@ Store `CALIMERO_SIGNING_KEY` as a repository secret (GitHub Secrets, etc.), neve
34
34
  ## If you accidentally committed a key
35
35
 
36
36
  Rotate immediately:
37
+
37
38
  ```bash
38
39
  mero-sign generate-key --output new-key.json
39
40
  # Update your public key in the registry
@@ -1,7 +1,7 @@
1
1
  # Rule: Sign the manifest BEFORE bundling
2
2
 
3
- mero-sign operates on a standalone `manifest.json` file — not on a `.mpk` archive.
4
- Signing after `bundle create` will not work because the manifest is already packed.
3
+ mero-sign operates on a standalone `manifest.json` file — not on a `.mpk` archive. Signing after
4
+ `bundle create` will not work because the manifest is already packed.
5
5
 
6
6
  ## WRONG order:
7
7
 
@@ -20,6 +20,6 @@ calimero-registry bundle push app.mpk --key key.json # ✓ then push
20
20
 
21
21
  ## Why
22
22
 
23
- The registry verifies the signature by re-running the RFC 8785 canonicalization on the
24
- manifest fields inside the bundle. If the manifest was modified after signing — including
25
- by the bundle tool itself — the signature check fails with `400 invalid_signature`.
23
+ The registry verifies the signature by re-running the RFC 8785 canonicalization on the manifest
24
+ fields inside the bundle. If the manifest was modified after signing — including by the bundle tool
25
+ itself — the signature check fails with `400 invalid_signature`.