@certchip/signer 0.1.11 → 0.1.15

package/README.md

@@ -12,6 +12,7 @@ Cross-platform code and document signing CLI tool with SSH key authentication.
 - **Text/Source Signing** - JS, Python, Go, Rust, and more
 - **Hash-based Signing** - Default mode: only hash sent to server, not the file
 - **Windows KSP** - Native Windows crypto integration (Windows only)
+- **Structured Output** - JSON, table, or CSV output for scripting and automation
 
 ## Installation
 
@@ -167,6 +168,28 @@ signercli -codesign-cert -o cert.pem      # Save to file
 signercli -codesign-set <password>
 ```
 
+**Alternative: `-cert` commands (compatible with signer.exe)**
+
+```bash
+# List certificates (with purpose filter)
+signercli -cert -list                     # List all certificates
+signercli -cert -list codesign            # List code signing certificates
+signercli -cert -list docsign             # List document signing certificates
+
+# Get/Set certificate ID
+signercli -cert -id                       # Show current configuration
+signercli -cert -id <cert_id>             # Set certificate ID
+signercli -cert -id <cert_id> <label>     # Set with label
+
+# Get certificate PEM
+signercli -cert -pem
+
+# Set private key password
+signercli -cert -password <password>
+```
+
+> **Note:** The `-cert` commands use the same API endpoints as `signer.exe`, ensuring full compatibility between both tools.
+
 #### Configuration
 
 Profiles store connection settings. The `default` profile is used when no profile is specified. Other profiles inherit missing settings from `default`.
@@ -216,6 +239,7 @@ signercli -login -profile staging         # Uses 'staging' (overrides host)
 | `-include-chain` | Include certificate chain |
 | `-timestamp-url <url>` | Timestamp server URL |
 | `-hash-algorithm <alg>` | Default hash algorithm |
+| `-output-format <type>` | Default output format (classic, json, table, csv) |
 
 **Document Signing Options:**
 
@@ -249,6 +273,90 @@ signercli <file> LOG_INF                  # Info output
 # Available: LOG_NON, LOG_ERR, LOG_WRN, LOG_DBG, LOG_INF
 ```
 
+#### Output Format
+
+Both `signercli` and `signer` support structured output formats for scripting and automation.
+
+```bash
+# JSON format (default for scripting)
+signercli -verify myapp.exe -format json
+signercli -config list -format json
+signercli -logout -format json
+
+# Table format (aligned columns)
+signercli -verify myapp.exe -format table
+
+# CSV format (spreadsheet-friendly)
+signercli -config list -format csv
+
+# Classic format (default - human-readable)
+signercli -verify myapp.exe
+```
+
+**Format Options:**
+
+| Format | Description | Best for |
+|--------|-------------|----------|
+| `classic` | Human-readable output (default) | Interactive use |
+| `json` | JSON structured output | CI/CD, scripting, automation |
+| `table` | Aligned table format | Terminal display |
+| `csv` | Comma-separated values | Spreadsheets, data processing |
+
+**Example: JSON output from verify command**
+
+```bash
+$ signercli -verify myapp.exe -format json
+```
+
+```json
+{
+    "command": "verify",
+    "status": "valid",
+    "file": "myapp.exe",
+    "method": "AUTHENTICODE",
+    "signer": "Example Company",
+    "serialNumber": "0123456789abcdef",
+    "timestamp": "2025-01-15 10:30:00",
+    "success": true
+}
+```
+
+**Example: JSON output from config list**
+
+```bash
+$ signercli -config list -format json
+```
+
+```json
+{
+    "command": "config-list",
+    "count": 3,
+    "profiles": ["default", "production", "staging"],
+    "success": true
+}
+```
+
+**Example: JSON output from login**
+
+```bash
+$ signercli -login https://signer.example.com admin -pw secret -format json
+```
+
+```json
+{
+    "command": "login",
+    "status": "success",
+    "username": "admin",
+    "expiresIn": 86400,
+    "certificate": {
+        "cn": "Example Company Code Signing"
+    },
+    "success": true
+}
+```
+
+> **Note:** Interactive authentication (password prompt, SSH key selection) is not available with structured output formats. Use `-user` and `-pw` options or `-key` option for non-interactive login.
+
 ---
 
 ### signer (Windows only)
@@ -267,6 +375,14 @@ signer -login <url> [username]            # Login and register certificate
 signer -logout                            # Logout and remove certificate
 signer -list                              # List available certificates
 
+# Certificate Management
+signer -cert -list                        # List available certificates
+signer -cert -list codesign               # Filter by purpose
+signer -cert -id                          # Show current certificate configuration
+signer -cert -id <cert_id>                # Set certificate ID
+signer -cert -pem                         # Get certificate PEM
+signer -cert -password <password>         # Set private key password
+
 # KSP Provider Management
 signer -register                          # Register Certchip KSP provider
 signer -unregister                        # Unregister KSP provider
@@ -371,10 +487,16 @@ signercli -config set pdf-signing \
     -doc-font-size 12 \
     -doc-opacity 0.8
 
+# Create an automation profile with JSON output
+signercli -config set automation \
+    -host https://signer.example.com \
+    -output-format json
+
 # Use the profile
 signercli -login -profile production
 signercli myapp.exe -profile production
 signercli document.pdf -profile pdf-signing
+signercli -verify myapp.exe -profile automation  # Outputs JSON automatically
 ```
 
 ## Supported File Types
@@ -425,16 +547,45 @@ signercli document.pdf -profile pdf-signing
 #!/bin/bash
 set -e
 
-# Login
-signercli -login "$SIGNER_URL" "$SIGNER_USER" -key "$SSH_KEY_PATH"
+# Login with JSON output for parsing
+result=$(signercli -login "$SIGNER_URL" -user "$SIGNER_USER" -pw "$SIGNER_PW" -format json)
+if ! echo "$result" | jq -e '.success' > /dev/null; then
+    echo "Login failed: $(echo "$result" | jq -r '.error')"
+    exit 1
+fi
 
 # Sign all executables
 for exe in dist/*.exe; do
     signercli "$exe"
 done
 
-# Logout
-signercli -logout
+# Logout with JSON output
+signercli -logout -format json
+```
+
+### CI/CD Pipeline with Verification
+
+```bash
+#!/bin/bash
+set -e
+
+# Sign and verify with JSON output
+signercli -login "$SIGNER_URL" -user "$SIGNER_USER" -pw "$SIGNER_PW" -format json
+
+for exe in dist/*.exe; do
+    signercli "$exe"
+
+    # Verify and parse JSON result
+    verify_result=$(signercli -verify "$exe" -format json)
+    status=$(echo "$verify_result" | jq -r '.status')
+
+    if [ "$status" != "valid" ]; then
+        echo "Verification failed for $exe"
+        exit 1
+    fi
+done
+
+signercli -logout -format json
 ```
 
 ### TypeScript Usage

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certchip/signer",
-  "version": "0.1.11",
+  "version": "0.1.15",
   "description": "Cross-platform code and document signing CLI tool",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",