@enactprotocol/cli 1.2.8 → 1.2.13

package/dist/index.js

@@ -214775,6 +214775,13 @@ class EnactApiClient {
       throw new EnactApiError("Unknown error occurred", 0);
     }
   }
+  async signTool(toolId, payload, token, tokenType = "cli") {
+    const endpoint = `/functions/v1/tools/${encodeURIComponent(toolId)}/signatures`;
+    return this.makeRequest(endpoint, {
+      method: "POST",
+      body: JSON.stringify(payload)
+    }, token, tokenType);
+  }
   generateOAuthUrl(options) {
     const params = new URLSearchParams({
       response_type: "code",
@@ -229706,6 +229713,33 @@ class EnactCore {
       };
     }
   }
+  static async checkToolVerificationStatus(tool) {
+    const documentForVerification = {
+      command: tool.command,
+      description: tool.description,
+      from: tool.from,
+      name: tool.name,
+      signatures: tool.signatures?.map((sig) => ({
+        signature: sig.value,
+        publicKey: "",
+        algorithm: sig.algorithm,
+        timestamp: new Date(sig.created).getTime()
+      }))
+    };
+    let isValid = false;
+    if (tool.signatures && tool.signatures.length > 0) {
+      isValid = tool.signatures.some((sig) => {
+        const referenceSignature = {
+          signature: sig.value,
+          publicKey: "",
+          algorithm: sig.algorithm,
+          timestamp: new Date(sig.created).getTime()
+        };
+        return SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ["command", "description", "from", "name"] });
+      });
+    }
+    return isValid;
+  }
   async verifyTool(tool, dangerouslySkipVerification = false) {
     if (dangerouslySkipVerification) {
       logger_default.warn(`Skipping signature verification for tool: ${tool.name}`);
@@ -229715,23 +229749,8 @@ class EnactCore {
       if (!tool.signatures || tool.signatures.length === 0) {
         throw new Error(`Tool ${tool.name} does not have any signatures`);
       }
-      const documentForVerification = {
-        command: tool.command,
-        description: tool.description,
-        from: tool.from,
-        name: tool.name
-      };
-      const referenceSignature = {
-        signature: tool.signatures[0].value,
-        publicKey: "",
-        algorithm: tool.signatures[0].algorithm,
-        timestamp: new Date(tool.signatures[0].created).getTime()
-      };
-      const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ["command", "description", "from", "name"] });
-      const docString = JSON.stringify(canonicalDoc);
-      const messageHash = CryptoUtils.hash(docString);
-      const directVerify = CryptoUtils.verify(referenceSignature.publicKey, messageHash, referenceSignature.signature);
-      const isValid = SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ["command", "description", "from", "name"] });
+      const isValid = await EnactCore.checkToolVerificationStatus(tool);
+      console.log("Final verification result:", isValid);
       if (!isValid) {
         throw new Error(`Tool ${tool.name} has invalid signatures`);
       }
@@ -230085,9 +230104,11 @@ ${import_picocolors13.default.bold("EXAMPLES:")}
         try {
           const tool = await apiClient.getTool(result.name);
           if (tool) {
+            const isValid = await EnactCore.checkToolVerificationStatus(tool);
             const enactTool = {
               name: tool.name,
               description: tool.description || "",
+              verified: isValid,
               command: tool.command,
               from: tool.from,
               version: tool.version || "1.0.0",
@@ -230269,6 +230290,159 @@ async function collectParametersInteractively(inputSchema) {
   }
   return params;
 }
+async function handleSignToolCommand(args, options) {
+  if (options.help) {
+    console.error(`
+Usage: enact sign [options]
+Sign a tool definition using your private key
+Options:
+  --help, -h          Show this help message
+  --tool query      Search for the tool to sign (name)
+Examples:
+  enact sign --tool myorg/mytool
+  `);
+    return;
+  }
+  if (!options.tool) {
+    const inputSchema = {
+      type: "object",
+      properties: {
+        toolName: {
+          type: "string",
+          description: "The name of the tool to run"
+        }
+      },
+      required: ["tool"]
+    };
+    const params = await collectParametersInteractively(inputSchema);
+    options.tool = params.toolName;
+  }
+  const spinner = Y2();
+  spinner.start("Searching for tools...");
+  const results = [];
+  try {
+    const searchOptions = {
+      query: options.tool ? options.tool : "",
+      limit: 20,
+      tags: undefined,
+      author: undefined,
+      format: "table"
+    };
+    const apiClient = await EnactApiClient.create();
+    const searchResults = await apiClient.searchTools(searchOptions);
+    for (const result of searchResults) {
+      if (result.name) {
+        try {
+          const tool = await apiClient.getTool(result.name);
+          if (tool) {
+            const documentForVerification2 = {
+              command: tool.command,
+              description: tool.description,
+              from: tool.from,
+              name: tool.name
+            };
+            const isValid = await EnactCore.checkToolVerificationStatus(tool);
+            const enactTool = {
+              name: tool.name,
+              description: tool.description || "",
+              verified: isValid,
+              command: tool.command,
+              from: tool.from,
+              version: tool.version || "1.0.0",
+              timeout: tool.timeout,
+              tags: tool.tags || [],
+              inputSchema: tool.inputSchema,
+              outputSchema: tool.outputSchema,
+              env: tool.env_vars ? Object.fromEntries(Object.entries(tool.env_vars).map(([key, config2]) => [
+                key,
+                { ...config2, source: config2.source || "env" }
+              ])) : undefined,
+              signature: tool.signature,
+              signatures: Array.isArray(tool.signatures) ? tool.signatures : tool.signatures ? Object.values(tool.signatures) : undefined,
+              namespace: tool.namespace,
+              resources: tool.resources,
+              license: tool.license,
+              authors: tool.authors,
+              examples: tool.examples,
+              annotations: tool.annotations
+            };
+            results.push(enactTool);
+          }
+        } catch (error2) {
+          continue;
+        }
+      }
+    }
+    spinner.stop(`Found ${results.length} tool${results.length === 1 ? "" : "s"}`);
+    if (results.length === 0) {
+      Me("No tools found matching your criteria.", "No Results");
+      Me(`Try:
+• Broader keywords
+• Removing filters
+• Different spelling`, "Suggestions");
+      return;
+    }
+  } catch (error2) {
+    spinner.stop("Search failed");
+    if (error2.message?.includes("ENOTFOUND") || error2.message?.includes("ECONNREFUSED")) {
+      Me("Could not connect to the Enact registry. Check your internet connection.", "Connection Error");
+    } else {
+      Me(error2 instanceof Error ? error2.message : String(error2), "Error");
+    }
+    console.error(import_picocolors13.default.red(`Search failed: ${error2 instanceof Error ? error2.message : String(error2)}`));
+    process.exit(1);
+  }
+  const selected_tool = await ve({
+    message: "Select a tool to sign:",
+    options: results.map((tool) => ({
+      value: tool,
+      label: `${tool.name} - ${tool.description.substring(0, 60)}${tool.description.length > 60 ? "..." : ""} - Verified: ${tool.verified ? import_picocolors13.default.green("Yes") : import_picocolors13.default.red("No")}`
+    }))
+  });
+  const documentForVerification = {
+    command: selected_tool.command,
+    description: selected_tool.description,
+    from: selected_tool.from,
+    name: selected_tool.name
+  };
+  const privateKeys = await KeyManager.getAllPrivateKeys();
+  const privateKey = await ve({
+    message: "Select a private key to sign with:",
+    options: privateKeys.map((key) => ({
+      value: key,
+      label: `${key.fileName}`
+    }))
+  });
+  const TrustedKey = CryptoUtils.getPublicKeyFromPrivate(privateKey.key);
+  if (selected_tool.signatures && selected_tool.signatures.length > 0) {
+    const alreadySigned = selected_tool.signatures.some((sig) => {
+      const referenceSignature = {
+        signature: sig.value,
+        publicKey: "",
+        algorithm: sig.algorithm,
+        timestamp: new Date(sig.created).getTime()
+      };
+      return SigningService.verifyDocumentWithPublicKey(documentForVerification, referenceSignature, TrustedKey, { includeFields: ["command", "description", "from", "name"] });
+    });
+    if (alreadySigned) {
+      console.log(import_picocolors13.default.green("✓ Tool has already been signed with the selected key."));
+      return;
+    }
+  }
+  const spinnerSign = Y2();
+  console.error(spinnerSign.start("Signing tool..."));
+  const signature = await SigningService.signDocument(documentForVerification, privateKey.key, { includeFields: ["command", "description", "from", "name"] });
+  spinnerSign.stop(import_picocolors13.default.green("✓ Tool signed successfully"));
+  console.error(import_picocolors13.default.cyan(`
+Signature Details:`));
+  console.error(import_picocolors13.default.cyan(`	Signature: ${signature.signature}`));
+  console.error(import_picocolors13.default.cyan(`	Algorithm: ${signature.algorithm}`));
+  console.error(import_picocolors13.default.cyan(`	Created: ${new Date(signature.timestamp).toISOString()}`));
+  console.error(import_picocolors13.default.cyan(`	Public Key: ${TrustedKey}`));
+  console.error(import_picocolors13.default.red(`
+Pushing the signature to the registry is not yet implemented.`));
+  return signature;
+}
 async function handleCoreExecCommand(args, options) {
   if (options.help) {
     console.error(`
@@ -230510,6 +230684,7 @@ Environment variables:`));
     const enactTool = {
       name: toolDefinition.name,
       description: toolDefinition.description || "",
+      verified: true,
       command: toolDefinition.command,
       from: toolDefinition.from,
       version: toolDefinition.version || "1.0.0",
@@ -230676,9 +230851,11 @@ ${import_picocolors13.default.bold("EXAMPLES:")}
       Se(import_picocolors13.default.red(`Tool not found: ${toolName}`));
       process.exit(1);
     }
+    const isValid = EnactCore.checkToolVerificationStatus(toolDefinition);
     const tool = {
       name: toolDefinition.name,
       description: toolDefinition.description || "",
+      verified: isValid,
       command: toolDefinition.command,
       from: toolDefinition.from,
       version: toolDefinition.version || "1.0.0",
@@ -230717,6 +230894,11 @@ ${import_picocolors13.default.bold(import_picocolors13.default.cyan(`\uD83D\uDCE
       if (tool.command) {
         console.error(`${import_picocolors13.default.bold("Command:")} ${import_picocolors13.default.gray(tool.command)}`);
       }
+      if (tool.verified) {
+        console.error(`${import_picocolors13.default.bold("Verification:")} ${import_picocolors13.default.green("Verified ✓")}`);
+      } else {
+        console.error(`${import_picocolors13.default.bold("Verification:")} ${import_picocolors13.default.red("Unverified ✗")}`);
+      }
       if (tool.from) {
         console.error(`${import_picocolors13.default.bold("Container:")} ${import_picocolors13.default.gray(tool.from)}`);
       }
@@ -230767,20 +230949,25 @@ ${import_picocolors13.default.bold("Examples:")}`);
 function displayResultsTable(results) {
   console.error(`
 ` + import_picocolors13.default.bold("Search Results:"));
-  console.error("═".repeat(100));
   const nameWidth = 40;
+  const statusWidth = 15;
   const descWidth = 45;
   const tagsWidth = 20;
-  console.error(import_picocolors13.default.bold(import_picocolors13.default.cyan("NAME".padEnd(nameWidth))) + " │ " + import_picocolors13.default.bold(import_picocolors13.default.cyan("DESCRIPTION".padEnd(descWidth))) + " │ " + import_picocolors13.default.bold(import_picocolors13.default.cyan("TAGS".padEnd(tagsWidth))));
-  console.error("─".repeat(nameWidth) + "─┼─" + "─".repeat(descWidth) + "─┼─" + "─".repeat(tagsWidth));
+  const totalWidth = nameWidth + statusWidth + descWidth + tagsWidth + 9;
+  console.error(import_picocolors13.default.gray("═".repeat(totalWidth)));
+  console.error(import_picocolors13.default.bold(import_picocolors13.default.white("NAME".padEnd(nameWidth))) + import_picocolors13.default.gray(" │ ") + import_picocolors13.default.bold(import_picocolors13.default.white("STATUS".padEnd(statusWidth))) + import_picocolors13.default.gray(" │ ") + import_picocolors13.default.bold(import_picocolors13.default.white("DESCRIPTION".padEnd(descWidth))) + import_picocolors13.default.gray(" │ ") + import_picocolors13.default.bold(import_picocolors13.default.white("TAGS".padEnd(tagsWidth))));
+  console.error(import_picocolors13.default.gray("─".repeat(nameWidth) + "─┼─" + "─".repeat(statusWidth) + "─┼─" + "─".repeat(descWidth) + "─┼─" + "─".repeat(tagsWidth)));
   results.forEach((tool) => {
-    const name = tool.name.length > nameWidth ? tool.name.substring(0, nameWidth - 3) + "..." : tool.name.padEnd(nameWidth);
+    const nameText = tool.name.length > nameWidth ? tool.name.substring(0, nameWidth - 3) + "..." : tool.name.padEnd(nameWidth);
+    const statusText = tool.verified ? "✓ Verified" : "✗ Unverified";
+    const statusColor = tool.verified ? import_picocolors13.default.green : import_picocolors13.default.yellow;
+    const status = statusColor(statusText.padEnd(statusWidth));
     const desc = tool.description.length > descWidth ? tool.description.substring(0, descWidth - 3) + "..." : tool.description.padEnd(descWidth);
     const tags = (tool.tags || []).join(", ");
     const tagsDisplay = tags.length > tagsWidth ? tags.substring(0, tagsWidth - 3) + "..." : tags.padEnd(tagsWidth);
-    console.error(import_picocolors13.default.green(name) + " │ " + import_picocolors13.default.dim(desc) + " │ " + import_picocolors13.default.yellow(tagsDisplay));
+    console.error(import_picocolors13.default.cyan(nameText) + import_picocolors13.default.gray(" │ ") + status + import_picocolors13.default.gray(" │ ") + import_picocolors13.default.white(desc) + import_picocolors13.default.gray(" │ ") + import_picocolors13.default.magenta(tagsDisplay));
   });
-  console.error("═".repeat(100));
+  console.error(import_picocolors13.default.gray("═".repeat(totalWidth)));
   console.error(import_picocolors13.default.dim(`Total: ${results.length} tool${results.length === 1 ? "" : "s"}`));
 }
 function displayResultsList(results) {
@@ -230788,10 +230975,12 @@ function displayResultsList(results) {
 ` + import_picocolors13.default.bold("Search Results:"));
   console.error("");
   results.forEach((tool, index) => {
-    console.error(`${import_picocolors13.default.cyan(`${index + 1}.`)} ${import_picocolors13.default.bold(import_picocolors13.default.green(tool.name))}`);
-    console.error(`   ${import_picocolors13.default.dim(tool.description)}`);
+    const statusIndicator = tool.verified ? import_picocolors13.default.green("✓") : import_picocolors13.default.yellow("✗");
+    const statusText = tool.verified ? import_picocolors13.default.green("verified") : import_picocolors13.default.red("unverified");
+    console.error(`${import_picocolors13.default.cyan(`${index + 1}.`)} ${import_picocolors13.default.cyan(tool.name)} ${statusIndicator} ${import_picocolors13.default.dim(`(${statusText})`)}`);
+    console.error(`   ${import_picocolors13.default.white(tool.description)}`);
     if (tool.tags && tool.tags.length > 0) {
-      console.error(`   ${import_picocolors13.default.yellow("Tags:")} ${tool.tags.join(", ")}`);
+      console.error(`   ${import_picocolors13.default.dim("Tags:")} ${import_picocolors13.default.magenta(tool.tags.join(", "))}`);
     }
     console.error("");
   });
@@ -231154,6 +231343,9 @@ var { values, positionals } = parseArgs({
     },
     mount: {
       type: "string"
+    },
+    tool: {
+      type: "string"
     }
   },
   allowPositionals: true,
@@ -231228,6 +231420,12 @@ async function main() {
           mount: values.mount
         });
         break;
+      case "sign":
+        await handleSignToolCommand(commandArgs, {
+          help: values.help,
+          tool: values.tool
+        });
+        break;
       case "get":
         await handleCoreGetCommand(commandArgs, {
           help: values.help,
@@ -231268,6 +231466,7 @@ async function main() {
               { value: "publish", label: "\uD83D\uDCE4 Publish a tool" },
               { value: "init", label: "\uD83D\uDCDD Create a new tool definition" },
               { value: "env", label: "\uD83C\uDF0D Manage environment variables" },
+              { value: "sign", label: "✍️  Sign a tool definition" },
               { value: "config", label: "\uD83D\uDD27 Configure Enact settings" },
               { value: "auth", label: "\uD83D\uDD10 Manage authentication" },
               { value: "remote", label: "\uD83C\uDF10 Manage remote servers" },
@@ -231316,6 +231515,9 @@ async function main() {
             }
             return;
           }
+          if (action === "sign") {
+            await handleSignToolCommand([], {});
+          }
           if (action === "auth") {
             const authAction = await ve({
               message: "Authentication:",

package/dist/index.js.bak

@@ -214774,6 +214774,13 @@ class EnactApiClient {
       throw new EnactApiError("Unknown error occurred", 0);
     }
   }
+  async signTool(toolId, payload, token, tokenType = "cli") {
+    const endpoint = `/functions/v1/tools/${encodeURIComponent(toolId)}/signatures`;
+    return this.makeRequest(endpoint, {
+      method: "POST",
+      body: JSON.stringify(payload)
+    }, token, tokenType);
+  }
   generateOAuthUrl(options) {
     const params = new URLSearchParams({
       response_type: "code",
@@ -229705,6 +229712,33 @@ class EnactCore {
       };
     }
   }
+  static async checkToolVerificationStatus(tool) {
+    const documentForVerification = {
+      command: tool.command,
+      description: tool.description,
+      from: tool.from,
+      name: tool.name,
+      signatures: tool.signatures?.map((sig) => ({
+        signature: sig.value,
+        publicKey: "",
+        algorithm: sig.algorithm,
+        timestamp: new Date(sig.created).getTime()
+      }))
+    };
+    let isValid = false;
+    if (tool.signatures && tool.signatures.length > 0) {
+      isValid = tool.signatures.some((sig) => {
+        const referenceSignature = {
+          signature: sig.value,
+          publicKey: "",
+          algorithm: sig.algorithm,
+          timestamp: new Date(sig.created).getTime()
+        };
+        return SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ["command", "description", "from", "name"] });
+      });
+    }
+    return isValid;
+  }
   async verifyTool(tool, dangerouslySkipVerification = false) {
     if (dangerouslySkipVerification) {
       logger_default.warn(`Skipping signature verification for tool: ${tool.name}`);
@@ -229714,23 +229748,8 @@ class EnactCore {
       if (!tool.signatures || tool.signatures.length === 0) {
         throw new Error(`Tool ${tool.name} does not have any signatures`);
       }
-      const documentForVerification = {
-        command: tool.command,
-        description: tool.description,
-        from: tool.from,
-        name: tool.name
-      };
-      const referenceSignature = {
-        signature: tool.signatures[0].value,
-        publicKey: "",
-        algorithm: tool.signatures[0].algorithm,
-        timestamp: new Date(tool.signatures[0].created).getTime()
-      };
-      const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ["command", "description", "from", "name"] });
-      const docString = JSON.stringify(canonicalDoc);
-      const messageHash = CryptoUtils.hash(docString);
-      const directVerify = CryptoUtils.verify(referenceSignature.publicKey, messageHash, referenceSignature.signature);
-      const isValid = SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ["command", "description", "from", "name"] });
+      const isValid = await EnactCore.checkToolVerificationStatus(tool);
+      console.log("Final verification result:", isValid);
       if (!isValid) {
         throw new Error(`Tool ${tool.name} has invalid signatures`);
       }
@@ -230084,9 +230103,11 @@ ${import_picocolors13.default.bold("EXAMPLES:")}
         try {
           const tool = await apiClient.getTool(result.name);
           if (tool) {
+            const isValid = await EnactCore.checkToolVerificationStatus(tool);
             const enactTool = {
               name: tool.name,
               description: tool.description || "",
+              verified: isValid,
               command: tool.command,
               from: tool.from,
               version: tool.version || "1.0.0",
@@ -230268,6 +230289,159 @@ async function collectParametersInteractively(inputSchema) {
   }
   return params;
 }
+async function handleSignToolCommand(args, options) {
+  if (options.help) {
+    console.error(`
+Usage: enact sign [options]
+Sign a tool definition using your private key
+Options:
+  --help, -h          Show this help message
+  --tool query      Search for the tool to sign (name)
+Examples:
+  enact sign --tool myorg/mytool
+  `);
+    return;
+  }
+  if (!options.tool) {
+    const inputSchema = {
+      type: "object",
+      properties: {
+        toolName: {
+          type: "string",
+          description: "The name of the tool to run"
+        }
+      },
+      required: ["tool"]
+    };
+    const params = await collectParametersInteractively(inputSchema);
+    options.tool = params.toolName;
+  }
+  const spinner = Y2();
+  spinner.start("Searching for tools...");
+  const results = [];
+  try {
+    const searchOptions = {
+      query: options.tool ? options.tool : "",
+      limit: 20,
+      tags: undefined,
+      author: undefined,
+      format: "table"
+    };
+    const apiClient = await EnactApiClient.create();
+    const searchResults = await apiClient.searchTools(searchOptions);
+    for (const result of searchResults) {
+      if (result.name) {
+        try {
+          const tool = await apiClient.getTool(result.name);
+          if (tool) {
+            const documentForVerification2 = {
+              command: tool.command,
+              description: tool.description,
+              from: tool.from,
+              name: tool.name
+            };
+            const isValid = await EnactCore.checkToolVerificationStatus(tool);
+            const enactTool = {
+              name: tool.name,
+              description: tool.description || "",
+              verified: isValid,
+              command: tool.command,
+              from: tool.from,
+              version: tool.version || "1.0.0",
+              timeout: tool.timeout,
+              tags: tool.tags || [],
+              inputSchema: tool.inputSchema,
+              outputSchema: tool.outputSchema,
+              env: tool.env_vars ? Object.fromEntries(Object.entries(tool.env_vars).map(([key, config2]) => [
+                key,
+                { ...config2, source: config2.source || "env" }
+              ])) : undefined,
+              signature: tool.signature,
+              signatures: Array.isArray(tool.signatures) ? tool.signatures : tool.signatures ? Object.values(tool.signatures) : undefined,
+              namespace: tool.namespace,
+              resources: tool.resources,
+              license: tool.license,
+              authors: tool.authors,
+              examples: tool.examples,
+              annotations: tool.annotations
+            };
+            results.push(enactTool);
+          }
+        } catch (error2) {
+          continue;
+        }
+      }
+    }
+    spinner.stop(`Found ${results.length} tool${results.length === 1 ? "" : "s"}`);
+    if (results.length === 0) {
+      Me("No tools found matching your criteria.", "No Results");
+      Me(`Try:
+• Broader keywords
+• Removing filters
+• Different spelling`, "Suggestions");
+      return;
+    }
+  } catch (error2) {
+    spinner.stop("Search failed");
+    if (error2.message?.includes("ENOTFOUND") || error2.message?.includes("ECONNREFUSED")) {
+      Me("Could not connect to the Enact registry. Check your internet connection.", "Connection Error");
+    } else {
+      Me(error2 instanceof Error ? error2.message : String(error2), "Error");
+    }
+    console.error(import_picocolors13.default.red(`Search failed: ${error2 instanceof Error ? error2.message : String(error2)}`));
+    process.exit(1);
+  }
+  const selected_tool = await ve({
+    message: "Select a tool to sign:",
+    options: results.map((tool) => ({
+      value: tool,
+      label: `${tool.name} - ${tool.description.substring(0, 60)}${tool.description.length > 60 ? "..." : ""} - Verified: ${tool.verified ? import_picocolors13.default.green("Yes") : import_picocolors13.default.red("No")}`
+    }))
+  });
+  const documentForVerification = {
+    command: selected_tool.command,
+    description: selected_tool.description,
+    from: selected_tool.from,
+    name: selected_tool.name
+  };
+  const privateKeys = await KeyManager.getAllPrivateKeys();
+  const privateKey = await ve({
+    message: "Select a private key to sign with:",
+    options: privateKeys.map((key) => ({
+      value: key,
+      label: `${key.fileName}`
+    }))
+  });
+  const TrustedKey = CryptoUtils.getPublicKeyFromPrivate(privateKey.key);
+  if (selected_tool.signatures && selected_tool.signatures.length > 0) {
+    const alreadySigned = selected_tool.signatures.some((sig) => {
+      const referenceSignature = {
+        signature: sig.value,
+        publicKey: "",
+        algorithm: sig.algorithm,
+        timestamp: new Date(sig.created).getTime()
+      };
+      return SigningService.verifyDocumentWithPublicKey(documentForVerification, referenceSignature, TrustedKey, { includeFields: ["command", "description", "from", "name"] });
+    });
+    if (alreadySigned) {
+      console.log(import_picocolors13.default.green("✓ Tool has already been signed with the selected key."));
+      return;
+    }
+  }
+  const spinnerSign = Y2();
+  console.error(spinnerSign.start("Signing tool..."));
+  const signature = await SigningService.signDocument(documentForVerification, privateKey.key, { includeFields: ["command", "description", "from", "name"] });
+  spinnerSign.stop(import_picocolors13.default.green("✓ Tool signed successfully"));
+  console.error(import_picocolors13.default.cyan(`
+Signature Details:`));
+  console.error(import_picocolors13.default.cyan(`	Signature: ${signature.signature}`));
+  console.error(import_picocolors13.default.cyan(`	Algorithm: ${signature.algorithm}`));
+  console.error(import_picocolors13.default.cyan(`	Created: ${new Date(signature.timestamp).toISOString()}`));
+  console.error(import_picocolors13.default.cyan(`	Public Key: ${TrustedKey}`));
+  console.error(import_picocolors13.default.red(`
+Pushing the signature to the registry is not yet implemented.`));
+  return signature;
+}
 async function handleCoreExecCommand(args, options) {
   if (options.help) {
     console.error(`
@@ -230509,6 +230683,7 @@ Environment variables:`));
     const enactTool = {
       name: toolDefinition.name,
       description: toolDefinition.description || "",
+      verified: true,
       command: toolDefinition.command,
       from: toolDefinition.from,
       version: toolDefinition.version || "1.0.0",
@@ -230675,9 +230850,11 @@ ${import_picocolors13.default.bold("EXAMPLES:")}
       Se(import_picocolors13.default.red(`Tool not found: ${toolName}`));
       process.exit(1);
     }
+    const isValid = EnactCore.checkToolVerificationStatus(toolDefinition);
     const tool = {
       name: toolDefinition.name,
       description: toolDefinition.description || "",
+      verified: isValid,
       command: toolDefinition.command,
       from: toolDefinition.from,
       version: toolDefinition.version || "1.0.0",
@@ -230716,6 +230893,11 @@ ${import_picocolors13.default.bold(import_picocolors13.default.cyan(`\uD83D\uDCE
       if (tool.command) {
         console.error(`${import_picocolors13.default.bold("Command:")} ${import_picocolors13.default.gray(tool.command)}`);
       }
+      if (tool.verified) {
+        console.error(`${import_picocolors13.default.bold("Verification:")} ${import_picocolors13.default.green("Verified ✓")}`);
+      } else {
+        console.error(`${import_picocolors13.default.bold("Verification:")} ${import_picocolors13.default.red("Unverified ✗")}`);
+      }
       if (tool.from) {
         console.error(`${import_picocolors13.default.bold("Container:")} ${import_picocolors13.default.gray(tool.from)}`);
       }
@@ -230766,20 +230948,25 @@ ${import_picocolors13.default.bold("Examples:")}`);
 function displayResultsTable(results) {
   console.error(`
 ` + import_picocolors13.default.bold("Search Results:"));
-  console.error("═".repeat(100));
   const nameWidth = 40;
+  const statusWidth = 15;
   const descWidth = 45;
   const tagsWidth = 20;
-  console.error(import_picocolors13.default.bold(import_picocolors13.default.cyan("NAME".padEnd(nameWidth))) + " │ " + import_picocolors13.default.bold(import_picocolors13.default.cyan("DESCRIPTION".padEnd(descWidth))) + " │ " + import_picocolors13.default.bold(import_picocolors13.default.cyan("TAGS".padEnd(tagsWidth))));
-  console.error("─".repeat(nameWidth) + "─┼─" + "─".repeat(descWidth) + "─┼─" + "─".repeat(tagsWidth));
+  const totalWidth = nameWidth + statusWidth + descWidth + tagsWidth + 9;
+  console.error(import_picocolors13.default.gray("═".repeat(totalWidth)));
+  console.error(import_picocolors13.default.bold(import_picocolors13.default.white("NAME".padEnd(nameWidth))) + import_picocolors13.default.gray(" │ ") + import_picocolors13.default.bold(import_picocolors13.default.white("STATUS".padEnd(statusWidth))) + import_picocolors13.default.gray(" │ ") + import_picocolors13.default.bold(import_picocolors13.default.white("DESCRIPTION".padEnd(descWidth))) + import_picocolors13.default.gray(" │ ") + import_picocolors13.default.bold(import_picocolors13.default.white("TAGS".padEnd(tagsWidth))));
+  console.error(import_picocolors13.default.gray("─".repeat(nameWidth) + "─┼─" + "─".repeat(statusWidth) + "─┼─" + "─".repeat(descWidth) + "─┼─" + "─".repeat(tagsWidth)));
   results.forEach((tool) => {
-    const name = tool.name.length > nameWidth ? tool.name.substring(0, nameWidth - 3) + "..." : tool.name.padEnd(nameWidth);
+    const nameText = tool.name.length > nameWidth ? tool.name.substring(0, nameWidth - 3) + "..." : tool.name.padEnd(nameWidth);
+    const statusText = tool.verified ? "✓ Verified" : "✗ Unverified";
+    const statusColor = tool.verified ? import_picocolors13.default.green : import_picocolors13.default.yellow;
+    const status = statusColor(statusText.padEnd(statusWidth));
     const desc = tool.description.length > descWidth ? tool.description.substring(0, descWidth - 3) + "..." : tool.description.padEnd(descWidth);
     const tags = (tool.tags || []).join(", ");
     const tagsDisplay = tags.length > tagsWidth ? tags.substring(0, tagsWidth - 3) + "..." : tags.padEnd(tagsWidth);
-    console.error(import_picocolors13.default.green(name) + " │ " + import_picocolors13.default.dim(desc) + " │ " + import_picocolors13.default.yellow(tagsDisplay));
+    console.error(import_picocolors13.default.cyan(nameText) + import_picocolors13.default.gray(" │ ") + status + import_picocolors13.default.gray(" │ ") + import_picocolors13.default.white(desc) + import_picocolors13.default.gray(" │ ") + import_picocolors13.default.magenta(tagsDisplay));
   });
-  console.error("═".repeat(100));
+  console.error(import_picocolors13.default.gray("═".repeat(totalWidth)));
   console.error(import_picocolors13.default.dim(`Total: ${results.length} tool${results.length === 1 ? "" : "s"}`));
 }
 function displayResultsList(results) {
@@ -230787,10 +230974,12 @@ function displayResultsList(results) {
 ` + import_picocolors13.default.bold("Search Results:"));
   console.error("");
   results.forEach((tool, index) => {
-    console.error(`${import_picocolors13.default.cyan(`${index + 1}.`)} ${import_picocolors13.default.bold(import_picocolors13.default.green(tool.name))}`);
-    console.error(`   ${import_picocolors13.default.dim(tool.description)}`);
+    const statusIndicator = tool.verified ? import_picocolors13.default.green("✓") : import_picocolors13.default.yellow("✗");
+    const statusText = tool.verified ? import_picocolors13.default.green("verified") : import_picocolors13.default.red("unverified");
+    console.error(`${import_picocolors13.default.cyan(`${index + 1}.`)} ${import_picocolors13.default.cyan(tool.name)} ${statusIndicator} ${import_picocolors13.default.dim(`(${statusText})`)}`);
+    console.error(`   ${import_picocolors13.default.white(tool.description)}`);
     if (tool.tags && tool.tags.length > 0) {
-      console.error(`   ${import_picocolors13.default.yellow("Tags:")} ${tool.tags.join(", ")}`);
+      console.error(`   ${import_picocolors13.default.dim("Tags:")} ${import_picocolors13.default.magenta(tool.tags.join(", "))}`);
     }
     console.error("");
   });
@@ -231153,6 +231342,9 @@ var { values, positionals } = parseArgs({
     },
     mount: {
       type: "string"
+    },
+    tool: {
+      type: "string"
     }
   },
   allowPositionals: true,
@@ -231227,6 +231419,12 @@ async function main() {
           mount: values.mount
         });
         break;
+      case "sign":
+        await handleSignToolCommand(commandArgs, {
+          help: values.help,
+          tool: values.tool
+        });
+        break;
       case "get":
         await handleCoreGetCommand(commandArgs, {
           help: values.help,
@@ -231267,6 +231465,7 @@ async function main() {
               { value: "publish", label: "\uD83D\uDCE4 Publish a tool" },
               { value: "init", label: "\uD83D\uDCDD Create a new tool definition" },
               { value: "env", label: "\uD83C\uDF0D Manage environment variables" },
+              { value: "sign", label: "✍️  Sign a tool definition" },
               { value: "config", label: "\uD83D\uDD27 Configure Enact settings" },
               { value: "auth", label: "\uD83D\uDD10 Manage authentication" },
               { value: "remote", label: "\uD83C\uDF10 Manage remote servers" },
@@ -231315,6 +231514,9 @@ async function main() {
             }
             return;
           }
+          if (action === "sign") {
+            await handleSignToolCommand([], {});
+          }
           if (action === "auth") {
             const authAction = await ve({
               message: "Authentication:",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@enactprotocol/cli",
-  "version": "1.2.8",
+  "version": "1.2.13",
   "description": "Official CLI for the Enact Protocol - package, secure, and discover AI tools",
   "type": "module",
   "main": "./dist/index.js",
@@ -42,7 +42,7 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
-    "@enactprotocol/shared": "1.2.8",
+    "@enactprotocol/shared": "1.2.13",
     "@clack/core": "^0.4.2",
     "@clack/prompts": "^0.10.1",
     "picocolors": "^1.1.1"