@enactprotocol/cli 2.0.0 → 2.0.1

package/dist/commands/trust/index.js

@@ -0,0 +1,366 @@
+/**
+ * enact trust command
+ *
+ * Manage trusted identities for attestation verification.
+ * Uses a unified model: all trust is based on cryptographic attestations.
+ * Publishers who want their tools trusted should self-sign them.
+ */
+import { addTrustedAuditor as addTrustedAuditorToRegistry, createApiClient, getAttestationList, getMyTrustedAuditors, getToolVersion, removeTrustedAuditor as removeTrustedAuditorFromRegistry, verifyAllAttestations, } from "@enactprotocol/api";
+import { getSecret } from "@enactprotocol/secrets";
+import { addTrustedIdentity, getMinimumAttestations, getTrustPolicy, getTrustedIdentities, removeTrustedIdentity, } from "@enactprotocol/shared";
+import { dim, error, formatError, header, info, json, keyValue, listItem, newline, success, warning, } from "../../utils";
+/** Auth namespace for token storage */
+const AUTH_NAMESPACE = "enact:auth";
+const ACCESS_TOKEN_KEY = "access_token";
+/**
+ * Validate identity format
+ * Must be provider:identity format (e.g., github:alice, google:user@example.com)
+ */
+function validateIdentity(identity) {
+    if (!identity.includes(":")) {
+        return {
+            valid: false,
+            error: "Invalid identity format. Use provider:identity format (e.g., github:alice, google:user@example.com)",
+        };
+    }
+    const [provider, ...rest] = identity.split(":");
+    const id = rest.join(":"); // Handle cases like google:user@example.com
+    if (!provider || !id) {
+        return {
+            valid: false,
+            error: "Invalid identity format. Use provider:identity format (e.g., github:alice)",
+        };
+    }
+    const validProviders = ["github", "google", "microsoft", "gitlab"];
+    if (!validProviders.includes(provider) && !provider.startsWith("http")) {
+        warning(`Unknown provider '${provider}'. Common providers: ${validProviders.join(", ")}`);
+    }
+    return { valid: true };
+}
+/**
+ * Add a trusted identity
+ */
+async function addTrust(identity, options, _ctx) {
+    // Validate identity format
+    const validation = validateIdentity(identity);
+    if (!validation.valid) {
+        error(validation.error);
+        process.exit(1);
+    }
+    // Add to local config
+    const added = addTrustedIdentity(identity);
+    if (added) {
+        success(`Added ${identity} to trusted identities`);
+    }
+    else {
+        info(`${identity} is already trusted`);
+    }
+    // Sync to registry if authenticated and --sync flag
+    if (options.sync) {
+        const authToken = await getSecret(AUTH_NAMESPACE, ACCESS_TOKEN_KEY);
+        if (authToken) {
+            const client = createApiClient();
+            client.setAuthToken(authToken);
+            try {
+                await addTrustedAuditorToRegistry(client, identity);
+                success(`Synced ${identity} to registry`);
+            }
+            catch (err) {
+                warning(`Failed to sync to registry: ${formatError(err)}`);
+            }
+        }
+        else {
+            dim("Not authenticated - skipping registry sync");
+            dim("Run 'enact auth login' to enable registry sync");
+        }
+    }
+    if (options.json) {
+        json({ added: true, identity });
+    }
+}
+/**
+ * Remove a trusted identity
+ */
+async function removeTrust(identity, options, _ctx) {
+    // Remove from local config
+    const removed = removeTrustedIdentity(identity);
+    if (removed) {
+        success(`Removed ${identity} from trusted identities`);
+    }
+    else {
+        info(`${identity} was not in trusted list`);
+    }
+    // Sync to registry if authenticated and --sync flag
+    if (options.sync) {
+        const authToken = await getSecret(AUTH_NAMESPACE, ACCESS_TOKEN_KEY);
+        if (authToken) {
+            const client = createApiClient();
+            client.setAuthToken(authToken);
+            try {
+                await removeTrustedAuditorFromRegistry(client, identity);
+                success(`Removed ${identity} from registry`);
+            }
+            catch (err) {
+                warning(`Failed to sync to registry: ${formatError(err)}`);
+            }
+        }
+        else {
+            dim("Not authenticated - skipping registry sync");
+        }
+    }
+    if (options.json) {
+        json({ removed: true, identity });
+    }
+}
+/**
+ * Trust command handler (add or remove)
+ */
+async function trustHandler(identity, options, ctx) {
+    if (options.remove) {
+        return removeTrust(identity, options, ctx);
+    }
+    return addTrust(identity, options, ctx);
+}
+/**
+ * List trusted identities
+ */
+async function trustListHandler(options, _ctx) {
+    const auditors = getTrustedIdentities();
+    const policy = getTrustPolicy();
+    const minimumAttestations = getMinimumAttestations();
+    // Get remote identities if authenticated and --sync flag
+    let remoteIdentities = [];
+    if (options.sync) {
+        const authToken = await getSecret(AUTH_NAMESPACE, ACCESS_TOKEN_KEY);
+        if (authToken) {
+            const client = createApiClient();
+            client.setAuthToken(authToken);
+            try {
+                remoteIdentities = await getMyTrustedAuditors(client);
+            }
+            catch (err) {
+                warning(`Failed to fetch remote trust config: ${formatError(err)}`);
+            }
+        }
+        else {
+            dim("Not authenticated - showing local config only");
+        }
+    }
+    if (options.json) {
+        json({
+            identities: auditors,
+            remoteIdentities: options.sync ? remoteIdentities : undefined,
+            policy,
+            minimum_attestations: minimumAttestations,
+        });
+        return;
+    }
+    header("Trusted Identities (Local)");
+    newline();
+    if (auditors.length === 0) {
+        dim("  No trusted identities configured");
+        dim("  Add with: enact trust provider:identity");
+    }
+    else {
+        for (const identity of auditors) {
+            listItem(identity, 2);
+        }
+    }
+    if (options.sync && remoteIdentities.length > 0) {
+        newline();
+        header("Trusted Identities (Registry)");
+        newline();
+        for (const identity of remoteIdentities) {
+            listItem(identity, 2);
+        }
+    }
+    newline();
+    dim(`Policy: ${policy}`);
+    dim(`Minimum attestations: ${minimumAttestations}`);
+}
+/**
+ * Parse tool@version syntax
+ */
+function parseToolSpec(spec) {
+    const atIndex = spec.lastIndexOf("@");
+    if (atIndex === -1 || atIndex === 0) {
+        return { name: spec, version: undefined };
+    }
+    return {
+        name: spec.slice(0, atIndex),
+        version: spec.slice(atIndex + 1),
+    };
+}
+/**
+ * Check trust status of a tool
+ */
+async function trustCheckHandler(tool, options, _ctx) {
+    const { name, version } = parseToolSpec(tool);
+    if (!version) {
+        error("Please specify a version: tool-name@version");
+        process.exit(1);
+    }
+    const trustedIdentities = getTrustedIdentities();
+    const client = createApiClient();
+    const trustedBy = [];
+    let verifiedAuditors = [];
+    let allAttestors = [];
+    let bundleHash = "";
+    try {
+        // Fetch tool version info to get bundle hash
+        const toolVersion = await getToolVersion(client, name, version);
+        bundleHash = toolVersion.bundle?.hash ?? "";
+        if (!bundleHash) {
+            warning("Cannot verify attestations: tool bundle hash not found");
+        }
+        else {
+            // Fetch attestations from registry
+            const attestationsResponse = await getAttestationList(client, name, version);
+            const attestations = attestationsResponse.attestations;
+            // Collect all attestors
+            allAttestors = attestations.map((att) => att.auditor);
+            if (attestations.length > 0) {
+                // Verify all attestations locally (never trust registry's verification status)
+                const verifiedResults = await verifyAllAttestations(client, name, version, bundleHash);
+                // Update verifiedAuditors with the new format
+                verifiedAuditors = verifiedResults.map((a) => a.providerIdentity);
+                // Check which verified auditors are trusted
+                for (const result of verifiedResults) {
+                    if (trustedIdentities.includes(result.providerIdentity)) {
+                        trustedBy.push(result.providerIdentity);
+                    }
+                }
+            }
+        }
+    }
+    catch (err) {
+        if (options.json) {
+            json({
+                tool: name,
+                version,
+                trusted: false,
+                error: formatError(err),
+            });
+            return;
+        }
+        warning(`Failed to check attestations: ${formatError(err)}`);
+    }
+    const trusted = trustedBy.length > 0;
+    const hasAnyAttestation = allAttestors.length > 0;
+    const verifiedCount = verifiedAuditors.length;
+    if (options.json) {
+        json({
+            tool: name,
+            version,
+            trusted,
+            trustedBy,
+            verifiedAuditors,
+            totalAttestations: allAttestors.length,
+            verifiedAttestations: verifiedCount,
+            checkedIdentities: trustedIdentities.length,
+        });
+        return;
+    }
+    header(`Trust Status: ${name}@${version}`);
+    newline();
+    if (trusted) {
+        success("✓ Trusted");
+        keyValue("Verified by trusted identity(ies)", trustedBy.join(", "));
+    }
+    else if (hasAnyAttestation) {
+        warning("⚠ Not trusted by any configured identities");
+        if (verifiedCount > 0) {
+            keyValue("Verified attestations", verifiedAuditors.join(", "));
+        }
+    }
+    else {
+        warning("⚠ No attestations found");
+    }
+    newline();
+    dim(`Total attestations: ${allAttestors.length}`);
+    dim(`Cryptographically verified: ${verifiedCount}`);
+    dim(`Trusted identities configured: ${trustedIdentities.length}`);
+    if (!trusted && verifiedCount > 0) {
+        newline();
+        info("To trust this tool, add one of the verified identities:");
+        for (const identity of verifiedAuditors.slice(0, 3)) {
+            dim(`  enact trust ${identity}`);
+        }
+    }
+}
+/**
+ * Configure the trust command
+ */
+export function configureTrustCommand(program) {
+    const trust = program
+        .command("trust")
+        .description("Manage trusted publishers and auditors")
+        .argument("[identity]", "Identity to trust (format: provider:identity, e.g., github:alice)")
+        .option("-r, --remove", "Remove from trusted list instead of adding")
+        .option("-s, --sync", "Sync with registry (requires authentication)")
+        .option("--json", "Output as JSON")
+        .action(async (identity, options) => {
+        const ctx = {
+            cwd: process.cwd(),
+            options,
+            isCI: Boolean(process.env.CI),
+            isInteractive: process.stdout.isTTY ?? false,
+        };
+        try {
+            if (!identity) {
+                // No identity provided, show list
+                await trustListHandler(options, ctx);
+            }
+            else {
+                await trustHandler(identity, options, ctx);
+            }
+        }
+        catch (err) {
+            error(formatError(err));
+            process.exit(1);
+        }
+    });
+    // trust list
+    trust
+        .command("list")
+        .description("List all trusted identities")
+        .option("-s, --sync", "Also show registry trust config (requires authentication)")
+        .option("--json", "Output as JSON")
+        .action(async (options) => {
+        const ctx = {
+            cwd: process.cwd(),
+            options,
+            isCI: Boolean(process.env.CI),
+            isInteractive: process.stdout.isTTY ?? false,
+        };
+        try {
+            await trustListHandler(options, ctx);
+        }
+        catch (err) {
+            error(formatError(err));
+            process.exit(1);
+        }
+    });
+    // trust check
+    trust
+        .command("check")
+        .description("Check trust status of a tool")
+        .argument("<tool>", "Tool to check (name@version)")
+        .option("--json", "Output as JSON")
+        .action(async (tool, options) => {
+        const ctx = {
+            cwd: process.cwd(),
+            options,
+            isCI: Boolean(process.env.CI),
+            isInteractive: process.stdout.isTTY ?? false,
+        };
+        try {
+            await trustCheckHandler(tool, options, ctx);
+        }
+        catch (err) {
+            error(formatError(err));
+            process.exit(1);
+        }
+    });
+}
+//# sourceMappingURL=index.js.map

package/dist/commands/trust/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/trust/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAEL,iBAAiB,IAAI,2BAA2B,EAChD,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,cAAc,EACd,oBAAoB,IAAI,gCAAgC,EACxD,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,cAAc,EACd,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,GAAG,EACH,KAAK,EACL,WAAW,EACX,MAAM,EACN,IAAI,EACJ,IAAI,EACJ,QAAQ,EACR,QAAQ,EACR,OAAO,EACP,OAAO,EACP,OAAO,GACR,MAAM,aAAa,CAAC;AAErB,uCAAuC;AACvC,MAAM,cAAc,GAAG,YAAY,CAAC;AACpC,MAAM,gBAAgB,GAAG,cAAc,CAAC;AAaxC;;;GAGG;AACH,SAAS,gBAAgB,CAAC,QAAgB;IACxC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EACH,qGAAqG;SACxG,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAChD,MAAM,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,4CAA4C;IAEvE,IAAI,CAAC,QAAQ,IAAI,CAAC,EAAE,EAAE,CAAC;QACrB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,4EAA4E;SACpF,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;IACnE,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACvE,OAAO,CAAC,qBAAqB,QAAQ,wBAAwB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC5F,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,QAAQ,CACrB,QAAgB,EAChB,OAAqB,EACrB,IAAoB;IAEpB,2BAA2B;IAC3B,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC9C,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACtB,KAAK,CAAC,UAAU,CAAC,KAAM,CAAC,CAAC;QACzB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,sBAAsB;IACtB,MAAM,KAAK,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IAC3C,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,SAAS,QAAQ,wBAAwB,CAAC,CAAC;IACrD,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,GAAG,QAAQ,qBAAqB,CAAC,CAAC;IACzC,CAAC;IAED,oDAAoD;IACpD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC;QACpE,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;YACjC,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YAC/B,IAAI,CAAC;gBACH,MAAM,2BAA2B,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACpD,OAAO,CAAC,UAAU,QAAQ,cAAc,CAAC,CAAC;YAC5C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,+BAA+B,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,4CAA4C,CAAC,CAAC;YAClD,GAAG,CAAC,gDAAgD,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;IAClC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,WAAW,CACxB,QAAgB,EAChB,OAAqB,EACrB,IAAoB;IAEpB,2BAA2B;IAC3B,MAAM,OAAO,GAAG,qBAAqB,CAAC,QAAQ,CAAC,CAAC;IAChD,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,WAAW,QAAQ,0BAA0B,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,GAAG,QAAQ,0BAA0B,CAAC,CAAC;IAC9C,CAAC;IAED,oDAAoD;IACpD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC;QACpE,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;YACjC,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YAC/B,IAAI,CAAC;gBACH,MAAM,gCAAgC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACzD,OAAO,CAAC,WAAW,QAAQ,gBAAgB,CAAC,CAAC;YAC/C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,+BAA+B,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,4CAA4C,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;IACpC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,YAAY,CACzB,QAAgB,EAChB,OAAqB,EACrB,GAAmB;IAEnB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,OAAO,WAAW,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,QAAQ,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,gBAAgB,CAAC,OAAyB,EAAE,IAAoB;IAC7E,MAAM,QAAQ,GAAG,oBAAoB,EAAE,CAAC;IACxC,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAChC,MAAM,mBAAmB,GAAG,sBAAsB,EAAE,CAAC;IAErD,yDAAyD;IACzD,IAAI,gBAAgB,GAAa,EAAE,CAAC;IACpC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC;QACpE,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;YACjC,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YAC/B,IAAI,CAAC;gBACH,gBAAgB,GAAG,MAAM,oBAAoB,CAAC,MAAM,CAAC,CAAC;YACxD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,wCAAwC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACtE,CAAC;QACH,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,+CAA+C,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,IAAI,CAAC;YACH,UAAU,EAAE,QAAQ;YACpB,gBAAgB,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;YAC7D,MAAM;YACN,oBAAoB,EAAE,mBAAmB;SAC1C,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,CAAC,4BAA4B,CAAC,CAAC;IACrC,OAAO,EAAE,CAAC;IACV,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,GAAG,CAAC,oCAAoC,CAAC,CAAC;QAC1C,GAAG,CAAC,2CAA2C,CAAC,CAAC;IACnD,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,QAAQ,IAAI,QAAQ,EAAE,CAAC;YAChC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChD,OAAO,EAAE,CAAC;QACV,MAAM,CAAC,+BAA+B,CAAC,CAAC;QACxC,OAAO,EAAE,CAAC;QACV,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;YACxC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;IACV,GAAG,CAAC,WAAW,MAAM,EAAE,CAAC,CAAC;IACzB,GAAG,CAAC,yBAAyB,mBAAmB,EAAE,CAAC,CAAC;AACtD,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,IAAY;IACjC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,OAAO,KAAK,CAAC,CAAC,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;QACpC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;IAC5C,CAAC;IACD,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC;QAC5B,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC;KACjC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,iBAAiB,CAC9B,IAAY,EACZ,OAA0B,EAC1B,IAAoB;IAEpB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IAE9C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,KAAK,CAAC,6CAA6C,CAAC,CAAC;QACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,iBAAiB,GAAG,oBAAoB,EAAE,CAAC;IACjD,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IAEjC,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,IAAI,gBAAgB,GAAa,EAAE,CAAC;IACpC,IAAI,YAAY,GAAa,EAAE,CAAC;IAChC,IAAI,UAAU,GAAG,EAAE,CAAC;IAEpB,IAAI,CAAC;QACH,6CAA6C;QAC7C,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAChE,UAAU,GAAG,WAAW,CAAC,MAAM,EAAE,IAAI,IAAI,EAAE,CAAC;QAE5C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,CAAC,wDAAwD,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,mCAAmC;YACnC,MAAM,oBAAoB,GAA4B,MAAM,kBAAkB,CAC5E,MAAM,EACN,IAAI,EACJ,OAAO,CACR,CAAC;YACF,MAAM,YAAY,GAAG,oBAAoB,CAAC,YAAY,CAAC;YAEvD,wBAAwB;YACxB,YAAY,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,GAAwB,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAE3E,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5B,+EAA+E;gBAC/E,MAAM,eAAe,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;gBAEvF,8CAA8C;gBAC9C,gBAAgB,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC;gBAElE,4CAA4C;gBAC5C,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;oBACrC,IAAI,iBAAiB,CAAC,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC;wBACxD,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;oBAC1C,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,IAAI,EAAE,IAAI;gBACV,OAAO;gBACP,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,WAAW,CAAC,GAAG,CAAC;aACxB,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,OAAO,CAAC,iCAAiC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,OAAO,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC;IACrC,MAAM,iBAAiB,GAAG,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC;IAClD,MAAM,aAAa,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAE9C,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,IAAI,CAAC;YACH,IAAI,EAAE,IAAI;YACV,OAAO;YACP,OAAO;YACP,SAAS;YACT,gBAAgB;YAChB,iBAAiB,EAAE,YAAY,CAAC,MAAM;YACtC,oBAAoB,EAAE,aAAa;YACnC,iBAAiB,EAAE,iBAAiB,CAAC,MAAM;SAC5C,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,CAAC,iBAAiB,IAAI,IAAI,OAAO,EAAE,CAAC,CAAC;IAC3C,OAAO,EAAE,CAAC;IAEV,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,WAAW,CAAC,CAAC;QACrB,QAAQ,CAAC,mCAAmC,EAAE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACtE,CAAC;SAAM,IAAI,iBAAiB,EAAE,CAAC;QAC7B,OAAO,CAAC,4CAA4C,CAAC,CAAC;QACtD,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;YACtB,QAAQ,CAAC,uBAAuB,EAAE,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,yBAAyB,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,EAAE,CAAC;IACV,GAAG,CAAC,uBAAuB,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;IAClD,GAAG,CAAC,+BAA+B,aAAa,EAAE,CAAC,CAAC;IACpD,GAAG,CAAC,kCAAkC,iBAAiB,CAAC,MAAM,EAAE,CAAC,CAAC;IAElE,IAAI,CAAC,OAAO,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;QAClC,OAAO,EAAE,CAAC;QACV,IAAI,CAAC,yDAAyD,CAAC,CAAC;QAChE,KAAK,MAAM,QAAQ,IAAI,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YACpD,GAAG,CAAC,iBAAiB,QAAQ,EAAE,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAgB;IACpD,MAAM,KAAK,GAAG,OAAO;SAClB,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,wCAAwC,CAAC;SACrD,QAAQ,CAAC,YAAY,EAAE,mEAAmE,CAAC;SAC3F,MAAM,CAAC,cAAc,EAAE,4CAA4C,CAAC;SACpE,MAAM,CAAC,YAAY,EAAE,8CAA8C,CAAC;SACpE,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,KAAK,EAAE,QAA4B,EAAE,OAAqB,EAAE,EAAE;QACpE,MAAM,GAAG,GAAmB;YAC1B,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;YAClB,OAAO;YACP,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,IAAI,KAAK;SAC7C,CAAC;QAEF,IAAI,CAAC;YACH,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,kCAAkC;gBAClC,MAAM,gBAAgB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACvC,CAAC;iBAAM,CAAC;gBACN,MAAM,YAAY,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,aAAa;IACb,KAAK;SACF,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,6BAA6B,CAAC;SAC1C,MAAM,CAAC,YAAY,EAAE,2DAA2D,CAAC;SACjF,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,KAAK,EAAE,OAAyB,EAAE,EAAE;QAC1C,MAAM,GAAG,GAAmB;YAC1B,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;YAClB,OAAO;YACP,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,IAAI,KAAK;SAC7C,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,gBAAgB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QACvC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,cAAc;IACd,KAAK;SACF,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,8BAA8B,CAAC;SAC3C,QAAQ,CAAC,QAAQ,EAAE,8BAA8B,CAAC;SAClD,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,OAA0B,EAAE,EAAE;QACzD,MAAM,GAAG,GAAmB;YAC1B,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;YAClB,OAAO;YACP,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,IAAI,KAAK;SAC7C,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,iBAAiB,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/commands/unyank/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * enact unyank command
+ *
+ * Restore a previously yanked tool version.
+ */
+import type { Command } from "commander";
+/**
+ * Configure the unyank command
+ */
+export declare function configureUnyankCommand(program: Command): void;
+//# sourceMappingURL=index.d.ts.map

package/dist/commands/unyank/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/commands/unyank/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA0EzC;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAqB7D"}

package/dist/commands/unyank/index.js

@@ -0,0 +1,87 @@
+/**
+ * enact unyank command
+ *
+ * Restore a previously yanked tool version.
+ */
+import { createApiClient, unyankVersion } from "@enactprotocol/api";
+import { getSecret } from "@enactprotocol/secrets";
+import { dim, error, formatError, info, json, keyValue, newline, success } from "../../utils";
+/** Auth namespace for token storage */
+const AUTH_NAMESPACE = "enact:auth";
+const ACCESS_TOKEN_KEY = "access_token";
+/**
+ * Parse tool@version syntax
+ */
+function parseToolSpec(spec) {
+    const atIndex = spec.lastIndexOf("@");
+    if (atIndex === -1 || atIndex === 0) {
+        throw new Error(`Invalid tool specification: ${spec}\nExpected format: tool-name@version (e.g., alice/utils/greeter@1.0.0)`);
+    }
+    return {
+        name: spec.slice(0, atIndex),
+        version: spec.slice(atIndex + 1),
+    };
+}
+/**
+ * Unyank command handler
+ */
+async function unyankHandler(toolSpec, options, _ctx) {
+    // Parse tool@version
+    const { name, version } = parseToolSpec(toolSpec);
+    // Check for auth token
+    const authToken = await getSecret(AUTH_NAMESPACE, ACCESS_TOKEN_KEY);
+    if (!authToken) {
+        error("Not authenticated. Please run: enact auth login");
+        process.exit(1);
+    }
+    const client = createApiClient();
+    client.setAuthToken(authToken);
+    info(`Restoring ${name}@${version}...`);
+    newline();
+    try {
+        const result = await unyankVersion(client, name, version);
+        if (options.json) {
+            json({
+                yanked: result.yanked,
+                name,
+                version: result.version,
+                unyankedAt: result.unyankedAt.toISOString(),
+            });
+            return;
+        }
+        success(`Restored ${name}@${version}`);
+        keyValue("Unyanked At", result.unyankedAt.toISOString());
+        newline();
+        dim("The version is now visible in version listings again.");
+    }
+    catch (err) {
+        error(`Failed to restore version: ${formatError(err)}`);
+        process.exit(1);
+    }
+}
+/**
+ * Configure the unyank command
+ */
+export function configureUnyankCommand(program) {
+    program
+        .command("unyank <tool@version>")
+        .description("Restore a previously yanked tool version")
+        .option("-v, --verbose", "Show detailed output")
+        .option("--json", "Output as JSON")
+        .action(async (toolSpec, options) => {
+        const ctx = {
+            cwd: process.cwd(),
+            options,
+            isCI: Boolean(process.env.CI),
+            isInteractive: process.stdout.isTTY ?? false,
+        };
+        try {
+            await unyankHandler(toolSpec, options, ctx);
+        }
+        catch (err) {
+            error(formatError(err));
+            process.exit(1);
+        }
+    });
+}
+//# sourceMappingURL=index.js.map

package/dist/commands/unyank/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/unyank/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAGnD,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAE9F,uCAAuC;AACvC,MAAM,cAAc,GAAG,YAAY,CAAC;AACpC,MAAM,gBAAgB,GAAG,cAAc,CAAC;AAIxC;;GAEG;AACH,SAAS,aAAa,CAAC,IAAY;IACjC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,OAAO,KAAK,CAAC,CAAC,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CACb,+BAA+B,IAAI,wEAAwE,CAC5G,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC;QAC5B,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC;KACjC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa,CAC1B,QAAgB,EAChB,OAAsB,EACtB,IAAoB;IAEpB,qBAAqB;IACrB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAElD,uBAAuB;IACvB,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC;IACpE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACzD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;IAE/B,IAAI,CAAC,aAAa,IAAI,IAAI,OAAO,KAAK,CAAC,CAAC;IACxC,OAAO,EAAE,CAAC;IAEV,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAE1D,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,IAAI;gBACJ,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE;aAC5C,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,OAAO,CAAC,YAAY,IAAI,IAAI,OAAO,EAAE,CAAC,CAAC;QACvC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;QACzD,OAAO,EAAE,CAAC;QACV,GAAG,CAAC,uDAAuD,CAAC,CAAC;IAC/D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,KAAK,CAAC,8BAA8B,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAgB;IACrD,OAAO;SACJ,OAAO,CAAC,uBAAuB,CAAC;SAChC,WAAW,CAAC,0CAA0C,CAAC;SACvD,MAAM,CAAC,eAAe,EAAE,sBAAsB,CAAC;SAC/C,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,KAAK,EAAE,QAAgB,EAAE,OAAsB,EAAE,EAAE;QACzD,MAAM,GAAG,GAAmB;YAC1B,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;YAClB,OAAO;YACP,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,IAAI,KAAK;SAC7C,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/commands/yank/index.d.ts

@@ -0,0 +1,13 @@
+/**
+ * enact yank command
+ *
+ * Yank a published tool version from the registry.
+ * Yanked versions remain downloadable but are excluded from version listings
+ * and show warnings to users.
+ */
+import type { Command } from "commander";
+/**
+ * Configure the yank command
+ */
+export declare function configureYankCommand(program: Command): void;
+//# sourceMappingURL=index.d.ts.map

package/dist/commands/yank/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/commands/yank/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA0GzC;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAuB3D"}

package/dist/commands/yank/index.js

@@ -0,0 +1,109 @@
+/**
+ * enact yank command
+ *
+ * Yank a published tool version from the registry.
+ * Yanked versions remain downloadable but are excluded from version listings
+ * and show warnings to users.
+ */
+import { createApiClient, yankVersion } from "@enactprotocol/api";
+import { getSecret } from "@enactprotocol/secrets";
+import { dim, error, formatError, info, json, keyValue, newline, success, warning, } from "../../utils";
+/** Auth namespace for token storage */
+const AUTH_NAMESPACE = "enact:auth";
+const ACCESS_TOKEN_KEY = "access_token";
+/**
+ * Parse tool@version syntax
+ */
+function parseToolSpec(spec) {
+    const atIndex = spec.lastIndexOf("@");
+    if (atIndex === -1 || atIndex === 0) {
+        throw new Error(`Invalid tool specification: ${spec}\nExpected format: tool-name@version (e.g., alice/utils/greeter@1.0.0)`);
+    }
+    return {
+        name: spec.slice(0, atIndex),
+        version: spec.slice(atIndex + 1),
+    };
+}
+/**
+ * Yank command handler
+ */
+async function yankHandler(toolSpec, options, _ctx) {
+    // Parse tool@version
+    const { name, version } = parseToolSpec(toolSpec);
+    // Check for auth token
+    const authToken = await getSecret(AUTH_NAMESPACE, ACCESS_TOKEN_KEY);
+    if (!authToken) {
+        error("Not authenticated. Please run: enact auth login");
+        process.exit(1);
+    }
+    const client = createApiClient();
+    client.setAuthToken(authToken);
+    info(`Yanking ${name}@${version}...`);
+    if (options.reason) {
+        dim(`Reason: ${options.reason}`);
+    }
+    if (options.replacement) {
+        dim(`Replacement: ${options.replacement}`);
+    }
+    newline();
+    try {
+        const result = await yankVersion(client, name, version, {
+            reason: options.reason,
+            replacementVersion: options.replacement,
+        });
+        if (options.json) {
+            json({
+                yanked: result.yanked,
+                name,
+                version: result.version,
+                reason: result.reason,
+                replacementVersion: result.replacementVersion,
+                yankedAt: result.yankedAt.toISOString(),
+            });
+            return;
+        }
+        success(`Yanked ${name}@${version}`);
+        keyValue("Yanked At", result.yankedAt.toISOString());
+        if (result.reason) {
+            keyValue("Reason", result.reason);
+        }
+        if (result.replacementVersion) {
+            keyValue("Replacement", result.replacementVersion);
+        }
+        newline();
+        warning("Note: Yanked versions can still be downloaded but show warnings.");
+        dim("Use 'enact unyank' to restore the version.");
+    }
+    catch (err) {
+        error(`Failed to yank version: ${formatError(err)}`);
+        process.exit(1);
+    }
+}
+/**
+ * Configure the yank command
+ */
+export function configureYankCommand(program) {
+    program
+        .command("yank <tool@version>")
+        .description("Yank a published tool version from the registry")
+        .option("-r, --reason <reason>", "Reason for yanking (e.g., security issue)")
+        .option("--replacement <version>", "Recommend a replacement version (e.g., 1.2.1)")
+        .option("-v, --verbose", "Show detailed output")
+        .option("--json", "Output as JSON")
+        .action(async (toolSpec, options) => {
+        const ctx = {
+            cwd: process.cwd(),
+            options,
+            isCI: Boolean(process.env.CI),
+            isInteractive: process.stdout.isTTY ?? false,
+        };
+        try {
+            await yankHandler(toolSpec, options, ctx);
+        }
+        catch (err) {
+            error(formatError(err));
+            process.exit(1);
+        }
+    });
+}
+//# sourceMappingURL=index.js.map

package/dist/commands/yank/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/yank/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAGnD,OAAO,EACL,GAAG,EACH,KAAK,EACL,WAAW,EACX,IAAI,EACJ,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,OAAO,EACP,OAAO,GACR,MAAM,aAAa,CAAC;AAErB,uCAAuC;AACvC,MAAM,cAAc,GAAG,YAAY,CAAC;AACpC,MAAM,gBAAgB,GAAG,cAAc,CAAC;AAOxC;;GAEG;AACH,SAAS,aAAa,CAAC,IAAY;IACjC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,OAAO,KAAK,CAAC,CAAC,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CACb,+BAA+B,IAAI,wEAAwE,CAC5G,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC;QAC5B,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC;KACjC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,WAAW,CACxB,QAAgB,EAChB,OAAoB,EACpB,IAAoB;IAEpB,qBAAqB;IACrB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAElD,uBAAuB;IACvB,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC;IACpE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACzD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;IAE/B,IAAI,CAAC,WAAW,IAAI,IAAI,OAAO,KAAK,CAAC,CAAC;IAEtC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,GAAG,CAAC,WAAW,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACnC,CAAC;IACD,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,GAAG,CAAC,gBAAgB,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,EAAE,CAAC;IAEV,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE;YACtD,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,kBAAkB,EAAE,OAAO,CAAC,WAAW;SACxC,CAAC,CAAC;QAEH,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,IAAI;gBACJ,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;gBAC7C,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE;aACxC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,OAAO,CAAC,UAAU,IAAI,IAAI,OAAO,EAAE,CAAC,CAAC;QACrC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QACrD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC;QACD,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;YAC9B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC,kBAAkB,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,EAAE,CAAC;QACV,OAAO,CAAC,kEAAkE,CAAC,CAAC;QAC5E,GAAG,CAAC,4CAA4C,CAAC,CAAC;IACpD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,KAAK,CAAC,2BAA2B,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,OAAO;SACJ,OAAO,CAAC,qBAAqB,CAAC;SAC9B,WAAW,CAAC,iDAAiD,CAAC;SAC9D,MAAM,CAAC,uBAAuB,EAAE,2CAA2C,CAAC;SAC5E,MAAM,CAAC,yBAAyB,EAAE,+CAA+C,CAAC;SAClF,MAAM,CAAC,eAAe,EAAE,sBAAsB,CAAC;SAC/C,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,KAAK,EAAE,QAAgB,EAAE,OAAoB,EAAE,EAAE;QACvD,MAAM,GAAG,GAAmB;YAC1B,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;YAClB,OAAO;YACP,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,IAAI,KAAK;SAC7C,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,WAAW,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;QAC5C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,10 @@
+#!/usr/bin/env bun
+/**
+ * @enactprotocol/cli
+ *
+ * Command-line interface for Enact.
+ * User-facing commands for tool execution, discovery, and management.
+ */
+export declare const version = "0.1.0";
+export type { GlobalOptions, CommandContext } from "./types";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AA0BH,eAAO,MAAM,OAAO,UAAU,CAAC;AAG/B,YAAY,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC"}