@parmanasystems/verifier-cli 1.0.19

package/README.md

@@ -0,0 +1,107 @@
+# @parmanasystems/verifier-cli
+
+Command-line interface for offline parmanasystems attestation verification.
+
+[![npm](https://img.shields.io/npm/v/@parmanasystems/verifier-cli)](https://www.npmjs.com/package/@parmanasystems/verifier-cli)
+
+---
+
+## Overview
+
+`@parmanasystems/verifier-cli` is a standalone CLI tool for verifying governance artifacts outside the production runtime. It reads a public key from `./dev-keys/bundle_signing_key.pub` and performs cryptographic verification of attestations, release manifests, and runtime manifests.
+
+---
+
+## Installation
+
+```bash
+npm install -g @parmanasystems/verifier-cli
+```
+
+Or run without installing via:
+
+```bash
+npx @parmanasystems/verifier-cli <command> <file>
+```
+
+---
+
+## Prerequisites
+
+The CLI reads the signing public key from:
+
+```
+./dev-keys/bundle_signing_key.pub
+```
+
+This path is relative to your current working directory. Generate or copy your public key there before running verification commands.
+
+---
+
+## Commands
+
+### `verify-attestation <file>`
+
+Verifies the cryptographic signature of a governance attestation.
+
+```bash
+parmanasystems-verifier-cli verify-attestation ./attestation.json
+```
+
+The attestation file must contain `decision`, `policyVersion`, `timestamp`, and `signature` fields.
+
+### `verify-release <file>`
+
+Verifies the cryptographic signature of a release manifest.
+
+```bash
+parmanasystems-verifier-cli verify-release ./release-manifest.json
+```
+
+The release manifest must contain `version`, `artifacts`, and `signature` fields.
+
+### `verify-runtime <file>`
+
+Verifies the cryptographic signature of a runtime manifest.
+
+```bash
+parmanasystems-verifier-cli verify-runtime ./runtime-manifest.json
+```
+
+The runtime manifest must contain `runtime`, `version`, `compatibility`, and `signature` fields.
+
+---
+
+## Unknown commands
+
+Passing an unrecognised command name logs `"Unknown command."` and exits. There is no built-in help flag — refer to this README for the full command list.
+
+---
+
+## Exit codes
+
+| Code | Meaning |
+|---|---|
+| `0` | Verification succeeded |
+| `1` | Verification failed, file not found, or malformed input |
+
+---
+
+## Example
+
+```bash
+$ parmanasystems-verifier-cli verify-attestation ./governance/attestation.json
+
+parmanasystems Verifier CLI
+
+ATTESTATION:
+{ decision: 'approve', policyVersion: 'v1', timestamp: '...', signature: '...' }
+
+Cryptographic attestation verification succeeded.
+```
+
+---
+
+## License
+
+Apache-2.0

package/dist/index.d.ts

@@ -0,0 +1 @@
+#!/usr/bin/env node

package/dist/index.js

@@ -0,0 +1,200 @@
+#!/usr/bin/env node
+
+// src/index.ts
+import fs from "fs";
+import {
+  LocalVerifier,
+  canonicalize
+} from "@parmanasystems/core";
+async function main() {
+  console.log("");
+  console.log("parmanasystems Verifier CLI");
+  console.log("");
+  const publicKey = fs.readFileSync(
+    "./dev-keys/bundle_signing_key.pub",
+    "utf8"
+  );
+  const verifier = new LocalVerifier(publicKey);
+  const command = process.argv[2];
+  switch (command) {
+    case "verify-attestation": {
+      const file = process.argv[3];
+      if (!file) {
+        console.log(
+          "Usage: parmanasystems-verifier verify-attestation <file>"
+        );
+        process.exit(1);
+      }
+      if (!fs.existsSync(file)) {
+        console.log("Attestation file not found.");
+        process.exit(1);
+      }
+      try {
+        const content = fs.readFileSync(file, "utf8");
+        const parsed = JSON.parse(content);
+        console.log("");
+        console.log("ATTESTATION:");
+        console.log(parsed);
+        if (!parsed.decision || !parsed.policyVersion || !parsed.signature) {
+          throw new Error(
+            "Invalid attestation structure."
+          );
+        }
+        if (typeof parsed.signature !== "string") {
+          throw new Error(
+            "Invalid attestation signature."
+          );
+        }
+        const payload = {
+          decision: parsed.decision,
+          policyVersion: parsed.policyVersion,
+          timestamp: parsed.timestamp
+        };
+        const verified = await verifier.verify(
+          canonicalize(payload),
+          parsed.signature
+        );
+        if (!verified) {
+          throw new Error(
+            "Cryptographic signature verification failed."
+          );
+        }
+        console.log("");
+        console.log(
+          "Cryptographic attestation verification succeeded."
+        );
+      } catch (err) {
+        console.log("");
+        console.log(
+          "Attestation verification failed."
+        );
+        console.log(
+          err instanceof Error ? err.message : String(err)
+        );
+        process.exit(1);
+      }
+      break;
+    }
+    case "verify-release": {
+      const file = process.argv[3];
+      if (!file) {
+        console.log(
+          "Usage: parmanasystems-verifier verify-release <file>"
+        );
+        process.exit(1);
+      }
+      if (!fs.existsSync(file)) {
+        console.log("Release manifest file not found.");
+        process.exit(1);
+      }
+      try {
+        const content = fs.readFileSync(file, "utf8");
+        const parsed = JSON.parse(content);
+        console.log("");
+        console.log("RELEASE:");
+        console.log(parsed);
+        if (!parsed.version || !parsed.artifacts || !parsed.signature) {
+          throw new Error(
+            "Invalid release manifest."
+          );
+        }
+        if (typeof parsed.signature !== "string") {
+          throw new Error(
+            "Invalid release signature."
+          );
+        }
+        const payload = {
+          version: parsed.version,
+          artifacts: parsed.artifacts
+        };
+        const verified = await verifier.verify(
+          canonicalize(payload),
+          parsed.signature
+        );
+        if (!verified) {
+          throw new Error(
+            "Cryptographic release verification failed."
+          );
+        }
+        console.log("");
+        console.log(
+          "Cryptographic release verification succeeded."
+        );
+      } catch (err) {
+        console.log("");
+        console.log(
+          "Release verification failed."
+        );
+        console.log(
+          err instanceof Error ? err.message : String(err)
+        );
+        process.exit(1);
+      }
+      break;
+    }
+    case "verify-runtime": {
+      const file = process.argv[3];
+      if (!file) {
+        console.log(
+          "Usage: parmanasystems-verifier verify-runtime <file>"
+        );
+        process.exit(1);
+      }
+      if (!fs.existsSync(file)) {
+        console.log("Runtime manifest file not found.");
+        process.exit(1);
+      }
+      try {
+        const content = fs.readFileSync(file, "utf8");
+        const parsed = JSON.parse(content);
+        console.log("");
+        console.log("RUNTIME:");
+        console.log(parsed);
+        if (!parsed.runtime || !parsed.version || !parsed.compatibility || !parsed.signature) {
+          throw new Error(
+            "Invalid runtime manifest."
+          );
+        }
+        if (typeof parsed.signature !== "string") {
+          throw new Error(
+            "Invalid runtime signature."
+          );
+        }
+        const payload = {
+          runtime: parsed.runtime,
+          version: parsed.version,
+          compatibility: parsed.compatibility
+        };
+        const verified = await verifier.verify(
+          canonicalize(payload),
+          parsed.signature
+        );
+        if (!verified) {
+          throw new Error(
+            "Cryptographic runtime verification failed."
+          );
+        }
+        console.log("");
+        console.log(
+          "Cryptographic runtime verification succeeded."
+        );
+      } catch (err) {
+        console.log("");
+        console.log(
+          "Runtime verification failed."
+        );
+        console.log(
+          err instanceof Error ? err.message : String(err)
+        );
+        process.exit(1);
+      }
+      break;
+    }
+    default:
+      console.log("Unknown command.");
+  }
+}
+main().catch((err) => {
+  console.error(err);
+  process.exit(1);
+});

package/package.json

@@ -0,0 +1,20 @@
+{
+  "name": "@parmanasystems/verifier-cli",
+  "version": "1.0.19",
+  "type": "module",
+  "bin": {
+    "parmanasystems-verifier-cli": "./dist/index.js"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsup src/index.ts --format esm --dts"
+  },
+  "dependencies": {
+    "@parmanasystems/core": "^1.0.19"
+  },
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts"
+}