@verentis/cli 0.2.3 → 0.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +85 -3
- package/dist/index.js +915 -84
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -10,6 +10,21 @@ The Verentis CLI is three tools in one:
|
|
|
10
10
|
npm install -g @verentis/cli
|
|
11
11
|
```
|
|
12
12
|
|
|
13
|
+
## Staying up to date
|
|
14
|
+
|
|
15
|
+
The CLI checks the npm registry for a newer release at most once a day (in the background, so it never
|
|
16
|
+
slows a command down) and prints a one-line notice when one is available. Update in place with:
|
|
17
|
+
|
|
18
|
+
```bash
|
|
19
|
+
verentis update # install the latest published version
|
|
20
|
+
verentis update --check # just report whether a newer version exists
|
|
21
|
+
verentis update --to 0.3.0 # install a specific version
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
`update` detects your global package manager (npm/pnpm/yarn/bun). Silence the notice with
|
|
25
|
+
`VERENTIS_NO_UPDATE_CHECK=1` (it is also skipped in CI, on non-interactive output, and with `--json`).
|
|
26
|
+
Point `VERENTIS_UPDATE_REGISTRY` at a mirror if you install from a private registry.
|
|
27
|
+
|
|
13
28
|
## Sign in
|
|
14
29
|
|
|
15
30
|
```bash
|
|
@@ -116,10 +131,39 @@ verentis validate engine.yaml # manifest checks before
|
|
|
116
131
|
|
|
117
132
|
`dev run` writes `.verentis/context.json` (mode 600 — contains a short-lived token; git-ignore `.verentis/`).
|
|
118
133
|
|
|
134
|
+
### Standalone application launch
|
|
135
|
+
|
|
136
|
+
Applications that can open without a selected file opt in through their manifest:
|
|
137
|
+
|
|
138
|
+
```yaml
|
|
139
|
+
spec:
|
|
140
|
+
entry: https://app.example.com
|
|
141
|
+
launch:
|
|
142
|
+
enabled: true
|
|
143
|
+
entry-point: home
|
|
144
|
+
pinnable: true
|
|
145
|
+
entry-points:
|
|
146
|
+
- id: home
|
|
147
|
+
route: /workspace
|
|
148
|
+
```
|
|
149
|
+
|
|
150
|
+
`verentis init <name> --kind application` includes a commented launch template.
|
|
151
|
+
`verentis validate` verifies that `launch` is an object, `pinnable` is used only
|
|
152
|
+
with `enabled`, the selected entry-point id exists, and the launch resolves to
|
|
153
|
+
an absolute HTTP(S) iframe URL. Omit `spec.launch` for contextual file handlers
|
|
154
|
+
and headless apps.
|
|
155
|
+
|
|
156
|
+
At runtime this is still an iframe launch: the SDK receives
|
|
157
|
+
`context.surface === 'workspace'`, a resolved entry point, and no file context.
|
|
158
|
+
|
|
119
159
|
## Marketplace publishing
|
|
120
160
|
|
|
121
161
|
```bash
|
|
122
162
|
verentis publisher create --name acme --display-name "Acme Inc."
|
|
163
|
+
verentis publisher create --name acme --display-name "Acme Inc." --logo ./brand/logo.png
|
|
164
|
+
verentis publisher update --description "Tools for data teams" --website https://acme.example
|
|
165
|
+
verentis publisher logo set ./brand/logo.svg
|
|
166
|
+
verentis publisher logo remove
|
|
123
167
|
verentis keygen # Ed25519 signing key + register public half
|
|
124
168
|
verentis init my-app --kind application
|
|
125
169
|
verentis pack # signed .vpkg (--encrypt seals the payload)
|
|
@@ -139,15 +183,53 @@ verentis yank my-app 1.0.3
|
|
|
139
183
|
|
|
140
184
|
Published versions are `Submitted` for moderation; once approved the marketplace countersigns them and they become installable.
|
|
141
185
|
|
|
186
|
+
### Marketplace presentation
|
|
187
|
+
|
|
188
|
+
Applications, execution engines and bundles can add an optional top-level `marketplace` block:
|
|
189
|
+
|
|
190
|
+
```yaml
|
|
191
|
+
marketplace:
|
|
192
|
+
logo: ./marketplace/logo.png
|
|
193
|
+
hero:
|
|
194
|
+
source: ./marketplace/hero.webp
|
|
195
|
+
alt: Abstract blue background behind the package title
|
|
196
|
+
images:
|
|
197
|
+
- source: ./marketplace/editor.png
|
|
198
|
+
alt: Editor showing a completed workflow
|
|
199
|
+
caption: Optional visible caption
|
|
200
|
+
readme: ./README.md
|
|
201
|
+
changelog: ./CHANGELOG.md
|
|
202
|
+
assets:
|
|
203
|
+
- "marketplace/docs/**/*.{png,jpg,jpeg,webp,svg}"
|
|
204
|
+
```
|
|
205
|
+
|
|
206
|
+
Direct references are relative to the manifest directory and may not escape it. Hero and gallery `alt`
|
|
207
|
+
text is required for accessibility. Images must be PNG, JPEG, WebP or passive SVG content. Logos are
|
|
208
|
+
limited to 1 MiB; hero and gallery images are limited to 5 MiB each; galleries have at most 8 images.
|
|
209
|
+
The hero does not count toward that gallery limit, but it does count toward the 25 MiB total for all
|
|
210
|
+
unique presentation images. README and changelog Markdown files are each limited to 1 MiB.
|
|
211
|
+
`verentis validate` checks these paths, formats and limits before publishing.
|
|
212
|
+
|
|
142
213
|
## The `.vpkg` format
|
|
143
214
|
|
|
144
|
-
A gzip tarball: `manifest.yaml` + `files/**` payload +
|
|
215
|
+
A gzip tarball: `manifest.yaml` + `files/**` payload + optional plaintext `catalog/**` presentation
|
|
216
|
+
content + `.verentis/` metadata (package.yaml, sha256 digests, DSSE signatures). Manifest references
|
|
217
|
+
like `./schemas/x.json` resolve against `files/` — and against the children of the installed manifest
|
|
218
|
+
node after installation. See the platform docs (`marketplace/packaging`) for the full specification.
|
|
145
219
|
|
|
146
220
|
Packing behaviour:
|
|
147
221
|
- `packaging.files` globs select the payload; without them, applications automatically include every `./…` schema `source` referenced by the manifest.
|
|
148
|
-
-
|
|
222
|
+
- `pack --env production` merges `environments/production.yaml`; `--overlay <path>` selects an
|
|
223
|
+
explicit overlay, and `--version <version>` overrides the packed manifest version. `validate`
|
|
224
|
+
accepts the same overlay selectors.
|
|
225
|
+
- Marketplace files are selected independently of `packaging.files` and written to deterministic,
|
|
226
|
+
content-addressed `catalog/assets/**` and `catalog/docs/**` entries described by
|
|
227
|
+
`catalog/index.json` (schema version 1).
|
|
228
|
+
- Digests and signatures cover the manifest, every payload entry and every catalog entry; the registry rejects tampered packages.
|
|
149
229
|
- With a configured signing key the digests document is DSSE-signed (Ed25519). Publishers with registered keys **must** sign uploads.
|
|
150
|
-
- `pack --encrypt` seals
|
|
230
|
+
- `pack --encrypt` seals only `files/**` (AES-256-GCM, X25519 key wrapping per recipient — always
|
|
231
|
+
including the `platform` escrow recipient so Verentis.Node can serve member reads). `catalog/**`
|
|
232
|
+
remains plaintext so the marketplace can render the approved presentation.
|
|
151
233
|
|
|
152
234
|
## Output & scripting
|
|
153
235
|
|