mqgov-cli 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 JiangHe12
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,265 @@
+<div align="center">
+
+# mqgov-cli
+
+**Governed message-broker operations for humans _and_ AI agents.**
+
+One safe command line for **Kafka**, **RabbitMQ**, **Pulsar**, and **RocketMQ** — list, describe, peek, produce, reset offsets, purge, and delete topics without ever fat-fingering production or silently draining a queue.
+
+[![npm version](https://img.shields.io/npm/v/mqgov-cli.svg)](https://www.npmjs.com/package/mqgov-cli)
+[![CI](https://github.com/JiangHe12/mqgov-cli/actions/workflows/ci.yml/badge.svg)](https://github.com/JiangHe12/mqgov-cli/actions/workflows/ci.yml)
+[![license](https://img.shields.io/npm/l/mqgov-cli.svg)](LICENSE)
+[![signed](https://img.shields.io/badge/release-cosign%20%2B%20npm%20provenance-blue.svg)](#-trust--verification)
+
+[English](README.md) · [简体中文](README_zh.md)
+
+</div>
+
+---
+
+## 🧭 What is this? (read me first)
+
+Message brokers — **Kafka**, **RabbitMQ**, **Pulsar**, **RocketMQ** — are the backbone of event-driven systems. The operations against them are deceptively dangerous: **resetting a consumer group's offset** can trigger a reprocessing storm or silently skip unprocessed messages; **purging a topic** or **deleting it** destroys data; **producing to an internal topic** like `__consumer_offsets` can corrupt cluster state. These mistakes are often *silent* — you don't notice until hours later.
+
+**mqgov-cli puts guardrails around every one of those operations.** Think of it as a careful assistant that:
+
+- 🔎 **Shows you the blast radius first** — `--dry-run` / `--plan` print the exact per-partition impact (how many messages an offset reset will replay or skip) before anything happens.
+- 🛡️ **Refuses to do something dangerous without explicit sign-off** — risky commands need a confirmation flag, a change ticket, and an explicit `--allow-*` for the operation.
+- 👀 **Peeks without consuming** — inspecting messages never advances a consumer's position or drains a queue.
+- 📜 **Records everything in a tamper-evident audit log** — sha256 fingerprints and counts only, **never your message bodies**.
+- 🤖 **Is safe to hand to an AI agent** — the agent can read and preview freely, but **cannot** invent the human approvals required for dangerous actions.
+
+It's built on the shared [`opskit-core`](https://github.com/JiangHe12/opskit-core) governance engine and is part of the **opskit** family of governed CLIs for AI agents.
+
+---
+
+## ✨ Features
+
+| | |
+|---|---|
+| 📨 **Four brokers** | **Kafka** (franz-go), **RabbitMQ** (AMQP + management API), **Pulsar** (client + admin REST), **RocketMQ** (rocketmq-client-go/v2). One backend-agnostic governance model; pick per context or override per command. |
+| 🧱 **topic / group / message** | topics: list · describe · create · alter · delete · purge. consumer groups: list · lag · reset-offset. messages: non-destructive peek · produce. |
+| 🔐 **R0–R3 governance** | every operation is risk-classified by the fail-closed `mqclass` engine; protected contexts and internal/system topics escalate one tier; AI callers can never self-authorize. |
+| 🎯 **Real blast-radius preview** | `reset-offset --dry-run` and `purge --dry-run` compute the actual per-partition message delta from the live broker — no guessing. The preview is read-only and never mutates. |
+| 👀 **Non-destructive peek** | inspect messages as fingerprints without consuming them or moving any cursor (Pulsar Reader, RabbitMQ get+requeue). Where a broker can't guarantee this, peek fails closed rather than silently consuming. |
+| 🧭 **Honest capabilities** | brokers differ — mqgov reports what each one actually supports (`capabilities -o json`) and **fails closed with `NOT_IMPLEMENTED`** for the rest, never faking it. |
+| 📜 **Tamper-evident audit** | hash-chained log of every action (sha256 fingerprints + counts, **no message bodies/keys/headers**); `audit verify` detects tampering. |
+| 🩺 **Ops & DX** | backend-bound `ctx` contexts with credstore-backed secrets, `doctor` diagnostics, shell `completion`, OpenTelemetry traces/metrics, JSON output everywhere. |
+| 🔏 **Trusted supply chain** | binaries are **cosign-signed**, the npm package ships with **provenance**, and the installer verifies a **SHA-256** checksum. |
+
+### Per-backend capability matrix
+
+| | Kafka | Pulsar | RabbitMQ | RocketMQ |
+|---|:---:|:---:|:---:|:---:|
+| topic list / describe / create / delete | ✅ | ✅ | ✅ | ✅ |
+| produce | ✅ | ✅ | ✅ | ✅ |
+| **non-destructive peek** | ✅ | ✅ (Reader) | ✅ (get+requeue) | ❌ `NOT_IMPLEMENTED`¹ |
+| **offset lag / reset** | ✅ | ✅ (cursor) | ❌ (no offsets) | ❌ |
+| alter partitions | ✅ | ✅ | ❌ | ❌ |
+| purge | ✅ | ✅ | ✅ | ❌ |
+
+¹ RocketMQ's Go v2 `PullConsumer` enters the consumer-group lifecycle and commits offsets, so it cannot guarantee a non-destructive peek — mqgov fails closed instead of silently advancing offsets. Unsupported operations always return `NOT_IMPLEMENTED` (exit 12), never a fake success.
+
+---
+
+## 📦 Install
+
+```bash
+npm install -g mqgov-cli
+```
+
+This installs a tiny launcher; on first run it downloads the right pre-built binary for your OS/arch from the signed [GitHub Release](https://github.com/JiangHe12/mqgov-cli/releases) and **verifies its SHA-256** before use. Requires Node.js ≥ 14 for the installer (the CLI itself is a self-contained Go binary).
+
+<details>
+<summary>Other ways to install</summary>
+
+- **Direct download** — grab the binary for your platform from the [Releases page](https://github.com/JiangHe12/mqgov-cli/releases), verify it against `checksums.txt` (cosign-signed), put it on your `PATH`, and rename it to `mqgov`.
+- **From source** — `go install github.com/JiangHe12/mqgov-cli@latest` (Go 1.26+).
+- **Mirror / air-gapped** — set `MQGOV_CLI_DOWNLOAD_MIRROR=<base-url>` to fetch the binary from your own mirror.
+
+Verify the install:
+
+```bash
+mqgov version
+mqgov doctor          # checks context, backend reachability, and audit-log writability
+```
+
+</details>
+
+---
+
+## 🚀 Quick start (60 seconds)
+
+```bash
+# 1. Point mqgov at your broker (stored as a reusable "context")
+mqgov ctx set dev --backend kafka --brokers 127.0.0.1:9092
+mqgov ctx use dev
+mqgov ctx test                       # ping the broker through the context
+
+# 2. Read something — reads are always free (R0), no flags needed
+mqgov topic list -o json
+mqgov topic describe orders -o json
+mqgov message peek orders --count 5 -o json     # fingerprints only, nothing consumed
+
+# 3. Preview the blast radius of a dangerous op — nothing is changed yet
+mqgov group reset-offset billing orders --to latest --dry-run -o json   # shows per-partition delta
+
+# 4. Apply it — an R3 op needs your confirmation, a ticket, AND the allow flag
+mqgov group reset-offset billing orders --to latest --yes --ticket OPS-123 --allow-offset-reset
+
+# 5. See what happened
+mqgov audit query --since 1h -o json
+```
+
+> 💡 **Tip:** mark production contexts with `--protected` when you create them. mqgov then raises the bar for every dangerous operation in that context automatically.
+
+---
+
+## 🔐 The governance model (the important part)
+
+Every command is sorted into one of four **risk tiers** by the fail-closed `mqclass` classifier. The higher the tier, the more explicit human sign-off it needs:
+
+| Tier | What it covers | What you must provide |
+|:---:|---|---|
+| **R0** | Reads & previews (`topic list/describe`, `group list/lag`, `message peek`, `*-dry-run`, `audit query/verify`, `doctor`) | Nothing — but it's still audited |
+| **R1** | Ordinary writes (`message produce`, `topic create`) | `--yes` (or an interactive confirmation) |
+| **R2** | Elevated mutations (`topic alter`, `group create/delete`, produce to a **protected** topic) | `--yes` **and** a non-empty `--ticket` |
+| **R3** | Destructive / irreversible (`group reset-offset`, `topic purge`, `topic delete`, produce to an **internal/system** topic) | The above **plus** the exact `--allow-*` flag |
+
+The R3 allow flags: `--allow-offset-reset`, `--allow-topic-purge`, `--allow-topic-delete`, `--allow-internal-produce`.
+
+**Protected contexts, protected topics, and internal/system topics raise the tier by one.** For example, producing to `__consumer_offsets` is treated as a destructive R3 operation and needs `--allow-internal-produce`.
+
+Three rules keep this safe — especially for automation:
+
+1. **Blast radius comes from the tool, not a guess.** Use `--dry-run` / `--plan` to see the exact per-partition impact. Never estimate it by reasoning.
+2. **`mqclass` is fail-closed and structure-aware.** All offset changes, purge, and delete are pinned R3; wildcard/glob targets escalate; an unknown operation fails closed to the highest tier — it never falls to R0.
+3. **🤖 AI agents must never invent `--ticket`, `--allow-*`, or a high-risk `--yes`.** Those are *human* authorization inputs. An agent should surface "this needs approval X" to its operator and stop.
+
+---
+
+## 📚 Command reference
+
+`mqgov <noun> <verb> [flags]`. Add `-o json` for machine-readable output, `--help` on any command for its full flag set, and `mqgov capabilities -o json` to ask the bound backend what it actually supports.
+
+<details open>
+<summary><b>topic</b> — topics / queues</summary>
+
+```bash
+# Read (R0)
+mqgov topic list     [--pattern <name|glob>] -o json
+mqgov topic describe <topic> -o json
+
+# Write
+mqgov topic create <topic> [--partitions N] --yes                                  # R1 (R2 if protected)
+mqgov topic alter  <topic> --partitions N --yes --ticket <t>                       # R2 (Kafka/Pulsar)
+mqgov topic purge  <topic> [--dlq] --dry-run                                        # R0 preview
+mqgov topic purge  <topic> [--dlq] --yes --ticket <t> --allow-topic-purge          # R3
+mqgov topic delete <topic> --yes --ticket <t> --allow-topic-delete                 # R3
+```
+</details>
+
+<details>
+<summary><b>group</b> — consumer groups / subscriptions</summary>
+
+```bash
+# Read (R0)
+mqgov group list [--pattern <name>] -o json
+mqgov group lag  <group> <topic> -o json
+
+# Reset a consumer group's position
+mqgov group reset-offset <group> <topic> --to <target> --dry-run -o json           # R0 preview (real per-partition delta)
+mqgov group reset-offset <group> <topic> --to <target> --yes --ticket <t> --allow-offset-reset   # R3
+
+#   --to: earliest | latest | offset:N | datetime:<RFC3339> | shift:±N
+#   (offset:N / shift:N are Kafka-only; unsupported targets/backends return a clear error)
+```
+
+Offsets are a Kafka and Pulsar concept. On RabbitMQ and RocketMQ, `group lag` / `reset-offset` fail closed with `NOT_IMPLEMENTED`.
+</details>
+
+<details>
+<summary><b>message</b> — peek & produce</summary>
+
+```bash
+mqgov message peek    <topic> [--partition N] [--offset N] [--count N] -o json     # R0, non-destructive, fingerprints only
+mqgov message produce <topic> [--key <k>] [--body <text>] --yes                    # R1 (R3 + --allow-internal-produce for internal topics)
+```
+
+`peek` never consumes a message or moves a cursor, and returns only sha256 fingerprints (`keySha256`, `bodySha256`, size) — never the body. On RocketMQ, `peek` fails closed (`NOT_IMPLEMENTED`).
+</details>
+
+<details>
+<summary><b>ctx</b>, <b>audit</b>, <b>doctor</b> & friends</summary>
+
+```bash
+# Backend-bound contexts (credentials go through credstore, never plaintext)
+mqgov ctx set <name> --backend kafka    --brokers <h:p,h:p> [--sasl-mechanism PLAIN] [--tls --ca-cert <f>] [--protected]
+mqgov ctx set <name> --backend rabbitmq (--amqp-url <url> | --host <h> --port <p> --vhost </>) --management-url <url>
+mqgov ctx set <name> --backend pulsar   --service-url pulsar://<h:p> --admin-url http://<h:p> [--tenant public] [--pulsar-namespace default]
+mqgov ctx set <name> --backend rocketmq --nameservers <h:p,h:p> [--broker-addr <h:p>]
+mqgov ctx use|list|current|delete|test
+#   secrets: --password <pw|token|secretKey> --credential-backend <encrypted-file|keychain|...>  (a non-plain backend is required)
+
+# Audit (tamper-evident, fingerprint-only)
+mqgov audit query  [--since 24h] [--type <t>] [--operator <o>] [--status <s>] [--limit 100] -o json
+mqgov audit verify [--strict] -o json
+
+# Diagnostics & ecosystem
+mqgov doctor -o json            # read-only health check (redacted output)
+mqgov capabilities -o json      # what the bound backend supports
+mqgov completion bash|zsh|fish|powershell
+mqgov install <agent> --skills  # install the mqgov AI skill into an agent (claude, codex, …) or a custom path
+mqgov version
+```
+</details>
+
+---
+
+## 🤖 For AI agents
+
+mqgov-cli is designed to be driven by autonomous agents safely:
+
+- Run `mqgov capabilities -o json` first to discover what the bound backend supports — brokers differ, don't assume (e.g. RabbitMQ/RocketMQ have no offsets; RocketMQ has no peek).
+- Use `-o json` everywhere; every command returns a stable, versioned envelope.
+- Get blast radius from `--dry-run` / `--plan`, never from your own reasoning.
+- **Never self-fill `--ticket`, `--allow-*`, or a high-risk `--yes`.** Surface the required human approval and stop.
+
+Install the bundled skill into your agent so it learns these rules automatically:
+
+```bash
+mqgov install claude --skills     # also: codex, opencode, copilot, cursor, windsurf, aider, cc-switch
+```
+
+---
+
+## 🔏 Trust & verification
+
+- **Signed binaries** — every release artifact is signed with [cosign](https://github.com/sigstore/cosign) (keyless / OIDC). A `checksums.txt` (also signed) covers all platforms.
+- **npm provenance** — the npm package is published from CI via OpenID Connect with [provenance attestations](https://docs.npmjs.com/generating-provenance-statements) linking it to this exact repo and workflow.
+- **Verified installs** — the npm postinstall downloads the binary over an allow-listed host and checks its SHA-256 against the signed `checksums.txt` before installing.
+- **Tamper-evident audit** — `mqgov audit verify --strict` re-walks the hash chain and reports any gap or modification.
+- **No insecure transport** — SASL/TLS and mTLS only; mqgov never offers an insecure-skip-verify escape hatch.
+
+---
+
+## 🏗️ Build from source & contribute
+
+```bash
+git clone https://github.com/JiangHe12/mqgov-cli && cd mqgov-cli
+go build ./...
+go test -count=1 ./...
+gofmt -l main.go cmd internal      # must print nothing
+golangci-lint run --timeout=5m
+go vet -tags=integration ./...
+```
+
+Real-backend integration tests (`//go:build integration`, env-gated, skipped by default) run against live Kafka/RabbitMQ/Pulsar/RocketMQ containers in the nightly `integration.yml` workflow; see [`docs/`](docs/) for how to run them locally with the bundled `docker-compose.*.yml` files.
+
+mqgov-cli is built on the shared [`opskit-core`](https://github.com/JiangHe12/opskit-core) governance engine and is part of the **opskit** family of governed CLIs for AI agents — alongside [`dbgov-cli`](https://www.npmjs.com/package/dbgov-cli) (databases), [`srvgov-cli`](https://www.npmjs.com/package/srvgov-cli) (remote servers), and [`cfgov-cli`](https://www.npmjs.com/package/cfgov-cli) (config centers).
+
+---
+
+## 📄 License
+
+[MIT](LICENSE) © JiangHe12

package/bin/mqgov-cli.js

@@ -0,0 +1,35 @@
+#!/usr/bin/env node
+
+const { spawn } = require('child_process');
+const path = require('path');
+const fs = require('fs');
+const os = require('os');
+
+function getBinaryPath() {
+  const binaryName = os.platform() === 'win32' ? 'mqgov.exe' : 'mqgov';
+  return path.join(__dirname, binaryName);
+}
+
+function main() {
+  const binaryPath = getBinaryPath();
+  if (!fs.existsSync(binaryPath)) {
+    console.error('mqgov binary not found. Please reinstall:');
+    console.error('  npm install -g mqgov-cli');
+    process.exit(1);
+  }
+
+  const child = spawn(binaryPath, process.argv.slice(2), { stdio: 'inherit' });
+  child.on('error', (err) => {
+    console.error('Failed to run mqgov:', err.message);
+    process.exit(1);
+  });
+  child.on('exit', (code, signal) => {
+    if (signal) {
+      process.kill(process.pid, signal);
+      return;
+    }
+    process.exit(code == null ? 1 : code);
+  });
+}
+
+main();

package/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "mqgov-cli",
+  "version": "0.1.0",
+  "description": "Governed message-broker operations CLI for AI agents (Kafka, RabbitMQ, Pulsar, RocketMQ)",
+  "bin": {
+    "mqgov": "bin/mqgov-cli.js",
+    "mqgov-cli": "bin/mqgov-cli.js"
+  },
+  "files": [
+    "bin/",
+    "scripts/install.js",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "postinstall": "node scripts/install.js"
+  },
+  "keywords": [
+    "kafka",
+    "rabbitmq",
+    "pulsar",
+    "rocketmq",
+    "message-queue",
+    "governance",
+    "cli",
+    "ai"
+  ],
+  "author": "JiangHe12",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/JiangHe12/mqgov-cli.git"
+  },
+  "homepage": "https://github.com/JiangHe12/mqgov-cli",
+  "engines": {
+    "node": ">=14"
+  }
+}

package/scripts/install.js

@@ -0,0 +1,230 @@
+#!/usr/bin/env node
+
+const fs = require('fs');
+const path = require('path');
+const https = require('https');
+const http = require('http');
+const crypto = require('crypto');
+const { URL } = require('url');
+
+const pkg = require('../package.json');
+const VERSION = pkg.version;
+const REPO = 'JiangHe12/mqgov-cli';
+const TIMEOUT_MS = 30000;
+
+const ALLOWED_REDIRECT_HOSTS = new Set([
+  'github.com',
+  'objects.githubusercontent.com',
+  'github-releases.githubusercontent.com',
+  'release-assets.githubusercontent.com',
+  'github.githubassets.com',
+  'cdn.jsdelivr.net',
+  'fastly.jsdelivr.net',
+]);
+
+function isAllowedRedirectHost(urlStr) {
+  try {
+    const parsed = new URL(urlStr);
+    return ALLOWED_REDIRECT_HOSTS.has(parsed.hostname) || parsed.hostname.endsWith('.github.io');
+  } catch {
+    return false;
+  }
+}
+
+function applyMirror(canonicalUrl) {
+  const mirror = process.env.MQGOV_CLI_DOWNLOAD_MIRROR;
+  if (!mirror) return canonicalUrl;
+  return mirror.replace(/\/+$/, '') + '/' + canonicalUrl;
+}
+
+function pickClient(url) {
+  return new URL(url).protocol === 'http:' ? http : https;
+}
+
+function getPlatform() {
+  const platformMap = { win32: 'windows', darwin: 'darwin', linux: 'linux' };
+  const archMap = { x64: 'amd64', arm64: 'arm64' };
+  return {
+    os: platformMap[process.platform] || process.platform,
+    arch: archMap[process.arch] || process.arch,
+  };
+}
+
+function getBinaryName() {
+  const { os, arch } = getPlatform();
+  const ext = os === 'windows' ? '.exe' : '';
+  return `mqgov-cli-${os}-${arch}${ext}`;
+}
+
+function getDownloadUrl() {
+  const binary = getBinaryName();
+  return applyMirror(`https://github.com/${REPO}/releases/download/v${VERSION}/${binary}`);
+}
+
+function request(url, onResponse) {
+  const req = pickClient(url).get(url, onResponse);
+  req.setTimeout(TIMEOUT_MS, () => {
+    req.destroy(new Error(`Download timed out after ${TIMEOUT_MS / 1000}s`));
+  });
+  return req;
+}
+
+function redirectTarget(currentUrl, response) {
+  return new URL(response.headers.location, currentUrl).toString();
+}
+
+function download(url, dest, redirectCount = 0) {
+  return new Promise((resolve, reject) => {
+    if (redirectCount > 5) {
+      reject(new Error('Too many redirects'));
+      return;
+    }
+
+    const req = request(url, (response) => {
+      if (response.statusCode === 301 || response.statusCode === 302 ||
+          response.statusCode === 307 || response.statusCode === 308) {
+        response.resume();
+        const target = redirectTarget(url, response);
+        if (!isAllowedRedirectHost(target)) {
+          reject(new Error(`Redirect to non-allowed host rejected: ${target}`));
+          return;
+        }
+        download(target, dest, redirectCount + 1).then(resolve).catch(reject);
+        return;
+      }
+      if (response.statusCode !== 200) {
+        response.resume();
+        reject(new Error(`Download failed: ${response.statusCode}`));
+        return;
+      }
+
+      const file = fs.createWriteStream(dest);
+      response.pipe(file);
+      file.on('finish', () => file.close(resolve));
+      file.on('error', (err) => {
+        response.destroy();
+        fs.unlink(dest, () => {});
+        reject(err);
+      });
+    });
+    req.on('error', (err) => {
+      fs.unlink(dest, () => {});
+      reject(err);
+    });
+  });
+}
+
+function getChecksumsUrl() {
+  return `https://github.com/${REPO}/releases/download/v${VERSION}/checksums.txt`;
+}
+
+function downloadToString(url, redirectsLeft = 5) {
+  return new Promise((resolve, reject) => {
+    const req = request(url, (response) => {
+      if (response.statusCode === 301 || response.statusCode === 302 ||
+          response.statusCode === 307 || response.statusCode === 308) {
+        response.resume();
+        if (redirectsLeft <= 0) {
+          reject(new Error('Too many redirects'));
+          return;
+        }
+        const target = redirectTarget(url, response);
+        if (!isAllowedRedirectHost(target)) {
+          reject(new Error(`Redirect to non-allowed host rejected: ${target}`));
+          return;
+        }
+        downloadToString(target, redirectsLeft - 1).then(resolve).catch(reject);
+        return;
+      }
+      if (response.statusCode !== 200) {
+        response.resume();
+        reject(new Error(`Download failed: ${response.statusCode}`));
+        return;
+      }
+      let data = '';
+      response.setEncoding('utf8');
+      response.on('data', (chunk) => { data += chunk; });
+      response.on('end', () => resolve(data));
+    });
+    req.on('error', reject);
+  });
+}
+
+function sha256File(filePath) {
+  return new Promise((resolve, reject) => {
+    const hash = crypto.createHash('sha256');
+    const stream = fs.createReadStream(filePath);
+    stream.on('data', (data) => hash.update(data));
+    stream.on('end', () => resolve(hash.digest('hex')));
+    stream.on('error', reject);
+  });
+}
+
+function parseChecksums(text) {
+  const checksums = {};
+  for (const line of text.split('\n')) {
+    const match = line.trim().match(/^([a-f0-9]{64})\s+\*?(.+)$/);
+    if (match) checksums[match[2]] = match[1];
+  }
+  return checksums;
+}
+
+async function verifyDownloadedBinary(binaryPath, binaryName) {
+  if (process.env.MQGOV_CLI_SKIP_VERIFY === '1') {
+    console.log('Verification skipped (MQGOV_CLI_SKIP_VERIFY=1)');
+    return;
+  }
+  const checksumsUrl = getChecksumsUrl();
+  let checksums;
+  try {
+    checksums = parseChecksums(await downloadToString(checksumsUrl));
+  } catch (err) {
+    throw new Error(
+      `Could not fetch canonical checksums.txt from ${checksumsUrl}: ${err.message}. ` +
+      'Set MQGOV_CLI_SKIP_VERIFY=1 to install without checksum verification.'
+    );
+  }
+  if (!checksums[binaryName]) {
+    throw new Error(
+      `No checksum found for ${binaryName}. ` +
+      'Set MQGOV_CLI_SKIP_VERIFY=1 to install without checksum verification.'
+    );
+  }
+  const actual = await sha256File(binaryPath);
+  if (actual !== checksums[binaryName]) {
+    try { fs.unlinkSync(binaryPath); } catch {}
+    throw new Error(
+      `SHA-256 mismatch for ${binaryName}\n` +
+      `  Expected: ${checksums[binaryName]}\n` +
+      `  Actual:   ${actual}\n` +
+      'The downloaded binary may be corrupted or tampered with.'
+    );
+  }
+  console.log('SHA-256 verification passed');
+}
+
+async function main() {
+  const { os, arch } = getPlatform();
+  const binary = getBinaryName();
+  const url = getDownloadUrl();
+  const destDir = path.join(__dirname, '..', 'bin');
+  const dest = path.join(destDir, os === 'windows' ? 'mqgov.exe' : 'mqgov');
+
+  console.log(`Installing mqgov v${VERSION} for ${os}/${arch}...`);
+  fs.mkdirSync(destDir, { recursive: true });
+
+  try {
+    await download(url, dest);
+    await verifyDownloadedBinary(dest, binary);
+    if (os !== 'windows') fs.chmodSync(dest, 0o755);
+    console.log('mqgov installed successfully!');
+  } catch (err) {
+    console.error('Failed to install mqgov:', err.message);
+    console.error('');
+    console.error('Please download manually from:');
+    console.error(`  ${url}`);
+    process.exit(1);
+  }
+}
+
+main();