Experimental subcommand-based interface

[ok-nick]

Changes in this pull request

Rework the CLI to use subcommands rather than optional arguments.

• Introduces subcommands as follows
  • c2patool sign - sign manifest
  • c2patool extract - extract data
    • c2patool extract resources - extract resources
    • c2patool extract ingredient - extract ingredient json and binary manifest
    • c2patool extract manifest - extract json manifest (can extract .c2pa manifest with --binary )
  • c2patool view - view info about manifest
    • c2patool view manifest - view user-friendly json manifest (can specify --debug)
    • c2patool view ingredient - view json ingredient
    • c2patool view info - view general info about a manifest
    • c2patool view tree - view manifest tree
    • c2patool view certs - view manifest certs
• More intuitive
  • With the old one, it's valid to specify c2patool i.jpg --info --certs --tree --detailed --manifest manifest.json --output o.jpg trust, but what's actually happening?
  • With the new one, it's impossible to make an ambiguous call, for each subcommand you can only specify the arguments relevant to that subcommand (otherwise clap will output a user-friendly error w/ suggestions)
  • Because of this, --help menus are much shorter and navigable, describing what subcommands/args are valid to specify
  • Subcommands also follow a familiar interface, similar to existing tools such as cargo, rustup, cross, git, etc.
• Easier to modularize
  • Subcommands can be broken down into logical units, making it significantly easier to add new subcommands and modify existing ones
  • Subcommands can be constructed individually and tested individually
• Migrated to the (new) c2pa-rs unstable API
  • Migrate to c2pa-rs unstable API #187

Additional Changes

• Added insta-rs snapshot integration tests (asserts outputs against a reference value)
• Added --binary flag to extract manifest as .c2pa binary manifest
• Added --no-verify flag to allow extracting invalid binary manifests for debugging
• Added --unknown flag to additionally extract unstandardized labeled resources
• Added --no-embed flag when signing to not embed a manifest in the asset.
• Added glob as input path to sign multiple assets w/ the same manifest
• Added --verbose flag to specify verbosity via flags (rather than only env vars)
• Changed args to kebab-case (default) rather than a mix of kebab-case and snake_case
• Changed --no-verify-signing to --no-verify
• Changed check to allow different file extensions for input/output if --sidecar is specified
• Changed ingredient_paths to be merged into ingredients field, specifying path or inline ingredient in .json
• Changed --remote to --manifest-url and applied the same suffix-style pattern to trust args
• Removed extracting ingredient .json also extracts .c2pa binary manifest (use extract manifest --binary)
• Removed --remote in favor of specifying path or url in --manifest (similar to trust args)

Uncertain Changes

• Removed checking for child ingredient.json if directory specified as ingredient path
• Removed passing manifest as string via --config
• Removed displaying manifest after signing (what would happen if multiple files are signed?)

Examples

# old
c2patool some_dir/C.jpg
# new - exactly the same
c2patool some_dir/C.jpg
# new - the above command redirects to below
c2patool view manifest some_dir/C.jpg
# new - let's view a detailed (debug) manifest
c2patool view manifest some_dir/C.jpg --debug

# old - let's view the certs
c2patool some_dir/C.jpg --certs
# new - the view subcommand contains: manifest, ingredient, info, tree, certs
c2patool view certs some_dir/C.jpg

# old - let's sign a manifest
c2patool some_dir/C.jpg --manifest some_dir/ingredient_test.json --output some_dir/C-signed.jpg
# new - very similar, it's now locked behind a subcommand
c2patool sign some_dir/C.jpg --manifest some_dir/ingredient_test.json --output some_dir/C-signed.jpg
# new - let's sign jpg files recursively
c2patool sign some_dir/**/*.jpg --manifest some_dir/ingredient_test.json --output some_dir/

# old - let's extract resources
c2patool some_dir/C.jpg --output some_dir
# new - now our intention is clear
c2patool extract resources some_dir/C.jpg --output some_dir
# new - I want to extract resources for all jpg files in some_dir
c2patool extract resources some_dir/*.jpg --output some_dir

Screenshots

c2patool

c2patool extract

c2patool view

c2patool view manifest -h

c2patool sign -h

Checklist

• This PR represents a single feature, fix, or change.
• All applicable changes have been documented.
• Any TO DO items (or similar) have been entered as GitHub issues and the link to that issue has been included in a comment.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 68.40077% with 164 lines in your changes missing coverage. Please review.

Project coverage is 74.43%. Comparing base (f216d3e) to head (e4e0553).
Report is 1 commits behind head on main.

Files	Patch %	Lines
src/commands/sign.rs	66.84%	63 Missing ⚠️
src/commands/extract.rs	60.37%	42 Missing ⚠️
src/commands/view.rs	63.72%	37 Missing ⚠️
src/main.rs	62.50%	15 Missing ⚠️
src/commands/mod.rs	88.13%	7 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@             Coverage Diff             @@
##             main     #185       +/-   ##
===========================================
+ Coverage   47.89%   74.43%   +26.53%     
===========================================
  Files           4        7        +3     
  Lines         666      841      +175     
===========================================
+ Hits          319      626      +307     
+ Misses        347      215      -132     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[mauricefisher64]

Nice job

[dkozma]

This PR info looks amazing! Good work @ok-nick ! Will take a closer look at the code later today.

[dyro]

Have you thought about how we'd roll this change out? Is the subcommand API the 1.0 version of c2patool?

[dyro]

Nice, this will be insanely useful.

[ok-nick]

With the unstable API we should be able to support this functionality. Separate PR coming soon.

[ok-nick]

Added: d67b6dc

[dyro]

What do you think about having distinct exit codes per error that the command encounters? We have another CLI tool for internal clients named adobe_c2patool that uses a similar subcommand model. In that tool, we have distinct exit codes so clients can easily key off those exit codes to influence logic on their end without parsing strings.

This could be separate ticket - just curious what you think.

[ok-nick]

That's a good idea. Another option is to introduce an argument such as --format, similar to cargo's --message-format=json. It can provide detailed information about command success/failure, e.g. paths that successfully signed and paths that failed to sign. I think this would pair well with exit codes?

Here's a real example of how cargo outputs with --message-format=json (there are multiple outputs like this as the command runs):

{
   "reason":"compiler-artifact",
   "package_id":"registry+https://github.com/rust-lang/crates.io-index#[email protected]",
   "manifest_path":"/Users/me/.cargo/registry/src/index.crates.io-6f17d22bba15001f/mockall-0.12.1/Cargo.toml",
   "target":{
      "kind":[
         "lib"
      ],
      "crate_types":[
         "lib"
      ],
      "name":"mockall",
      "src_path":"/Users/me/.cargo/registry/src/index.crates.io-6f17d22bba15001f/mockall-0.12.1/src/lib.rs",
      "edition":"2021",
      "doc":true,
      "doctest":true,
      "test":true
   },
   "profile":{
      "opt_level":"0",
      "debuginfo":2,
      "debug_assertions":true,
      "overflow_checks":true,
      "test":false
   },
   "features":[
      
   ],
   "filenames":[
      "/Users/me/Documents/repos/c2patool/target/debug/deps/libmockall-7bdbc60eb0277649.rlib",
      "/Users/me/Documents/repos/c2patool/target/debug/deps/libmockall-7bdbc60eb0277649.rmeta"
   ],
   "executable":null,
   "fresh":true
}

[ok-nick]

Also, it may help to restructure the program to remove its dependence on anyhow. If we provide detailed errors we can support detailed output formats ^ and assign error codes to errors via Termination.