Describe how mode awareness should appear in latchkeyd command output and errors.
- make the active posture visible
- keep errors structured
- avoid hidden widening of policy behavior
status should expose:
- version
- manifest path
- support directory
- events path
- supported modes
- brokered protocol version when applicable
manifest init, refresh, and verify should keep structured JSON output.
Mode-aware validation should appear in manifest verify items, especially for:
- brokered operation sets
- brokered policy bindings
exec inherits child stdout and stderr, but mode should still be visible in audit events and policy configuration.
Expected behavior:
handoff: approved env injectiononeshot: bounded command enforcementbrokered: session setup plus request-time operation handling
validate should prove the expected mode-aware workstation behavior.
The current example validation includes:
- handoff demo
- brokered demo
- denial scenario
Mode-aware errors should remain structured JSON.
Important codes:
USAGE_ERRORTRUST_DENIEDMANIFEST_INVALIDBACKEND_ERRORLOGGING_ERROROPERATION_NOT_ALLOWED- brokered session errors such as auth or expiry failures
The CLI should make it obvious which path failed:
- trust verification
- backend resolution
- logging contract
- brokered session
- brokered operation allowlist