Metadata-Version: 2.4
Name: artifact-locker
Version: 0.3.2
Summary: OCI-only artifact catalog CLI
Author: OpenAI Codex
License: GPL-3.0-only
License-File: LICENSE
Keywords: artifacts,catalog,locker,oci,oras
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Utilities
Requires-Python: >=3.11
Provides-Extra: dev
Requires-Dist: build>=1.2.2; extra == 'dev'
Requires-Dist: pytest>=8.0.0; extra == 'dev'
Requires-Dist: ruff>=0.11.0; extra == 'dev'
Description-Content-Type: text/markdown

# artifact-locker

`artifact-locker` stores a small local catalog of files and syncs that current
state through OCI with `oras`.

The installed CLI is available as both `artifact-locker` and the shorter
`artlock`.

The model is intentionally simple:
- every artifact is a real stored file
- the local catalog is the source of truth
- `push` makes the remote match local current state
- `pull` restores that current state on another machine

## Commands

- `artifact-locker init`
- `artifact-locker add [source-or-url]`
- `artifact-locker list [query]`
- `artifact-locker find <query>`
- `artifact-locker show <query>`
- `artifact-locker remove <query>`
- `artifact-locker verify --catalog|--local|--all`
- `artifact-locker push`
- `artifact-locker pull`

## Repo Layout

```text
.
├── catalog/
│   ├── artifacts.json
│   └── checksums.txt
├── config.json
└── staging/
    └── release-assets/
```

`config.json` stores the OCI repository and the local artifact directory. By
default the managed repo lives under `~/.local/share/artifact-locker/` and the
managed payload directory is `~/.local/share/artifact-locker/artifacts`.

Managed payloads are stored by platform, category, and artifact ID:

```text
~/.local/share/artifact-locker/artifacts/<platform>/<category>/<artifact_id>/<filename>
```

Registry authentication is external. For ECR Public:

```bash
aws ecr-public get-login-password --region us-east-1 | \
  oras login -u AWS --password-stdin public.ecr.aws
```

## Usage

```bash
artifact-locker init
artifact-locker add ./Seatbelt.exe --platform windows --category bin --no-input
artifact-locker add https://example.test/tool.zip --platform linux --category archive --no-input
artifact-locker find seatbelt
artifact-locker show Seatbelt.exe
artifact-locker remove seatbelt
artifact-locker push
artifact-locker pull
```

The OCI repository is treated as fully owned by `artifact-locker`. Any remote
tag not part of the current live state may be removed on `push`.

## Development

```bash
python3 -m pytest
python3 -m build
```
