Add cert info command, --export-cer flag, and --json output for cert commands

[nmetulev]

Improves the cert command group with a new subcommand, a public key export flag, and structured JSON output for programmatic consumption.

Changes

New: cert info command

Displays certificate details from a PFX file — subject, issuer, thumbprint, serial number, validity dates, and private key status. Useful for verifying a certificate matches your manifest before signing.

winapp cert info ./devcert.pfx --password password

New: --export-cer flag on cert generate

Exports a .cer file (public key only) alongside the .pfx. Useful for distributing the public certificate separately for trust installation.

winapp cert generate --publisher "CN=MyApp" --export-cer

New: --json output on cert commands

Both cert generate and cert info support --json for machine-readable output. When --json is specified:

• Log output and first-run notices are suppressed so stdout contains only valid JSON
• Errors are also returned as JSON ({"error": "..."}) instead of writing to stderr
• Commands that don't opt in to --json reject it with a parse error

winapp cert generate --publisher "CN=MyApp" --json
# → {"certificatePath": "...", "password": "...", "publisher": "...", "subjectName": "...", "publicCertificatePath": null}

winapp cert info ./devcert.pfx --json
# → {"subject": "CN=MyApp", "thumbprint": "...", "notAfter": "...", ...}

Bug fix: --output now accepts absolute paths

Changed AcceptLegalFileNamesOnly() to AcceptLegalFilePathsOnly() so cert generate --output C:\certs\dev.pfx works correctly.

Type of Change

• 🐛 Bug fix
• ✨ New feature
• 📝 Documentation

Checklist

• New tests added for new functionality (if applicable)
• Tested locally on Windows
• docs/usage.md updated (if CLI commands changed)

[github-actions]

Build Metrics Report

Binary Sizes

Artifact	Baseline	Current	Delta
CLI (ARM64)	13.70 MB	13.75 MB	📈 +52.5 KB (+0.37%)
CLI (x64)	13.01 MB	13.06 MB	📈 +51.5 KB (+0.39%)
MSIX (ARM64)	5.96 MB	5.98 MB	📈 +16.6 KB (+0.27%)
MSIX (x64)	6.20 MB	6.22 MB	📈 +21.2 KB (+0.33%)
NPM Package	12.14 MB	12.18 MB	📈 +42.4 KB (+0.34%)

Test Results

✅ 323 passed, 6 skipped out of 329 tests in 52.0s (+24 tests, -7.6s vs. baseline)

CLI Startup Time

32ms median (x64, winapp --version) · ✅ no change vs. baseline

---

Updated 2026-02-27 21:17:45 UTC · commit c22b0f7 · workflow run

[Copilot]

Pull request overview

This PR enhances the cert command group with new functionality for programmatic certificate management. It introduces a cert info subcommand for inspecting certificate details, adds a --export-cer flag for exporting public keys separately, and implements --json output mode for machine-readable responses across cert commands. Additionally, it fixes a bug where --output only accepted file names, not absolute paths.

Changes:

• New cert info command displays certificate metadata (subject, issuer, thumbprint, validity, private key status)
• --export-cer flag on cert generate exports a .cer file (public key only) alongside the .pfx
• --json output mode for cert generate and cert info with consistent error handling via JSON
• Bug fix: --output option now accepts absolute and relative paths (changed AcceptLegalFileNamesOnly() to AcceptLegalFilePathsOnly())

Reviewed changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/winapp-CLI/WinApp.Cli/Services/StatusService.cs	Adds ExecuteQuietlyAsync method to suppress console output for JSON mode execution
src/winapp-CLI/WinApp.Cli/Services/IStatusService.cs	Interface definition for ExecuteQuietlyAsync
src/winapp-CLI/WinApp.Cli/Services/CertificateService.cs	Implements .cer export logic and adds exportCer parameter to certificate generation methods
src/winapp-CLI/WinApp.Cli/Services/ICertificateService.cs	Adds exportCer parameter to interface methods
src/winapp-CLI/WinApp.Cli/Program.cs	Suppresses logging in JSON mode by setting LogLevel.None and skips first-run notice
src/winapp-CLI/WinApp.Cli/Models/JsonOutputModels.cs	New file defining JSON output models with source-generated serialization
src/winapp-CLI/WinApp.Cli/Commands/WinAppRootCommand.cs	Defines global --json option for commands to opt into
src/winapp-CLI/WinApp.Cli/Commands/CertCommand.cs	Registers new CertInfoCommand as subcommand
src/winapp-CLI/WinApp.Cli/Commands/CertInfoCommand.cs	New command implementation for displaying certificate details
src/winapp-CLI/WinApp.Cli/Commands/CertGenerateCommand.cs	Adds --export-cer and --json support, fixes path validation bug
src/winapp-CLI/WinApp.Cli/Helpers/HostBuilderExtensions.cs	Registers CertInfoCommand handler in DI container
src/winapp-CLI/WinApp.Cli.Tests/CertInfoCommandTests.cs	Comprehensive tests for new cert info command covering parsing, output, and error cases
src/winapp-CLI/WinApp.Cli.Tests/CertGenerateCommandTests.cs	New tests for path validation, --export-cer, and --json functionality
src/winapp-CLI/WinApp.Cli.Tests/SignCommandTests.cs	Updates parameter name for clarity after signature change
docs/llm-context.md	Documents new command and options
docs/cli-schema.json	Updates CLI schema with new command and options