cerro_cli.adb
1 -- Cerro Torre CLI - Command implementations 2 -- SPDX-License-Identifier: MIT OR AGPL-3.0-or-later 3 -- Palimpsest-Covenant: 1.0 4 5 with Ada.Text_IO; 6 with Ada.Command_Line; 7 with CT_Errors; 8 9 package body Cerro_CLI is 10 11 use Ada.Text_IO; 12 use Ada.Command_Line; 13 14 ---------- 15 -- Pack -- 16 ---------- 17 18 procedure Run_Pack is 19 begin 20 if Argument_Count < 2 then 21 Put_Line ("Usage: ct pack <image-ref> -o <output.ctp>"); 22 Put_Line (""); 23 Put_Line ("Create a verifiable .ctp bundle from an OCI image."); 24 Put_Line (""); 25 Put_Line ("Examples:"); 26 Put_Line (" ct pack docker.io/library/nginx:1.26 -o nginx.ctp"); 27 Put_Line (" ct pack oci:./local-image -o local.ctp"); 28 Put_Line (" ct pack ghcr.io/org/app:v1 -o app.ctp -k my-key"); 29 Put_Line (""); 30 Put_Line ("Options:"); 31 Put_Line (" -o, --output <file> Output path for .ctp bundle (required)"); 32 Put_Line (" -k, --key <key-id> Signing key to use (default: default key)"); 33 Put_Line (" --suite <suite-id> Crypto suite (default: CT-SIG-01)"); 34 Put_Line (" --no-sign Create unsigned bundle"); 35 Set_Exit_Status (CT_Errors.Exit_General_Failure); 36 return; 37 end if; 38 39 declare 40 Image_Ref : constant String := Argument (2); 41 begin 42 Put_Line ("Packing image: " & Image_Ref); 43 Put_Line (""); 44 Put_Line ("(Not yet implemented)"); 45 Put_Line (""); 46 Put_Line ("This command will:"); 47 Put_Line (" 1. Read OCI image metadata (via skopeo)"); 48 Put_Line (" 2. Generate canonical manifest.toml"); 49 Put_Line (" 3. Generate summary.json with all digests"); 50 Put_Line (" 4. Sign with specified key"); 51 Put_Line (" 5. Write .ctp bundle"); 52 Set_Exit_Status (CT_Errors.Exit_General_Failure); 53 end; 54 end Run_Pack; 55 56 ------------ 57 -- Verify -- 58 ------------ 59 60 procedure Run_Verify is 61 begin 62 if Argument_Count < 2 then 63 Put_Line ("Usage: ct verify <bundle.ctp> [--policy <file>]"); 64 Put_Line (""); 65 Put_Line ("Verify a .ctp bundle with specific exit codes."); 66 Put_Line (""); 67 Put_Line ("Exit codes:"); 68 Put_Line (" 0 Verification succeeded"); 69 Put_Line (" 1 Hash mismatch (content tampered)"); 70 Put_Line (" 2 Signature invalid"); 71 Put_Line (" 3 Key not trusted by policy"); 72 Put_Line (" 4 Policy rejection (registry/base not allowed)"); 73 Put_Line (" 5 Missing required attestation"); 74 Put_Line (" 10 Malformed bundle"); 75 Put_Line (" 11 I/O error"); 76 Put_Line (""); 77 Put_Line ("Options:"); 78 Put_Line (" --policy <file> Trust policy file"); 79 Put_Line (" --offline Skip transparency log checks"); 80 Put_Line (" --verbose Show detailed verification steps"); 81 Put_Line (" --json Output machine-readable JSON"); 82 Set_Exit_Status (CT_Errors.Exit_General_Failure); 83 return; 84 end if; 85 86 declare 87 Bundle_Path : constant String := Argument (2); 88 begin 89 Put_Line ("Verifying bundle: " & Bundle_Path); 90 Put_Line (""); 91 Put_Line ("(Not yet implemented)"); 92 Put_Line (""); 93 Put_Line ("This command will:"); 94 Put_Line (" 1. Parse bundle structure"); 95 Put_Line (" 2. Verify all content hashes match summary"); 96 Put_Line (" 3. Verify signatures against policy"); 97 Put_Line (" 4. Return specific exit code for each failure type"); 98 Set_Exit_Status (CT_Errors.Exit_General_Failure); 99 end; 100 end Run_Verify; 101 102 ------------- 103 -- Explain -- 104 ------------- 105 106 procedure Run_Explain is 107 begin 108 if Argument_Count < 2 then 109 Put_Line ("Usage: ct explain <bundle.ctp> [--signers|--layers]"); 110 Put_Line (""); 111 Put_Line ("Print human-readable verification chain."); 112 Put_Line (""); 113 Put_Line ("Options:"); 114 Put_Line (" --signers Show only signer information"); 115 Put_Line (" --layers Show only layer digests"); 116 Set_Exit_Status (CT_Errors.Exit_General_Failure); 117 return; 118 end if; 119 120 declare 121 Bundle_Path : constant String := Argument (2); 122 begin 123 Put_Line ("Explaining bundle: " & Bundle_Path); 124 Put_Line (""); 125 Put_Line ("(Not yet implemented)"); 126 Put_Line (""); 127 Put_Line ("Output will show:"); 128 Put_Line (" - Package info (name, version, suite)"); 129 Put_Line (" - Provenance (source, fetch time)"); 130 Put_Line (" - Content (manifest digest, layers)"); 131 Put_Line (" - Signatures (key id, fingerprint, time)"); 132 Put_Line (" - Trust chain status"); 133 Set_Exit_Status (CT_Errors.Exit_General_Failure); 134 end; 135 end Run_Explain; 136 137 ------------ 138 -- Keygen -- 139 ------------ 140 141 procedure Run_Keygen is 142 begin 143 Put_Line ("Usage: ct keygen [--id <name>] [--suite <suite-id>]"); 144 Put_Line (""); 145 Put_Line ("Generate a new signing keypair."); 146 Put_Line (""); 147 Put_Line ("Options:"); 148 Put_Line (" --id <name> Key identifier (default: auto-generated)"); 149 Put_Line (" --suite <suite> Crypto suite (default: CT-SIG-01)"); 150 Put_Line (" --output <dir> Output directory"); 151 Put_Line (" --no-password Don't encrypt private key (not recommended)"); 152 Put_Line (""); 153 Put_Line ("Suites:"); 154 Put_Line (" CT-SIG-01 Ed25519 (classical, default)"); 155 Put_Line (" CT-SIG-02 Ed25519 + ML-DSA-87 (hybrid, v0.2)"); 156 Put_Line (" CT-SIG-03 ML-DSA-87 (post-quantum only, v0.2)"); 157 Put_Line (""); 158 Put_Line ("(Not yet implemented)"); 159 Set_Exit_Status (CT_Errors.Exit_General_Failure); 160 end Run_Keygen; 161 162 --------- 163 -- Key -- 164 --------- 165 166 procedure Run_Key is 167 begin 168 if Argument_Count < 2 then 169 Put_Line ("Usage: ct key <subcommand> [args]"); 170 Put_Line (""); 171 Put_Line ("Key management subcommands:"); 172 Put_Line (" list List all keys"); 173 Put_Line (" import <file> Import a public key"); 174 Put_Line (" export <id> --public Export public key"); 175 Put_Line (" delete <id> Remove a key"); 176 Put_Line (" default <id> Set default signing key"); 177 Put_Line (""); 178 Put_Line ("Examples:"); 179 Put_Line (" ct key list"); 180 Put_Line (" ct key import upstream-nginx.pub"); 181 Put_Line (" ct key export my-key --public > my-key.pub"); 182 Put_Line (" ct key default my-key"); 183 Set_Exit_Status (CT_Errors.Exit_General_Failure); 184 return; 185 end if; 186 187 declare 188 Subcommand : constant String := Argument (2); 189 begin 190 Put_Line ("Key subcommand: " & Subcommand); 191 Put_Line ("(Not yet implemented)"); 192 Set_Exit_Status (CT_Errors.Exit_General_Failure); 193 end; 194 end Run_Key; 195 196 ----------- 197 -- Fetch -- 198 ----------- 199 200 procedure Run_Fetch is 201 begin 202 Put_Line ("Usage: ct fetch <ref> -o <output.ctp> [--create]"); 203 Put_Line (""); 204 Put_Line ("Pull a .ctp bundle from a registry, or create from OCI image."); 205 Put_Line (""); 206 Put_Line ("(v0.2 - Not yet implemented)"); 207 Set_Exit_Status (CT_Errors.Exit_General_Failure); 208 end Run_Fetch; 209 210 ---------- 211 -- Push -- 212 ---------- 213 214 procedure Run_Push is 215 begin 216 Put_Line ("Usage: ct push <bundle.ctp> <destination>"); 217 Put_Line (""); 218 Put_Line ("Publish a .ctp bundle to a registry or mirror."); 219 Put_Line (""); 220 Put_Line ("Destinations:"); 221 Put_Line (" registry.io/name:tag OCI registry"); 222 Put_Line (" s3://bucket/path S3-compatible store"); 223 Put_Line (" git://host/repo Git repository"); 224 Put_Line (""); 225 Put_Line ("(v0.2 - Not yet implemented)"); 226 Set_Exit_Status (CT_Errors.Exit_General_Failure); 227 end Run_Push; 228 229 ------------ 230 -- Import -- 231 ------------ 232 233 procedure Run_Import is 234 begin 235 Put_Line ("Usage: ct import <archive> [--verify]"); 236 Put_Line (""); 237 Put_Line ("Import from offline archive."); 238 Put_Line (""); 239 Put_Line ("Options:"); 240 Put_Line (" --verify Verify each bundle after import"); 241 Put_Line (" --policy <file> Policy for verification"); 242 Put_Line (" --keys-only Only import keys, not bundles"); 243 Put_Line (" --output-dir <dir> Where to place imported bundles"); 244 Put_Line (""); 245 Put_Line ("(v0.2 - Not yet implemented)"); 246 Set_Exit_Status (CT_Errors.Exit_General_Failure); 247 end Run_Import; 248 249 --------- 250 -- Run -- 251 --------- 252 253 procedure Run_Run is 254 begin 255 Put_Line ("Usage: ct export <bundles...> -o <archive>"); 256 Put_Line (""); 257 Put_Line ("Export bundles for offline transfer."); 258 Put_Line (""); 259 Put_Line ("Options:"); 260 Put_Line (" -o, --output <file> Output archive path"); 261 Put_Line (" --manifest <file> File listing bundles to export"); 262 Put_Line (" --include-keys Include public keys for verification"); 263 Put_Line (" --format <fmt> Archive format: tar, tar.gz, tar.zst"); 264 Put_Line (""); 265 Put_Line ("(v0.2 - Not yet implemented)"); 266 Set_Exit_Status (CT_Errors.Exit_General_Failure); 267 end Run_Export; 268 269 ------------ 270 -- Import -- 271 ------------ 272 273 procedure Run_Import is 274 begin 275 Put_Line ("Usage: ct import <archive> [--verify]"); 276 Put_Line (""); 277 Put_Line ("Import from offline archive."); 278 Put_Line (""); 279 Put_Line ("Options:"); 280 Put_Line (" --verify Verify each bundle after import"); 281 Put_Line (" --policy <file> Policy for verification"); 282 Put_Line (" --keys-only Only import keys, not bundles"); 283 Put_Line (" --output-dir <dir> Where to place imported bundles"); 284 Put_Line (""); 285 Put_Line ("(v0.2 - Not yet implemented)"); 286 Set_Exit_Status (CT_Errors.Exit_General_Failure); 287 end Run_Import; 288 289 --------- 290 -- Run -- 291 --------- 292 293 procedure Run_Run is 294 begin 295 if Argument_Count < 2 then 296 Put_Line ("Usage: ct run <bundle.ctp> [--runtime=<name>] [-- <args>]"); 297 Put_Line (""); 298 Put_Line ("Run a verified bundle via configured runtime."); 299 Put_Line (""); 300 Put_Line ("Options:"); 301 Put_Line (" --runtime=<name> Runtime to use (default from config)"); 302 Put_Line (" --no-verify Skip verification before run"); 303 Put_Line (" -- <args> Pass remaining args to runtime"); 304 Put_Line (""); 305 Put_Line ("Runtimes:"); 306 Put_Line (" svalinn Svalinn (recommended)"); 307 Put_Line (" podman Podman"); 308 Put_Line (" docker Docker"); 309 Put_Line (" nerdctl containerd/nerdctl"); 310 Put_Line (""); 311 Put_Line ("Examples:"); 312 Put_Line (" ct run nginx.ctp"); 313 Put_Line (" ct run nginx.ctp --runtime=svalinn"); 314 Put_Line (" ct run nginx.ctp -- -p 8080:80 -d"); 315 Set_Exit_Status (CT_Errors.Exit_General_Failure); 316 return; 317 end if; 318 319 declare 320 Bundle_Path : constant String := Argument (2); 321 begin 322 Put_Line ("Running bundle: " & Bundle_Path); 323 Put_Line (""); 324 Put_Line ("(v0.2 - Not yet implemented)"); 325 Put_Line (""); 326 Put_Line ("This command will:"); 327 Put_Line (" 1. Verify bundle (unless --no-verify)"); 328 Put_Line (" 2. Unpack to OCI layout"); 329 Put_Line (" 3. Delegate to runtime (svalinn/podman/docker)"); 330 Put_Line (" 4. Pass through runtime arguments"); 331 Set_Exit_Status (CT_Errors.Exit_General_Failure); 332 end; 333 end Run_Run; 334 335 ------------ 336 -- Unpack -- 337 ------------ 338 339 procedure Run_Unpack is 340 begin 341 if Argument_Count < 2 then 342 Put_Line ("Usage: ct unpack <bundle.ctp> -o <dir> [--format=oci|docker]"); 343 Put_Line (""); 344 Put_Line ("Extract bundle to OCI layout on disk."); 345 Put_Line (""); 346 Put_Line ("Options:"); 347 Put_Line (" -o, --output <dir> Output directory (required)"); 348 Put_Line (" --format=oci OCI image layout (default)"); 349 Put_Line (" --format=docker Docker save format"); 350 Put_Line (" --include-attestations Copy attestations alongside"); 351 Put_Line (""); 352 Put_Line ("Examples:"); 353 Put_Line (" ct unpack nginx.ctp -o ./nginx-oci/"); 354 Put_Line (" ct unpack nginx.ctp -o nginx.tar --format=docker"); 355 Put_Line (""); 356 Put_Line ("Use with:"); 357 Put_Line (" podman load < nginx.tar"); 358 Put_Line (" nerdctl load < nginx.tar"); 359 Set_Exit_Status (CT_Errors.Exit_General_Failure); 360 return; 361 end if; 362 363 declare 364 Bundle_Path : constant String := Argument (2); 365 begin 366 Put_Line ("Unpacking bundle: " & Bundle_Path); 367 Put_Line (""); 368 Put_Line ("(v0.2 - Not yet implemented)"); 369 Set_Exit_Status (CT_Errors.Exit_General_Failure); 370 end; 371 end Run_Unpack; 372 373 ------------ 374 -- Doctor -- 375 ------------ 376 377 procedure Run_Doctor is 378 begin 379 Put_Line ("ct doctor - Check distribution pipeline health"); 380 Put_Line (""); 381 Put_Line ("Options:"); 382 Put_Line (" --quick Just check essentials"); 383 Put_Line (" --fix Attempt to fix issues"); 384 Put_Line (""); 385 Put_Line ("Checks performed:"); 386 Put_Line (""); 387 Put_Line (" Crypto backend:"); 388 Put_Line (" [ ] libsodium available"); 389 Put_Line (" [ ] liboqs available (for post-quantum)"); 390 Put_Line (""); 391 Put_Line (" Configuration:"); 392 Put_Line (" [ ] Config file valid (~/.config/cerro/config.toml)"); 393 Put_Line (" [ ] Policy file valid (~/.config/cerro/policy.json)"); 394 Put_Line (" [ ] Default key configured"); 395 Put_Line (""); 396 Put_Line (" Keys:"); 397 Put_Line (" [ ] Keys directory accessible"); 398 Put_Line (" [ ] No expired keys"); 399 Put_Line (" [ ] Private key decryptable"); 400 Put_Line (""); 401 Put_Line (" Registry access:"); 402 Put_Line (" [ ] Can reach configured registries"); 403 Put_Line (" [ ] Authentication valid"); 404 Put_Line (""); 405 Put_Line (" System:"); 406 Put_Line (" [ ] Clock within tolerance"); 407 Put_Line (" [ ] Content store healthy"); 408 Put_Line (" [ ] Sufficient disk space"); 409 Put_Line (""); 410 Put_Line ("(v0.2 - Not yet implemented)"); 411 Set_Exit_Status (CT_Errors.Exit_General_Failure); 412 end Run_Doctor; 413 414 ------------ 415 -- Resign -- 416 ------------ 417 418 procedure Run_Resign is 419 begin 420 if Argument_Count < 2 then 421 Put_Line ("Usage: ct re-sign <bundle.ctp> -k <key-id> [options]"); 422 Put_Line (""); 423 Put_Line ("Re-sign a bundle with a new key (preserves content)."); 424 Put_Line (""); 425 Put_Line ("Options:"); 426 Put_Line (" -k, --key <key-id> New signing key (required)"); 427 Put_Line (" --add-signature Add signature, keep existing"); 428 Put_Line (" --replace Replace all signatures (default)"); 429 Put_Line (" -o, --output <file> Output path (default: overwrite)"); 430 Put_Line (""); 431 Put_Line ("Examples:"); 432 Put_Line (" ct re-sign nginx.ctp -k new-key-2026"); 433 Put_Line (" ct re-sign nginx.ctp -k backup-key --add-signature"); 434 Put_Line (" ct re-sign nginx.ctp -k new-key -o nginx-resigned.ctp"); 435 Put_Line (""); 436 Put_Line ("Use cases:"); 437 Put_Line (" - Key rotation (old key expiring)"); 438 Put_Line (" - Multi-party signing (threshold policies)"); 439 Put_Line (" - Countersigning (adding endorsements)"); 440 Set_Exit_Status (CT_Errors.Exit_General_Failure); 441 return; 442 end if; 443 444 declare 445 Bundle_Path : constant String := Argument (2); 446 begin 447 Put_Line ("Re-signing bundle: " & Bundle_Path); 448 Put_Line (""); 449 Put_Line ("(v0.2 - Not yet implemented)"); 450 Set_Exit_Status (CT_Errors.Exit_General_Failure); 451 end; 452 end Run_Resign; 453 454 ---------- 455 -- Diff -- 456 ---------- 457 458 procedure Run_Diff is 459 begin 460 if Argument_Count < 3 then 461 Put_Line ("Usage: ct diff <old.ctp> <new.ctp> [options]"); 462 Put_Line (""); 463 Put_Line ("Human-readable diff between bundles."); 464 Put_Line (""); 465 Put_Line ("Options:"); 466 Put_Line (" --layers Show only layer changes"); 467 Put_Line (" --config Show only config/env changes"); 468 Put_Line (" --signers Show only signature changes"); 469 Put_Line (" --json Output machine-readable JSON"); 470 Put_Line (""); 471 Put_Line ("Output shows:"); 472 Put_Line (" - Changed layers (added/removed/modified)"); 473 Put_Line (" - Config differences (ENV, labels, entrypoint)"); 474 Put_Line (" - Signature changes (new signers, removed)"); 475 Put_Line (" - Attestation differences (SBOM, provenance)"); 476 Put_Line (""); 477 Put_Line ("Examples:"); 478 Put_Line (" ct diff nginx-1.25.ctp nginx-1.26.ctp"); 479 Put_Line (" ct diff old.ctp new.ctp --layers"); 480 Set_Exit_Status (CT_Errors.Exit_General_Failure); 481 return; 482 end if; 483 484 declare 485 Old_Bundle : constant String := Argument (2); 486 New_Bundle : constant String := Argument (3); 487 begin 488 Put_Line ("Comparing bundles:"); 489 Put_Line (" Old: " & Old_Bundle); 490 Put_Line (" New: " & New_Bundle); 491 Put_Line (""); 492 Put_Line ("(v0.2 - Not yet implemented)"); 493 Put_Line (""); 494 Put_Line ("Sample output:"); 495 Put_Line (""); 496 Put_Line (" Layers:"); 497 Put_Line (" ~ sha256:abc... -> sha256:def... (base changed)"); 498 Put_Line (" + sha256:123... (new layer)"); 499 Put_Line (""); 500 Put_Line (" Config:"); 501 Put_Line (" ~ ENV[""VERSION""] = ""1.25"" -> ""1.26"""); 502 Put_Line (""); 503 Put_Line (" Signatures:"); 504 Put_Line (" = Both signed by: cerro-official-2025"); 505 Set_Exit_Status (CT_Errors.Exit_General_Failure); 506 end; 507 end Run_Diff; 508 509 ----------- 510 -- Index -- 511 ----------- 512 513 procedure Run_Index is 514 begin 515 if Argument_Count < 2 then 516 Put_Line ("Usage: ct index <directory> [options]"); 517 Put_Line (""); 518 Put_Line ("Build searchable index of bundles."); 519 Put_Line (""); 520 Put_Line ("Options:"); 521 Put_Line (" --update Update existing index"); 522 Put_Line (" --output Index file path (default: ./ct-index.json)"); 523 Put_Line (""); 524 Put_Line ("Indexed fields:"); 525 Put_Line (" - name, version, description"); 526 Put_Line (" - source image digest"); 527 Put_Line (" - signer key IDs and fingerprints"); 528 Put_Line (" - SBOM presence, licenses"); 529 Put_Line (" - build provenance (builder, date)"); 530 Put_Line (" - base image lineage"); 531 Set_Exit_Status (CT_Errors.Exit_General_Failure); 532 return; 533 end if; 534 535 declare 536 Dir_Path : constant String := Argument (2); 537 begin 538 Put_Line ("Indexing directory: " & Dir_Path); 539 Put_Line (""); 540 Put_Line ("(v0.2 - Not yet implemented)"); 541 Set_Exit_Status (CT_Errors.Exit_General_Failure); 542 end; 543 end Run_Index; 544 545 ------------ 546 -- Search -- 547 ------------ 548 549 procedure Run_Search is 550 begin 551 if Argument_Count < 2 then 552 Put_Line ("Usage: ct search <query> [options]"); 553 Put_Line (""); 554 Put_Line ("Search bundles by metadata."); 555 Put_Line (""); 556 Put_Line ("Options:"); 557 Put_Line (" --signer <pattern> Filter by signer key ID"); 558 Put_Line (" --has-sbom Only bundles with SBOM"); 559 Put_Line (" --has-provenance Only bundles with provenance"); 560 Put_Line (" --digest <sha256> By source image digest"); 561 Put_Line (" --after <date> Created after date"); 562 Put_Line (" --before <date> Created before date"); 563 Put_Line (" --index <file> Index file to search"); 564 Put_Line (""); 565 Put_Line ("Examples:"); 566 Put_Line (" ct search nginx"); 567 Put_Line (" ct search --signer cerro-official-*"); 568 Put_Line (" ct search --has-sbom --after 2025-01-01"); 569 Set_Exit_Status (CT_Errors.Exit_General_Failure); 570 return; 571 end if; 572 573 declare 574 Query : constant String := Argument (2); 575 begin 576 Put_Line ("Searching for: " & Query); 577 Put_Line (""); 578 Put_Line ("(v0.2 - Not yet implemented)"); 579 Set_Exit_Status (CT_Errors.Exit_General_Failure); 580 end; 581 end Run_Search; 582 583 ------------ 584 -- Policy -- 585 ------------ 586 587 procedure Run_Policy is 588 begin 589 if Argument_Count < 2 then 590 Put_Line ("Usage: ct policy <subcommand> [args]"); 591 Put_Line (""); 592 Put_Line ("Policy management subcommands:"); 593 Put_Line (" init Create starter policy interactively"); 594 Put_Line (" show Display current policy"); 595 Put_Line (" add-signer <key-id> Trust a signer"); 596 Put_Line (" add-registry <pat> Allow a registry pattern"); 597 Put_Line (" deny <key-id> [date] Add to deny-list"); 598 Put_Line (" pin <bundle> <digest> Pin bundle to specific digest"); 599 Put_Line (""); 600 Put_Line ("Examples:"); 601 Put_Line (" ct policy init"); 602 Put_Line (" ct policy add-signer cerro-official-2025"); 603 Put_Line (" ct policy add-registry 'docker.io/library/*'"); 604 Put_Line (" ct policy deny compromised-key --after 2025-06-01"); 605 Put_Line (" ct policy pin nginx.ctp sha256:abc123..."); 606 Set_Exit_Status (CT_Errors.Exit_General_Failure); 607 return; 608 end if; 609 610 declare 611 Subcommand : constant String := Argument (2); 612 begin 613 Put_Line ("Policy subcommand: " & Subcommand); 614 Put_Line ("(v0.2 - Not yet implemented)"); 615 Set_Exit_Status (CT_Errors.Exit_General_Failure); 616 end; 617 end Run_Policy; 618 619 end Cerro_CLI;