Validator
trf-validator is a lightweight command-line utility optimised for CI/CD environments where you only need validation, not the full CLI.
Installation
npm install -g @trf/validator
trf-validator --help
Usage
trf-validator path/to/package.twpack [options]
Common options:
| Option | Description |
|---|---|
--structure | Validate required files and JSONL formatting. |
--schemas | Validate artifacts and links against schema definitions. |
--hashes | Recompute artifact hashes to detect tampering. |
--signatures | Verify digital signatures and certificate chains. |
--coverage | Enforce coverage goals defined in the manifest or profile. |
--strict | Treat warnings as failures (exit code 1). |
Example:
trf-validator out/traceability.twpack --structure --schemas --hashes --signatures --strict
Configuration
- The validator reads
manifest.jsonand embedded profile metadata to learn which extensions and rules apply. - Supply additional schema directories with
--schema-dir path/to/schemas. - Provide trusted certificate bundles via
--ca-bundle certs/root.pemwhen verifying third-party signatures.
Exit codes
0– All requested checks passed.1– One or more checks failed.2– Tool error (invalid arguments, unreadable file, missing schema).
Integrating with CI
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npm install -g @trf/validator
- run: trf-validator out/${{ github.sha }}.twpack --structure --schemas --hashes --signatures --strict
- Cache the npm installation layer to speed up repeated runs.
- Store validation reports by redirecting output to a file (
--json report.json).
For richer CLI functionality (build, trace, coverage), refer to the CLI Reference.