refactor: make expires_in standard across all locations

.pre-commit-config.yaml

@@ -35,9 +35,9 @@ repos:
         types: [rust]
         pass_filenames: false
 
-      - id: gen-docs-check
-        name: cargo xtask gen-docs --check
-        entry: cargo run --package xtask -- gen-docs --check
+      - id: gen-docs
+        name: cargo xtask gen-docs (auto-fix)
+        entry: bash -c 'cargo run --package xtask -- gen-docs && git add docs/cli/commands/'
         language: system
         files: (crates/auths-cli/src/|crates/xtask/src/gen_docs|docs/cli/commands/)
         pass_filenames: false

crates/auths-cli/src/commands/artifact/mod.rs

@@ -47,9 +47,9 @@ pub enum ArtifactSubcommand {
         )]
         device_key_alias: String,
 
-        /// Number of days until the signature expires.
-        #[arg(long, visible_alias = "days", value_name = "N")]
-        expires_in_days: Option<i64>,
+        /// Duration in seconds until expiration (per RFC 6749).
+        #[arg(long = "expires-in", value_name = "N")]
+        expires_in: Option<u64>,
 
         /// Optional note to embed in the attestation.
         #[arg(long)]
@@ -112,14 +112,14 @@ pub fn handle_artifact(
             sig_output,
             identity_key_alias,
             device_key_alias,
-            expires_in_days,
+            expires_in,
             note,
         } => sign::handle_sign(
             &file,
             sig_output,
             identity_key_alias.as_deref(),
             &device_key_alias,
-            expires_in_days,
+            expires_in,
             note,
             repo_opt,
             passphrase_provider,

crates/auths-cli/src/commands/artifact/sign.rs

@@ -17,7 +17,7 @@ pub fn handle_sign(
     output: Option<PathBuf>,
     identity_key_alias: Option<&str>,
     device_key_alias: &str,
-    expires_in_days: Option<i64>,
+    expires_in: Option<u64>,
     note: Option<String>,
     repo_opt: Option<PathBuf>,
     passphrase_provider: Arc<dyn PassphraseProvider + Send + Sync>,
@@ -32,7 +32,7 @@ pub fn handle_sign(
         identity_key: identity_key_alias
             .map(|a| SigningKeyMaterial::Alias(KeyAlias::new_unchecked(a))),
         device_key: SigningKeyMaterial::Alias(KeyAlias::new_unchecked(device_key_alias)),
-        expires_in_days: expires_in_days.map(|d| d as u32),
+        expires_in,
         note,
     };
 

crates/auths-cli/src/commands/device/authorization.rs

@@ -97,13 +97,13 @@ pub enum DeviceSubcommand {
         )]
         schema: Option<PathBuf>,
 
+        /// Duration in seconds until expiration (per RFC 6749).
         #[arg(
-            long,
-            visible_alias = "days",
-            value_name = "DAYS",
-            help = "Optional number of days until this device authorization expires."
+            long = "expires-in",
+            value_name = "SECS",
+            help = "Optional number of seconds until this device authorization expires."
         )]
-        expires_in_days: Option<i64>,
+        expires_in: Option<u64>,
 
         #[arg(
             long,
@@ -167,13 +167,13 @@ pub enum DeviceSubcommand {
         )]
         device_did: String,
 
+        /// Duration in seconds until expiration (per RFC 6749).
         #[arg(
-            long = "expires-in-days",
-            visible_alias = "days",
-            value_name = "DAYS",
-            help = "Number of days to extend the expiration by (from now)."
+            long = "expires-in",
+            value_name = "SECS",
+            help = "Number of seconds to extend the expiration by (from now)."
         )]
-        expires_in_days: i64,
+        expires_in: u64,
 
         #[arg(
             long = "identity-key-alias",
@@ -236,7 +236,7 @@ pub fn handle_device(
             device_did,
             payload: payload_path_opt,
             schema: schema_path_opt,
-            expires_in_days,
+            expires_in,
             note,
             capabilities,
         } => {
@@ -254,7 +254,7 @@ pub fn handle_device(
                 device_key_alias: Some(KeyAlias::new_unchecked(device_key_alias)),
                 device_did: Some(device_did.clone()),
                 capabilities: caps,
-                expires_in_days: expires_in_days.map(|d| d as u32),
+                expires_in,
                 note,
                 payload,
             };
@@ -308,14 +308,14 @@ pub fn handle_device(
 
         DeviceSubcommand::Extend {
             device_did,
-            expires_in_days,
+            expires_in,
             identity_key_alias,
             device_key_alias,
         } => handle_extend(
             &repo_path,
             &config,
             &device_did,
-            expires_in_days,
+            expires_in,
             &identity_key_alias,
             &device_key_alias,
             passphrase_provider,
@@ -427,7 +427,7 @@ fn handle_extend(
     repo_path: &Path,
     _config: &StorageLayoutConfig,
     device_did: &str,
-    days: i64,
+    expires_in: u64,
     identity_key_alias: &str,
     device_key_alias: &str,
     passphrase_provider: Arc<dyn PassphraseProvider + Send + Sync>,
@@ -437,7 +437,7 @@ fn handle_extend(
         repo_path: repo_path.to_path_buf(),
         #[allow(clippy::disallowed_methods)] // INVARIANT: device_did from CLI arg validated upstream
         device_did: auths_verifier::types::DeviceDID::new_unchecked(device_did),
-        days: days as u32,
+        expires_in,
         identity_key_alias: KeyAlias::new_unchecked(identity_key_alias),
         device_key_alias: Some(KeyAlias::new_unchecked(device_key_alias)),
     };

crates/auths-cli/src/commands/init/display.rs

@@ -78,15 +78,15 @@ pub(crate) fn display_agent_dry_run(
     out.newline();
     out.println(&format!("  Storage: {}", config.registry_path.display()));
     out.println(&format!("  Capabilities: {:?}", config.capabilities));
-    if let Some(secs) = config.expires_in_secs {
+    if let Some(secs) = config.expires_in {
         out.println(&format!("  Expires in: {}s", secs));
     }
     out.newline();
     out.print_info("TOML config that would be generated:");
     let provisioning_config = auths_id::agent_identity::AgentProvisioningConfig {
         agent_name: config.alias.to_string(),
         capabilities: config.capabilities.iter().map(|c| c.to_string()).collect(),
-        expires_in_secs: config.expires_in_secs,
+        expires_in: config.expires_in,
         delegated_by: None,
         storage_mode: auths_id::agent_identity::AgentStorageMode::Persistent { repo_path: None },
     };

crates/auths-cli/src/commands/scim.rs

@@ -96,9 +96,9 @@ pub struct ScimAddTenantCommand {
     /// PostgreSQL connection URL.
     #[arg(long)]
     pub database_url: String,
-    /// Token expiry duration (e.g., 90d, 365d). Omit for no expiry.
-    #[arg(long)]
-    pub expires_in: Option<String>,
+    /// Duration in seconds until expiration (per RFC 6749).
+    #[arg(long = "expires-in")]
+    pub expires_in: Option<u64>,
 }
 
 /// Rotate bearer token for an existing tenant.
@@ -110,9 +110,9 @@ pub struct ScimRotateTokenCommand {
     /// PostgreSQL connection URL.
     #[arg(long)]
     pub database_url: String,
-    /// Token expiry duration (e.g., 90d, 365d).
-    #[arg(long)]
-    pub expires_in: Option<String>,
+    /// Duration in seconds until expiration (per RFC 6749).
+    #[arg(long = "expires-in")]
+    pub expires_in: Option<u64>,
 }
 
 /// Show SCIM sync state statistics.

crates/auths-cli/src/commands/sign.rs

@@ -110,9 +110,9 @@ pub struct SignCommand {
     #[arg(long)]
     pub device_key_alias: Option<String>,
 
-    /// Number of days until the signature expires (for artifact signing).
-    #[arg(long, visible_alias = "days", value_name = "N")]
-    pub expires_in_days: Option<i64>,
+    /// Duration in seconds until expiration (per RFC 6749).
+    #[arg(long = "expires-in", value_name = "N")]
+    pub expires_in: Option<u64>,
 
     /// Optional note to embed in the attestation (for artifact signing).
     #[arg(long)]
@@ -142,7 +142,7 @@ pub fn handle_sign_unified(
                 cmd.sig_output,
                 cmd.identity_key_alias.as_deref(),
                 &device_key_alias,
-                cmd.expires_in_days,
+                cmd.expires_in,
                 cmd.note,
                 repo_opt,
                 passphrase_provider,

crates/auths-cli/src/commands/snapshots/auths_cli__commands__status__tests__status_json_snapshot.snap

@@ -18,7 +18,7 @@ expression: report
     "expiring_soon": [
       {
         "device_did": "did:key:zExpiringSoon",
-        "expires_in_days": 3
+        "expires_in": 259200
       }
     ],
     "devices_detail": [
@@ -27,21 +27,21 @@ expression: report
         "status": "active",
         "revoked_at": null,
         "expires_at": "2025-09-13T12:00:00Z",
-        "expires_in_days": 90
+        "expires_in": 7776000
       },
       {
         "device_did": "did:key:zExpiringSoon",
         "status": "expiring_soon",
         "revoked_at": null,
         "expires_at": "2025-06-18T12:00:00Z",
-        "expires_in_days": 3
+        "expires_in": 259200
       },
       {
         "device_did": "did:key:zRevokedDevice",
         "status": "revoked",
         "revoked_at": "2025-06-05T12:00:00Z",
         "expires_at": "2025-08-04T12:00:00Z",
-        "expires_in_days": null
+        "expires_in": null
       }
     ]
   }

crates/auths-cli/src/commands/snapshots/auths_cli__commands__status__tests__status_json_snapshot.snap.new

@@ -0,0 +1,49 @@
+---
+source: crates/auths-cli/src/commands/status.rs
+assertion_line: 453
+expression: report
+---
+{
+  "identity": {
+    "controller_did": "did:keri:ETestController123",
+    "alias": "dev-machine"
+  },
+  "agent": {
+    "running": true,
+    "pid": 12345,
+    "socket_path": "/tmp/agent.sock"
+  },
+  "devices": {
+    "linked": 2,
+    "revoked": 1,
+    "expiring_soon": [
+      {
+        "device_did": "did:key:zExpiringSoon",
+        "expires_in_days": 3
+      }
+    ],
+    "devices_detail": [
+      {
+        "device_did": "did:key:zActiveDevice",
+        "status": "active",
+        "revoked_at": null,
+        "expires_at": "2025-09-13T12:00:00Z",
+        "expires_in_days": 90
+      },
+      {
+        "device_did": "did:key:zExpiringSoon",
+        "status": "expiring_soon",
+        "revoked_at": null,
+        "expires_at": "2025-06-18T12:00:00Z",
+        "expires_in_days": 3
+      },
+      {
+        "device_did": "did:key:zRevokedDevice",
+        "status": "revoked",
+        "revoked_at": "2025-06-05T12:00:00Z",
+        "expires_at": "2025-08-04T12:00:00Z",
+        "expires_in_days": null
+      }
+    ]
+  }
+}