// SSH Credential Composer — SPIRE CredentialComposer plugin.
//
// Runs in SPIRE Server. Intercepts SVID minting to generate SSH certificates
// with Shellstream governance extensions. Handles both SSH certificate creation
// and governance metadata injection in a single plugin.
package main

import (
	"fmt"
	"os"
)

func main() {
	// TODO: wire up go-plugin serve with SPIRE CredentialComposer interface
	// The plugin will:
	// 1. Receive SVID minting request from SPIRE Server
	// 2. Generate an SSH certificate with the SPIFFE ID as principal
	// 3. Encode Shellstream extensions (sat-scope, tenant-id, roles, etc.)
	// 4. Sign the certificate with the SSH CA key
	// 5. Return the composed credential
	fmt.Fprintln(os.Stderr, "ssh-credential-composer: SPIRE CredentialComposer plugin (not yet implemented)")
	os.Exit(1)
}