// Substrate KeyManager — SPIRE KeyManager plugin.
//
// Runs in SPIRE Server. Manages signing keys with governance-aware rotation.
// Key rotation events require ceremony approval when the Accord policy demands it,
// ensuring that CA key changes are governed mutations.
package main

import (
	"fmt"
	"os"
)

func main() {
	// TODO: wire up go-plugin serve with SPIRE KeyManager interface
	// The plugin will:
	// 1. Generate and store signing keys (Ed25519 for SSH, ECDSA for X.509)
	// 2. Provide signing operations to SPIRE Server
	// 3. On key rotation: create a governance intent and await ceremony approval
	// 4. Submit key rotation events to NotaryService for merkle anchoring
	fmt.Fprintln(os.Stderr, "substrate-keymanager: SPIRE KeyManager plugin (not yet implemented)")
	os.Exit(1)
}