derivepassphrase.git

@@ -41,6 +41,7 @@ from typing_extensions import (

 )

 import derivepassphrase as dpp

+from derivepassphrase import _cli_msg as _msg

 from derivepassphrase import _types, exporter, ssh_agent, vault

 if sys.version_info >= (3, 11):

@@ -63,14 +64,17 @@ __version__ = dpp.__version__

 __all__ = ('derivepassphrase',)

-PROG_NAME = 'derivepassphrase'

+PROG_NAME = _msg.PROG_NAME

 KEY_DISPLAY_LENGTH = 50

 # Error messages

 _INVALID_VAULT_CONFIG = 'Invalid vault config'

 _AGENT_COMMUNICATION_ERROR = 'Error communicating with the SSH agent'

-_NO_USABLE_KEYS = 'No usable SSH keys were found'

+_NO_SUITABLE_KEYS = 'No suitable SSH keys were found'

 _EMPTY_SELECTION = 'Empty selection'

+_NOT_AN_INTEGER = 'not an integer'

+_NOT_A_NONNEGATIVE_INTEGER = 'not a non-negative integer'

+_NOT_A_POSITIVE_INTEGER = 'not a positive integer'

 # Logging

@@ -181,10 +185,15 @@ class CLIofPackageFormatter(logging.Formatter):

         else:  # pragma: no cover

             msg = f'Unsupported logging level: {record.levelname}'

             raise AssertionError(msg)

-        return ''.join(

+        parts = [

+            ''.join(

                 prefix + level_indicator + line

                 for line in preliminary_result.splitlines(True)  # noqa: FBT003

             )

+        ]

+        if record.exc_info:

+            parts.append(self.formatException(record.exc_info) + '\n')

+        return ''.join(parts)

 class StandardCLILogging:

@@ -393,27 +402,254 @@ class OptionGroupOption(click.Option):

     """

-    option_group_name: str = ''

+    option_group_name: object = ''

     """"""

-    epilog: str = ''

+    epilog: object = ''

     """"""

     def __init__(self, *args: Any, **kwargs: Any) -> None:  # noqa: ANN401

         if self.__class__ == __class__:  # type: ignore[name-defined]

             raise NotImplementedError

+        # Though click 8.1 mostly defers help text processing until the

+        # `BaseCommand.format_*` methods are called, the Option

+        # constructor still preprocesses the help text, and asserts that

+        # the help text is a string.  Work around this by removing the

+        # help text from the constructor arguments and re-adding it,

+        # unprocessed, after constructor finishes.

+        unset = object()

+        help = kwargs.pop('help', unset)  # noqa: A001

         super().__init__(*args, **kwargs)

+        if help is not unset:  # pragma: no branch

+            self.help = help

 class CommandWithHelpGroups(click.Command):

-    """A [`click.Command`][] with support for help/option groups.

+    """A [`click.Command`][] with support for some help text customizations.

+

+    Supports help/option groups, group epilogs, and help text objects

+    (objects that stringify to help texts).  The latter is primarily

+    used to implement translations.

-    Inspired by [a comment on `pallets/click#373`][CLICK_ISSUE], and

-    further modified to support group epilogs.

+    Inspired by [a comment on `pallets/click#373`][CLICK_ISSUE] for

+    help/option group support, and further modified to include group

+    epilogs and help text objects.

     [CLICK_ISSUE]: https://github.com/pallets/click/issues/373#issuecomment-515293746

     """

+    @staticmethod

+    def _text(text: object, /) -> str:

+        if isinstance(text, (list, tuple)):

+            return '\n\n'.join(str(x) for x in text)

+        return str(text)

+

+    def collect_usage_pieces(self, ctx: click.Context) -> list[str]:

+        """Return the pieces for the usage string.

+

+        Based on code from click 8.1.  Subject to the following license

+        (3-clause BSD license):

+

+            Copyright 2024 Pallets

+

+            Redistribution and use in source and binary forms, with or

+            without modification, are permitted provided that the

+            following conditions are met:

+

+             1. Redistributions of source code must retain the above

+                copyright notice, this list of conditions and the

+                following disclaimer.

+

+             2. Redistributions in binary form must reproduce the above

+                copyright notice, this list of conditions and the

+                following disclaimer in the documentation and/or other

+                materials provided with the distribution.

+

+             3. Neither the name of the copyright holder nor the names

+                of its contributors may be used to endorse or promote

+                products derived from this software without specific

+                prior written permission.

+

+            THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

+            CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES,

+            INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

+            MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

+            DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR

+            CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

+            SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

+            NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

+            LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

+            HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

+            CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR

+            OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

+            SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

+

+        Modifications are marked with respective comments.  They too are

+        released under the same license above.  The original code did

+        not contain any "noqa" or "pragma" comments.

+

+        Args:

+            ctx:

+                The click context.

+

+        """

+        rv = [str(self.options_metavar)] if self.options_metavar else []

+        for param in self.get_params(ctx):

+            rv.extend(str(x) for x in param.get_usage_pieces(ctx))

+        return rv

+

+    def get_short_help_str(

+        self,

+        limit: int = 45,

+    ) -> str:

+        """Return the short help string for a command.

+

+        If only a long help string is given, shorten it.

+

+        Based on code from click 8.1.  Subject to the following license

+        (3-clause BSD license):

+

+            Copyright 2024 Pallets

+

+            Redistribution and use in source and binary forms, with or

+            without modification, are permitted provided that the

+            following conditions are met:

+

+             1. Redistributions of source code must retain the above

+                copyright notice, this list of conditions and the

+                following disclaimer.

+

+             2. Redistributions in binary form must reproduce the above

+                copyright notice, this list of conditions and the

+                following disclaimer in the documentation and/or other

+                materials provided with the distribution.

+

+             3. Neither the name of the copyright holder nor the names

+                of its contributors may be used to endorse or promote

+                products derived from this software without specific

+                prior written permission.

+

+            THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

+            CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES,

+            INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

+            MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

+            DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR

+            CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

+            SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

+            NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

+            LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

+            HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

+            CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR

+            OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

+            SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

+

+        Modifications are marked with respective comments.  They too are

+        released under the same license above.  The original code did

+        not contain any "noqa" or "pragma" comments.

+

+        Args:

+            limit:

+                The maximum width of the short help string.

+

+        """

+        # Modification against click 8.1: Call `_text()` on `self.help`

+        # to allow help texts to be general objects, not just strings.

+        # Used to implement translatable strings, as objects that

+        # stringify to the translation.

+        if self.short_help:  # pragma: no cover

+            text = inspect.cleandoc(self._text(self.short_help))

+        elif self.help:

+            text = click.utils.make_default_short_help(

+                self._text(self.help), limit

+            )

+        else:  # pragma: no cover

+            text = ''

+        if self.deprecated:  # pragma: no cover

+            # Modification against click 8.1: The translated string is

+            # looked up in the derivepassphrase message domain, not the

+            # gettext default domain.

+            text = str(

+                _msg.TranslatedString(_msg.Label.DEPRECATED_COMMAND_LABEL)

+            ).format(text=text)

+        return text.strip()

+

+    def format_help_text(

+        self,

+        ctx: click.Context,

+        formatter: click.HelpFormatter,

+    ) -> None:

+        """Format the help text prologue, if any.

+

+        Based on code from click 8.1.  Subject to the following license

+        (3-clause BSD license):

+

+            Copyright 2024 Pallets

+

+            Redistribution and use in source and binary forms, with or

+            without modification, are permitted provided that the

+            following conditions are met:

+

+             1. Redistributions of source code must retain the above

+                copyright notice, this list of conditions and the

+                following disclaimer.

+

+             2. Redistributions in binary form must reproduce the above

+                copyright notice, this list of conditions and the

+                following disclaimer in the documentation and/or other

+                materials provided with the distribution.

+

+             3. Neither the name of the copyright holder nor the names

+                of its contributors may be used to endorse or promote

+                products derived from this software without specific

+                prior written permission.

+

+            THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

+            CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES,

+            INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

+            MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

+            DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR

+            CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

+            SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

+            NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

+            LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

+            HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

+            CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR

+            OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

+            SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

+

+        Modifications are marked with respective comments.  They too are

+        released under the same license above.  The original code did

+        not contain any "noqa" or "pragma" comments.

+

+        Args:

+            ctx:

+                The click context.

+            formatter:

+                The formatter for the `--help` listing.

+

+        """

+        del ctx

+        # Modification against click 8.1: Call `_text()` on `self.help`

+        # to allow help texts to be general objects, not just strings.

+        # Used to implement translatable strings, as objects that

+        # stringify to the translation.

+        text = (

+            inspect.cleandoc(self._text(self.help).partition('\f')[0])

+            if self.help is not None

+            else ''

+        )

+        if self.deprecated:  # pragma: no cover

+            # Modification against click 8.1: The translated string is

+            # looked up in the derivepassphrase message domain, not the

+            # gettext default domain.

+            text = str(

+                _msg.TranslatedString(_msg.Label.DEPRECATED_COMMAND_LABEL)

+            ).format(text=text)

+        if text:  # pragma: no branch

+            formatter.write_paragraph()

+            with formatter.indentation():

+                formatter.write_text(text)

+

     def format_options(

         self,

         ctx: click.Context,

@@ -433,6 +669,48 @@ class CommandWithHelpGroups(click.Command):

         section heading is "Options" (or "Other options" if there are

         other option groups) and the epilog is empty.

+        We unconditionally call [`format_commands`][], and rely on it to

+        act as a no-op if we aren't actually a [`click.MultiCommand`][].

+

+        Based on code from click 8.1.  Subject to the following license

+        (3-clause BSD license):

+

+            Copyright 2024 Pallets

+

+            Redistribution and use in source and binary forms, with or

+            without modification, are permitted provided that the

+            following conditions are met:

+

+             1. Redistributions of source code must retain the above

+                copyright notice, this list of conditions and the

+                following disclaimer.

+

+             2. Redistributions in binary form must reproduce the above

+                copyright notice, this list of conditions and the

+                following disclaimer in the documentation and/or other

+                materials provided with the distribution.

+

+             3. Neither the name of the copyright holder nor the names

+                of its contributors may be used to endorse or promote

+                products derived from this software without specific

+                prior written permission.

+

+            THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

+            CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES,

+            INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

+            MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

+            DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR

+            CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

+            SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

+            NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

+            LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

+            HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

+            CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR

+            OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

+            SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

+

+        Modifications are released under the same license above.

+

         Args:

             ctx:

                 The click context.

@@ -440,6 +718,7 @@ class CommandWithHelpGroups(click.Command):

                 The formatter for the `--help` listing.

         """

+        default_group_name = ''

         help_records: dict[str, list[tuple[str, str]]] = {}

         epilogs: dict[str, str] = {}

         params = self.params[:]

@@ -451,15 +730,22 @@ class CommandWithHelpGroups(click.Command):

         for param in params:

             rec = param.get_help_record(ctx)

             if rec is not None:

+                rec = (rec[0], self._text(rec[1]))

                 if isinstance(param, OptionGroupOption):

-                    group_name = param.option_group_name

-                    epilogs.setdefault(group_name, param.epilog)

+                    group_name = self._text(param.option_group_name)

+                    epilogs.setdefault(group_name, self._text(param.epilog))

                 else:

-                    group_name = ''

+                    group_name = default_group_name

                 help_records.setdefault(group_name, []).append(rec)

-        default_group = help_records.pop('')

-        default_group_name = (

-            'Other Options' if len(default_group) > 1 else 'Options'

+        if default_group_name in help_records:  # pragma: no branch

+            default_group = help_records.pop(default_group_name)

+            default_group_label = (

+                _msg.Label.OTHER_OPTIONS_LABEL

+                if len(default_group) > 1

+                else _msg.Label.OPTIONS_LABEL

+            )

+            default_group_name = self._text(

+                _msg.TranslatedString(default_group_label)

             )

             help_records[default_group_name] = default_group

         for group_name, records in help_records.items():

@@ -470,12 +756,158 @@ class CommandWithHelpGroups(click.Command):

                 formatter.write_paragraph()

                 with formatter.indentation():

                     formatter.write_text(epilog)

+        self.format_commands(ctx, formatter)

+

+    def format_commands(

+        self,

+        ctx: click.Context,

+        formatter: click.HelpFormatter,

+    ) -> None:

+        """Format the subcommands, if any.

+

+        If called on a command object that isn't derived from

+        [`click.MultiCommand`][], then do nothing.

+

+        Based on code from click 8.1.  Subject to the following license

+        (3-clause BSD license):

+

+            Copyright 2024 Pallets

+

+            Redistribution and use in source and binary forms, with or

+            without modification, are permitted provided that the

+            following conditions are met:

+

+             1. Redistributions of source code must retain the above

+                copyright notice, this list of conditions and the

+                following disclaimer.

+

+             2. Redistributions in binary form must reproduce the above

+                copyright notice, this list of conditions and the

+                following disclaimer in the documentation and/or other

+                materials provided with the distribution.

+

+             3. Neither the name of the copyright holder nor the names

+                of its contributors may be used to endorse or promote

+                products derived from this software without specific

+                prior written permission.

+

+            THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

+            CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES,

+            INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

+            MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

+            DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR

+            CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

+            SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

+            NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

+            LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

+            HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

+            CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR

+            OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

+            SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

+

+        Modifications are marked with respective comments.  They too are

+        released under the same license above.  The original code did

+        not contain any "noqa" or "pragma" comments.

+

+        Args:

+            ctx:

+                The click context.

+            formatter:

+                The formatter for the `--help` listing.

+

+        """

+        if not isinstance(self, click.MultiCommand):

+            return

+        commands: list[tuple[str, click.Command]] = []

+        for subcommand in self.list_commands(ctx):

+            cmd = self.get_command(ctx, subcommand)

+            if cmd is None or cmd.hidden:  # pragma: no cover

+                continue

+            commands.append((subcommand, cmd))

+        if commands:  # pragma: no branch

+            longest_command = max((cmd[0] for cmd in commands), key=len)

+            limit = formatter.width - 6 - len(longest_command)

+            rows: list[tuple[str, str]] = []

+            for subcommand, cmd in commands:

+                help_str = self._text(cmd.get_short_help_str(limit) or '')

+                rows.append((subcommand, help_str))

+            if rows:  # pragma: no branch

+                commands_label = self._text(

+                    _msg.TranslatedString(_msg.Label.COMMANDS_LABEL)

+                )

+                with formatter.section(commands_label):

+                    formatter.write_dl(rows)

+

+    def format_epilog(

+        self,

+        ctx: click.Context,

+        formatter: click.HelpFormatter,

+    ) -> None:

+        """Format the epilog, if any.

+

+        Based on code from click 8.1.  Subject to the following license

+        (3-clause BSD license):

+

+            Copyright 2024 Pallets

+

+            Redistribution and use in source and binary forms, with or

+            without modification, are permitted provided that the

+            following conditions are met:

+

+             1. Redistributions of source code must retain the above

+                copyright notice, this list of conditions and the

+                following disclaimer.

+

+             2. Redistributions in binary form must reproduce the above

+                copyright notice, this list of conditions and the

+                following disclaimer in the documentation and/or other

+                materials provided with the distribution.

+

+             3. Neither the name of the copyright holder nor the names

+                of its contributors may be used to endorse or promote

+                products derived from this software without specific

+                prior written permission.

+

+            THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

+            CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES,

+            INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

+            MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

+            DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR

+            CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

+            SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

+            NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

+            LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

+            HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

+            CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR

+            OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

+            SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

+

+        Modifications are marked with respective comments.  They too are

+        released under the same license above.

+

+        Args:

+            ctx:

+                The click context.

+            formatter:

+                The formatter for the `--help` listing.

+

+        """

+        del ctx

+        if self.epilog:  # pragma: no branch

+            # Modification against click 8.1: Call `str()` on

+            # `self.epilog` to allow help texts to be general objects,

+            # not just strings.  Used to implement translatable strings,

+            # as objects that stringify to the translation.

+            epilog = inspect.cleandoc(self._text(self.epilog))

+            formatter.write_paragraph()

+            with formatter.indentation():

+                formatter.write_text(epilog)

 class LoggingOption(OptionGroupOption):

     """Logging options for the CLI."""

-    option_group_name = 'Logging'

+    option_group_name = _msg.TranslatedString(_msg.Label.LOGGING_LABEL)

     epilog = ''

@@ -486,7 +918,7 @@ debug_option = click.option(

     flag_value=logging.DEBUG,

     expose_value=False,

     callback=adjust_logging_level,

-    help='also emit debug information (implies --verbose)',

+    help=_msg.TranslatedString(_msg.Label.DEBUG_OPTION_HELP_TEXT),

     cls=LoggingOption,

 )

 verbose_option = click.option(

@@ -497,7 +929,7 @@ verbose_option = click.option(

     flag_value=logging.INFO,

     expose_value=False,

     callback=adjust_logging_level,

-    help='emit extra/progress information to standard error',

+    help=_msg.TranslatedString(_msg.Label.VERBOSE_OPTION_HELP_TEXT),

     cls=LoggingOption,

 )

 quiet_option = click.option(

@@ -508,7 +940,7 @@ quiet_option = click.option(

     flag_value=logging.ERROR,

     expose_value=False,

     callback=adjust_logging_level,

-    help='suppress even warnings, emit only errors',

+    help=_msg.TranslatedString(_msg.Label.QUIET_OPTION_HELP_TEXT),

     cls=LoggingOption,

 )

@@ -534,7 +966,7 @@ def standard_logging_options(f: Callable[P, R]) -> Callable[P, R]:

 # =========

-class _DefaultToVaultGroup(click.Group):

+class _DefaultToVaultGroup(CommandWithHelpGroups, click.Group):

     """A helper class to implement the default-to-"vault"-subcommand behavior.

     Modifies internal [`click.MultiCommand`][] methods, and thus is both

@@ -548,16 +980,53 @@ class _DefaultToVaultGroup(click.Group):

         """Resolve a command, but default to "vault" instead of erroring out.

         Based on code from click 8.1, which appears to be essentially

-        untouched since at least click 3.2.

+        untouched since at least click 3.2.  Subject to the following

+        license (3-clause BSD license):

+

+            Copyright 2024 Pallets

+

+            Redistribution and use in source and binary forms, with or

+            without modification, are permitted provided that the following

+            conditions are met:

+

+             1. Redistributions of source code must retain the above

+                copyright notice, this list of conditions and the following

+                disclaimer.

+

+             2. Redistributions in binary form must reproduce the above

+                copyright notice, this list of conditions and the following

+                disclaimer in the documentation and/or other materials

+                provided with the distribution.

+

+             3. Neither the name of the copyright holder nor the names of

+                its contributors may be used to endorse or promote products

+                derived from this software without specific prior written

+                permission.

+

+            THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

+            CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES,

+            INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

+            MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

+            DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR

+            CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

+            SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

+            LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF

+            USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED

+            AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

+            LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING

+            IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF

+            THE POSSIBILITY OF SUCH DAMAGE.

+

+        Modifications to this routine are marked with "modifications for

+        derivepassphrase".  Furthermore, all "pragma" and "noqa" comments

+        are also modifications for derivepassphrase.

         """

         cmd_name = click.utils.make_str(args[0])

-        # ORIGINAL COMMENT

         # Get the command

         cmd = self.get_command(ctx, cmd_name)

-        # ORIGINAL COMMENT

         # If we can't find the command but there is a normalization

         # function available, we try with that one.

         if (  # pragma: no cover

@@ -566,7 +1035,6 @@ class _DefaultToVaultGroup(click.Group):

             cmd_name = ctx.token_normalize_func(cmd_name)

             cmd = self.get_command(ctx, cmd_name)

-        # ORIGINAL COMMENT

         # If we don't find the command we want to show an error message

         # to the user that it was not provided.  However, there is

         # something else we should do: if the first argument looks like

@@ -576,19 +1044,24 @@ class _DefaultToVaultGroup(click.Group):

         if cmd is None and not ctx.resilient_parsing:

             if click.parser.split_opt(cmd_name)[0]:

                 self.parse_args(ctx, ctx.args)

+            ####

+            # BEGIN modifications for derivepassphrase

+            #

             # Instead of calling ctx.fail here, default to "vault", and

             # issue a deprecation warning.

-            logger = logging.getLogger(PROG_NAME)

             deprecation = logging.getLogger(f'{PROG_NAME}.deprecation')

             deprecation.warning(

-                'A subcommand will be required in v1.0. '

-                'See --help for available subcommands.'

+                _msg.TranslatedString(

+                    _msg.WarnMsgTemplate.V10_SUBCOMMAND_REQUIRED

+                )

             )

-            logger.warning('Defaulting to subcommand "vault".')

             cmd_name = 'vault'

             cmd = self.get_command(ctx, cmd_name)

             assert cmd is not None, 'Mandatory subcommand "vault" missing!'

             args = [cmd_name, *args]

+            #

+            # END modifications for derivepassphrase

+            ####

         return cmd_name if cmd else None, cmd, args[1:]  # noqa: DOC201

@@ -628,14 +1101,14 @@ class _TopLevelCLIEntryPoint(_DefaultToVaultGroup):

         'ignore_unknown_options': True,

         'allow_interspersed_args': False,

     },

-    epilog=r"""

-        Configuration is stored in a directory according to the

-        DERIVEPASSPHRASE_PATH variable, which defaults to

-        `~/.derivepassphrase` on UNIX-like systems and

-        `C:\Users\<user>\AppData\Roaming\Derivepassphrase` on Windows.

-    """,

+    epilog=_msg.TranslatedString(_msg.Label.DERIVEPASSPHRASE_EPILOG_01),

     invoke_without_command=True,

     cls=_TopLevelCLIEntryPoint,

+    help=(

+        _msg.TranslatedString(_msg.Label.DERIVEPASSPHRASE_01),

+        _msg.TranslatedString(_msg.Label.DERIVEPASSPHRASE_02),

+        _msg.TranslatedString(_msg.Label.DERIVEPASSPHRASE_03),

+    ),

 )

 @click.version_option(version=dpp.__version__, prog_name=PROG_NAME)

 @standard_logging_options

@@ -643,41 +1116,20 @@ class _TopLevelCLIEntryPoint(_DefaultToVaultGroup):

 def derivepassphrase(ctx: click.Context, /) -> None:

     """Derive a strong passphrase, deterministically, from a master secret.

-    Using a master secret, derive a passphrase for a named service,

-    subject to constraints e.g. on passphrase length, allowed

-    characters, etc.  The exact derivation depends on the selected

-    derivation scheme.  For each scheme, it is computationally

-    infeasible to discern the master secret from the derived passphrase.

-    The derivations are also deterministic, given the same inputs, thus

-    the resulting passphrases need not be stored explicitly.  The

-    service name and constraints themselves also generally need not be

-    kept secret, depending on the scheme.

-

-    The currently implemented subcommands are "vault" (for the scheme

-    used by vault) and "export" (for exporting foreign configuration

-    data).  See the respective `--help` output for instructions.  If no

-    subcommand is given, we default to "vault".

-

-    Deprecation notice: Defaulting to "vault" is deprecated.  Starting

-    in v1.0, the subcommand must be specified explicitly.\f

-

     This is a [`click`][CLICK]-powered command-line interface function,

-    and not intended for programmatic use.  Call with arguments

-    `['--help']` to see full documentation of the interface.  (See also

+    and not intended for programmatic use.  See the derivepassphrase(1)

+    manpage for full documentation of the interface.  (See also

     [`click.testing.CliRunner`][] for controlled, programmatic

     invocation.)

     [CLICK]: https://pypi.org/package/click/

-    """  # noqa: D301

-    logger = logging.getLogger(PROG_NAME)

+    """

     deprecation = logging.getLogger(f'{PROG_NAME}.deprecation')

     if ctx.invoked_subcommand is None:

         deprecation.warning(

-            'A subcommand will be required in v1.0. '

-            'See --help for available subcommands.'

+            _msg.TranslatedString(_msg.WarnMsgTemplate.V10_SUBCOMMAND_REQUIRED)

         )

-        logger.warning('Defaulting to subcommand "vault".')

         # See definition of click.Group.invoke, non-chained case.

         with ctx:

             sub_ctx = derivepassphrase_vault.make_context(

@@ -701,6 +1153,11 @@ def derivepassphrase(ctx: click.Context, /) -> None:

     },

     invoke_without_command=True,

     cls=_DefaultToVaultGroup,

+    help=(

+        _msg.TranslatedString(_msg.Label.DERIVEPASSPHRASE_EXPORT_01),

+        _msg.TranslatedString(_msg.Label.DERIVEPASSPHRASE_EXPORT_02),

+        _msg.TranslatedString(_msg.Label.DERIVEPASSPHRASE_EXPORT_03),

+    ),

 )

 @click.version_option(version=dpp.__version__, prog_name=PROG_NAME)

 @standard_logging_options

@@ -708,33 +1165,20 @@ def derivepassphrase(ctx: click.Context, /) -> None:

 def derivepassphrase_export(ctx: click.Context, /) -> None:

     """Export a foreign configuration to standard output.

-    Read a foreign system configuration, extract all information from

-    it, and export the resulting configuration to standard output.

-

-    The only available subcommand is "vault", which implements the

-    vault-native configuration scheme.  If no subcommand is given, we

-    default to "vault".

-

-    Deprecation notice: Defaulting to "vault" is deprecated.  Starting

-    in v1.0, the subcommand must be specified explicitly.\f

-

     This is a [`click`][CLICK]-powered command-line interface function,

-    and not intended for programmatic use.  Call with arguments

-    `['--help']` to see full documentation of the interface.  (See also

-    [`click.testing.CliRunner`][] for controlled, programmatic

-    invocation.)

+    and not intended for programmatic use.  See the

+    derivepassphrase-export(1) manpage for full documentation of the

+    interface.  (See also [`click.testing.CliRunner`][] for controlled,

+    programmatic invocation.)

     [CLICK]: https://pypi.org/package/click/

-    """  # noqa: D301

-    logger = logging.getLogger(PROG_NAME)

+    """

     deprecation = logging.getLogger(f'{PROG_NAME}.deprecation')

     if ctx.invoked_subcommand is None:

         deprecation.warning(

-            'A subcommand will be required in v1.0. '

-            'See --help for available subcommands.'

+            _msg.TranslatedString(_msg.WarnMsgTemplate.V10_SUBCOMMAND_REQUIRED)

         )

-        logger.warning('Defaulting to subcommand "vault".')

         # See definition of click.Group.invoke, non-chained case.

         with ctx:

             sub_ctx = derivepassphrase_export_vault.make_context(

@@ -787,32 +1231,68 @@ def _load_data(

         assert_never(fmt)

+class StandardOption(OptionGroupOption):

+    pass

+

+

 @derivepassphrase_export.command(

     'vault',

     context_settings={'help_option_names': ['-h', '--help']},

+    cls=CommandWithHelpGroups,

+    help=(

+        _msg.TranslatedString(_msg.Label.DERIVEPASSPHRASE_EXPORT_VAULT_01),

+        _msg.TranslatedString(

+            _msg.Label.DERIVEPASSPHRASE_EXPORT_VAULT_02,

+            path_metavar=_msg.TranslatedString(

+                _msg.Label.EXPORT_VAULT_METAVAR_PATH,

+            ),

+        ),

+        _msg.TranslatedString(

+            _msg.Label.DERIVEPASSPHRASE_EXPORT_VAULT_03,

+            path_metavar=_msg.TranslatedString(

+                _msg.Label.EXPORT_VAULT_METAVAR_PATH,

+            ),

+        ),

+    ),

 )

 @standard_logging_options

 @click.option(

     '-f',

     '--format',

     'formats',

-    metavar='FMT',

+    metavar=_msg.TranslatedString(_msg.Label.EXPORT_VAULT_FORMAT_METAVAR_FMT),

     multiple=True,

     default=('v0.3', 'v0.2', 'storeroom'),

     type=click.Choice(['v0.2', 'v0.3', 'storeroom']),

-    help='try the following storage formats, in order (default: v0.3, v0.2)',

+    help=_msg.TranslatedString(

+        _msg.Label.EXPORT_VAULT_FORMAT_HELP_TEXT,

+        defaults_hint=_msg.TranslatedString(

+            _msg.Label.EXPORT_VAULT_FORMAT_DEFAULTS_HELP_TEXT,

+        ),

+        metavar=_msg.TranslatedString(

+            _msg.Label.EXPORT_VAULT_FORMAT_METAVAR_FMT,

+        ),

+    ),

+    cls=StandardOption,

 )

 @click.option(

     '-k',

     '--key',

-    metavar='K',

-    help=(

-        'use K as the storage master key '

-        '(default: check the `VAULT_KEY`, `LOGNAME`, `USER` or '

-        '`USERNAME` environment variables)'

+    metavar=_msg.TranslatedString(_msg.Label.EXPORT_VAULT_KEY_METAVAR_K),

+    help=_msg.TranslatedString(

+        _msg.Label.EXPORT_VAULT_KEY_HELP_TEXT,

+        metavar=_msg.TranslatedString(_msg.Label.EXPORT_VAULT_KEY_METAVAR_K),

+        defaults_hint=_msg.TranslatedString(

+            _msg.Label.EXPORT_VAULT_KEY_DEFAULTS_HELP_TEXT,

         ),

+    ),

+    cls=StandardOption,

+)

+@click.argument(

+    'path',

+    metavar=_msg.TranslatedString(_msg.Label.EXPORT_VAULT_METAVAR_PATH),

+    required=True,

 )

-@click.argument('path', metavar='PATH', required=True)

 @click.pass_context

 def derivepassphrase_export_vault(

     ctx: click.Context,

@@ -824,16 +1304,13 @@ def derivepassphrase_export_vault(

 ) -> None:

     """Export a vault-native configuration to standard output.

-    Read the vault-native configuration at PATH, extract all information

-    from it, and export the resulting configuration to standard output.

-    Depending on the configuration format, PATH may either be a file or

-    a directory.  Supports the vault "v0.2", "v0.3" and "storeroom"

-    formats.

+    This is a [`click`][CLICK]-powered command-line interface function,

+    and not intended for programmatic use.  See the

+    derivepassphrase-export-vault(1) manpage for full documentation of

+    the interface.  (See also [`click.testing.CliRunner`][] for

+    controlled, programmatic invocation.)

-    If PATH is explicitly given as `VAULT_PATH`, then use the

-    `VAULT_PATH` environment variable to determine the correct path.

-    (Use `./VAULT_PATH` or similar to indicate a file/directory actually

-    named `VAULT_PATH`.)

+    [CLICK]: https://pypi.org/package/click/

     """

     logger = logging.getLogger(PROG_NAME)

@@ -1093,7 +1570,7 @@ def _get_suitable_ssh_keys(

             if vault.Vault.is_suitable_ssh_key(key, client=client):

                 yield pair

     if not suitable_keys:  # pragma: no cover

-        raise LookupError(_NO_USABLE_KEYS)

+        raise LookupError(_NO_SUITABLE_KEYS)

 def _prompt_for_selection(

@@ -1317,9 +1794,11 @@ def _check_for_misleading_passphrase(

         if not unicodedata.is_normalized(form, phrase):

             logger.warning(

                 (

-                    'the %s passphrase is not %s-normalized.  '

-                    'Make sure to double-check this is really the '

-                    'passphrase you want.'

+                    'The %s passphrase is not %s-normalized.  Its '

+                    'serialization as a byte string may not be what you '

+                    'expect it to be, even if it *displays* correctly.  '

+                    'Please make sure to double-check any derived '

+                    'passphrases for unexpected results.'

                 ),

                 formatted_key,

                 form,

@@ -1350,19 +1829,35 @@ def _key_to_phrase(

                         k == key for k, _ in keylist

                     ):

                         error_callback(

-                            'The requested SSH key is not loaded '

-                            'into the agent.'

+                            _msg.TranslatedString(

+                                _msg.ErrMsgTemplate.SSH_KEY_NOT_LOADED

+                            )

+                        )

+                error_callback(

+                    _msg.TranslatedString(

+                        _msg.ErrMsgTemplate.AGENT_REFUSED_SIGNATURE

+                    ),

+                    exc_info=exc,

                 )

-                error_callback(exc)

     except KeyError:

-        error_callback('Cannot find running SSH agent; check SSH_AUTH_SOCK')

-    except NotImplementedError:

         error_callback(

-            'Cannot connect to SSH agent because '

-            'this Python version does not support UNIX domain sockets'

+            _msg.TranslatedString(_msg.ErrMsgTemplate.NO_SSH_AGENT_FOUND)

         )

+    except NotImplementedError:

+        error_callback(_msg.TranslatedString(_msg.ErrMsgTemplate.NO_AF_UNIX))

     except OSError as exc:

-        error_callback('Cannot connect to SSH agent: %s', exc.strerror)

+        error_callback(

+            _msg.TranslatedString(

+                _msg.ErrMsgTemplate.CANNOT_CONNECT_TO_AGENT,

+                error=exc.strerror,

+                filename=exc.filename,

+            ).maybe_without_filename()

+        )

+    except RuntimeError as exc:

+        error_callback(

+            _msg.TranslatedString(_msg.ErrMsgTemplate.CANNOT_UNDERSTAND_AGENT),

+            exc_info=exc,

+        )

 def _print_config_as_sh_script(

@@ -1441,36 +1936,44 @@ def _print_config_as_sh_script(

 class PassphraseGenerationOption(OptionGroupOption):

     """Passphrase generation options for the CLI."""

-    option_group_name = 'Passphrase generation'

-    epilog = """

-        Use NUMBER=0, e.g. "--symbol 0", to exclude a character type

-        from the output.

-    """

+    option_group_name = _msg.TranslatedString(

+        _msg.Label.PASSPHRASE_GENERATION_LABEL

+    )

+    epilog = _msg.TranslatedString(

+        _msg.Label.PASSPHRASE_GENERATION_EPILOG,

+        metavar=_msg.TranslatedString(

+            _msg.Label.PASSPHRASE_GENERATION_METAVAR_NUMBER

+        ),

+    )

 class ConfigurationOption(OptionGroupOption):

     """Configuration options for the CLI."""

-    option_group_name = 'Configuration'

-    epilog = """

-        Use $VISUAL or $EDITOR to configure the spawned editor.

-    """

+    option_group_name = _msg.TranslatedString(_msg.Label.CONFIGURATION_LABEL)

+    epilog = _msg.TranslatedString(_msg.Label.CONFIGURATION_EPILOG)

 class StorageManagementOption(OptionGroupOption):

     """Storage management options for the CLI."""

-    option_group_name = 'Storage management'

-    epilog = """

-        Using "-" as PATH for standard input/standard output is

-        supported.

-    """

+    option_group_name = _msg.TranslatedString(

+        _msg.Label.STORAGE_MANAGEMENT_LABEL

+    )

+    epilog = _msg.TranslatedString(

+        _msg.Label.STORAGE_MANAGEMENT_EPILOG,

+        metavar=_msg.TranslatedString(

+            _msg.Label.STORAGE_MANAGEMENT_METAVAR_PATH

+        ),

+    )

 class CompatibilityOption(OptionGroupOption):

     """Compatibility and incompatibility options for the CLI."""

-    option_group_name = 'Compatibility and extension options'

+    option_group_name = _msg.TranslatedString(

+        _msg.Label.COMPATIBILITY_OPTION_LABEL

+    )

 def _validate_occurrence_constraint(

@@ -1502,11 +2005,9 @@ def _validate_occurrence_constraint(

         try:

             int_value = int(value, 10)

         except ValueError as exc:

-            msg = 'not an integer'

-            raise click.BadParameter(msg) from exc

+            raise click.BadParameter(_NOT_AN_INTEGER) from exc

     if int_value < 0:

-        msg = 'not a non-negative integer'

-        raise click.BadParameter(msg)

+        raise click.BadParameter(_NOT_A_NONNEGATIVE_INTEGER)

     return int_value

@@ -1539,11 +2040,9 @@ def _validate_length(

         try:

             int_value = int(value, 10)

         except ValueError as exc:

-            msg = 'not an integer'

-            raise click.BadParameter(msg) from exc

+            raise click.BadParameter(_NOT_AN_INTEGER) from exc

     if int_value < 1:

-        msg = 'not a positive integer'

-        raise click.BadParameter(msg)

+        raise click.BadParameter(_NOT_A_POSITIVE_INTEGER)

     return int_value

@@ -1565,23 +2064,28 @@ DEFAULT_NOTES_MARKER = '# - - - - - >8 - - - - -'

     'vault',

     context_settings={'help_option_names': ['-h', '--help']},

     cls=CommandWithHelpGroups,

-    epilog=r"""

-        WARNING: There is NO WAY to retrieve the generated passphrases

-        if the master passphrase, the SSH key, or the exact passphrase