microsoft
diff --git a/‎.github/actions/spelling/expect.txt‎
Lines changed: 1 addition & 0 deletions b/‎.github/actions/spelling/expect.txt‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/AppInstallerCLICore/Argument.cpp‎
Lines changed: 8 additions & 0 deletions b/‎src/AppInstallerCLICore/Argument.cpp‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎src/AppInstallerCLICore/Commands/SourceCommand.cpp‎
Lines changed: 25 additions & 0 deletions b/‎src/AppInstallerCLICore/Commands/SourceCommand.cpp‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎src/AppInstallerCLICore/Commands/SourceCommand.h‎
Lines changed: 1 addition & 0 deletions b/‎src/AppInstallerCLICore/Commands/SourceCommand.h‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/AppInstallerCLICore/ExecutionArgs.h‎
Lines changed: 2 additions & 0 deletions b/‎src/AppInstallerCLICore/ExecutionArgs.h‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/AppInstallerCLICore/Resources.h‎
Lines changed: 4 additions & 0 deletions b/‎src/AppInstallerCLICore/Resources.h‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/AppInstallerCLICore/Workflows/SourceFlow.cpp‎
Lines changed: 18 additions & 3 deletions b/‎src/AppInstallerCLICore/Workflows/SourceFlow.cpp‎
Lines changed: 18 additions & 3 deletions
diff --git a/‎src/AppInstallerCLIE2ETests/Constants.cs‎
Lines changed: 1 addition & 1 deletion b/‎src/AppInstallerCLIE2ETests/Constants.cs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/AppInstallerCLIE2ETests/GroupPolicy.cs‎
Lines changed: 27 additions & 1 deletion b/‎src/AppInstallerCLIE2ETests/GroupPolicy.cs‎
Lines changed: 27 additions & 1 deletion
diff --git a/‎src/AppInstallerCLIE2ETests/GroupPolicyHelper.cs‎
Lines changed: 11 additions & 1 deletion b/‎src/AppInstallerCLIE2ETests/GroupPolicyHelper.cs‎
Lines changed: 11 additions & 1 deletion
@@ -423,6 +423,7 @@ srs
 startswith
 STARTUPINFOW
 STDMETHODCALLTYPE
+storeorigin
 STRRET
 stylecop
 subdir
 
@@ -115,6 +115,10 @@ namespace AppInstaller::CLI
             return { type, "arg"_liv, 'a' };
         case Execution::Args::Type::ForceSourceReset:
             return { type, "force"_liv };
+        case Execution::Args::Type::SourceExplicit:
+            return { type, "explicit"_liv };
+        case Execution::Args::Type::SourceTrustLevel:
+            return { type, "trust-level"_liv };
 
         //Hash Command
         case Execution::Args::Type::HashFile:
@@ -344,6 +348,10 @@ namespace AppInstaller::CLI
             return Argument{ type, Resource::String::SourceArgArgumentDescription, ArgumentType::Positional, true };
         case Args::Type::SourceType:
             return Argument{ type, Resource::String::SourceTypeArgumentDescription, ArgumentType::Positional };
+        case Args::Type::SourceExplicit:
+            return Argument{ type, Resource::String::SourceExplicitArgumentDescription, ArgumentType::Flag };
+        case Args::Type::SourceTrustLevel:
+            return Argument{ type, Resource::String::SourceTrustLevelArgumentDescription, ArgumentType::Standard, Argument::Visibility::Help };
         case Args::Type::ValidateManifest:
             return Argument{ type, Resource::String::ValidateManifestArgumentDescription, ArgumentType::Positional, true };
         case Args::Type::IgnoreWarnings:
 
@@ -52,8 +52,10 @@ namespace AppInstaller::CLI
             Argument::ForType(Args::Type::SourceName).SetRequired(true),
             Argument::ForType(Args::Type::SourceArg),
             Argument::ForType(Args::Type::SourceType),
+            Argument::ForType(Args::Type::SourceTrustLevel),
             Argument::ForType(Args::Type::CustomHeader),
             Argument::ForType(Args::Type::AcceptSourceAgreements),
+            Argument::ForType(Args::Type::SourceExplicit),
         };
     }
 
@@ -72,6 +74,29 @@ namespace AppInstaller::CLI
         return s_SourceCommand_HelpLink;
     }
 
+    void SourceAddCommand::ValidateArgumentsInternal(Args& execArgs) const
+    {
+        if (execArgs.Contains(Execution::Args::Type::SourceTrustLevel))
+        {
+            try
+            {
+                std::string trustLevelArg = std::string{ execArgs.GetArg(Execution::Args::Type::SourceTrustLevel) };
+
+                for (auto trustLevel : Utility::Split(trustLevelArg, '|', true))
+                {
+                    Repository::ConvertToSourceTrustLevelEnum(trustLevel);
+                }
+            }
+            catch (...)
+            {
+                auto validOptions = std::vector<Utility::LocIndString>{
+                    Utility::LocIndString{ Repository::SourceTrustLevelEnumToString(Repository::SourceTrustLevel::None) },
+                    Utility::LocIndString{ Repository::SourceTrustLevelEnumToString(Repository::SourceTrustLevel::Trusted) } };
+                throw CommandException(Resource::String::InvalidArgumentValueError(ArgumentCommon::ForType(Execution::Args::Type::SourceTrustLevel).Name, Utility::Join(","_liv, validOptions)));
+            }
+        }
+    }
+
     void SourceAddCommand::ExecuteInternal(Context& context) const
     {
         // Note: Group Policy for allowed sources is enforced at the RepositoryCore level
 
@@ -32,6 +32,7 @@ namespace AppInstaller::CLI
         Utility::LocIndView HelpLink() const override;
 
     protected:
+        void ValidateArgumentsInternal(Execution::Args& execArgs) const override;
         void ExecuteInternal(Execution::Context& context) const override;
     };
 
 
@@ -62,6 +62,8 @@ namespace AppInstaller::CLI::Execution
             SourceType,
             SourceArg,
             ForceSourceReset,
+            SourceExplicit,
+            SourceTrustLevel,
 
             //Hash Command
             HashFile,
 
@@ -545,6 +545,8 @@ namespace AppInstaller::CLI::Resource
         WINGET_DEFINE_RESOURCE_STRINGID(SourceListName);
         WINGET_DEFINE_RESOURCE_STRINGID(SourceListNoneFound);
         WINGET_DEFINE_RESOURCE_STRINGID(SourceListNoSources);
+        WINGET_DEFINE_RESOURCE_STRINGID(SourceListExplicit);
+        WINGET_DEFINE_RESOURCE_STRINGID(SourceListTrustLevel);
         WINGET_DEFINE_RESOURCE_STRINGID(SourceListType);
         WINGET_DEFINE_RESOURCE_STRINGID(SourceListUpdated);
         WINGET_DEFINE_RESOURCE_STRINGID(SourceListUpdatedNever);
@@ -558,12 +560,14 @@ namespace AppInstaller::CLI::Resource
         WINGET_DEFINE_RESOURCE_STRINGID(SourceRemoveCommandShortDescription);
         WINGET_DEFINE_RESOURCE_STRINGID(SourceRemoveOne);
         WINGET_DEFINE_RESOURCE_STRINGID(SourceRequiresAuthentication);
+        WINGET_DEFINE_RESOURCE_STRINGID(SourceExplicitArgumentDescription);
         WINGET_DEFINE_RESOURCE_STRINGID(SourceResetAll);
         WINGET_DEFINE_RESOURCE_STRINGID(SourceResetCommandLongDescription);
         WINGET_DEFINE_RESOURCE_STRINGID(SourceResetCommandShortDescription);
         WINGET_DEFINE_RESOURCE_STRINGID(SourceResetForceArgumentDescription);
         WINGET_DEFINE_RESOURCE_STRINGID(SourceResetListAndOverridePreamble);
         WINGET_DEFINE_RESOURCE_STRINGID(SourceResetOne);
+        WINGET_DEFINE_RESOURCE_STRINGID(SourceTrustLevelArgumentDescription);
         WINGET_DEFINE_RESOURCE_STRINGID(SourceTypeArgumentDescription);
         WINGET_DEFINE_RESOURCE_STRINGID(SourceUpdateAll);
         WINGET_DEFINE_RESOURCE_STRINGID(SourceUpdateCommandLongDescription);
 
@@ -107,8 +107,16 @@ namespace AppInstaller::CLI::Workflow
             std::string_view name = context.Args.GetArg(Args::Type::SourceName);
             std::string_view arg = context.Args.GetArg(Args::Type::SourceArg);
             std::string_view type = context.Args.GetArg(Args::Type::SourceType);
+            bool isExplicit = context.Args.Contains(Args::Type::SourceExplicit);
 
-            Repository::Source sourceToAdd{ name, arg, type };
+            Repository::SourceTrustLevel trustLevel = Repository::SourceTrustLevel::None;
+            if (context.Args.Contains(Execution::Args::Type::SourceTrustLevel))
+            {
+                std::vector<std::string> trustLevelArgs = Utility::Split(std::string{ context.Args.GetArg(Execution::Args::Type::SourceTrustLevel) }, '|', true);
+                trustLevel = Repository::ConvertToSourceTrustLevelFlag(trustLevelArgs);
+            }
+
+            Repository::Source sourceToAdd{ name, arg, type, trustLevel, isExplicit};
 
             if (context.Args.Contains(Execution::Args::Type::CustomHeader))
             {
@@ -156,6 +164,8 @@ namespace AppInstaller::CLI::Workflow
             table.OutputLine({ Resource::LocString(Resource::String::SourceListArg), source.Arg });
             table.OutputLine({ Resource::LocString(Resource::String::SourceListData), source.Data });
             table.OutputLine({ Resource::LocString(Resource::String::SourceListIdentifier), source.Identifier });
+            table.OutputLine({ Resource::LocString(Resource::String::SourceListTrustLevel), Repository::GetSourceTrustLevelForDisplay(source.TrustLevel)});
+            table.OutputLine({ Resource::LocString(Resource::String::SourceListExplicit), std::string{ Utility::ConvertBoolToString(source.Explicit) }});
 
             if (source.LastUpdateTime == Utility::ConvertUnixEpochToSystemClock(0))
             {
@@ -181,10 +191,10 @@ namespace AppInstaller::CLI::Workflow
             }
             else
             {
-                Execution::TableOutput<2> table(context.Reporter, { Resource::String::SourceListName, Resource::String::SourceListArg });
+                Execution::TableOutput<3> table(context.Reporter, { Resource::String::SourceListName, Resource::String::SourceListArg, Resource::String::SourceListExplicit });
                 for (const auto& source : sources)
                 {
-                    table.OutputLine({ source.Name, source.Arg });
+                    table.OutputLine({ source.Name, source.Arg, std::string{ Utility::ConvertBoolToString(source.Explicit) }});
                 }
                 table.Complete();
             }
@@ -199,6 +209,7 @@ namespace AppInstaller::CLI::Workflow
         }
 
         const std::vector<Repository::SourceDetails>& sources = context.Get<Data::SourceList>();
+
         for (const auto& sd : sources)
         {
             Repository::Source source{ sd.Name };
@@ -303,6 +314,10 @@ namespace AppInstaller::CLI::Workflow
                 s.Arg = source.Arg;
                 s.Data = source.Data;
                 s.Identifier = source.Identifier;
+
+                std::vector<std::string_view> sourceTrustLevels = Repository::SourceTrustLevelFlagToList(source.TrustLevel);
+                s.TrustLevel = std::vector<std::string>(sourceTrustLevels.begin(), sourceTrustLevels.end());
+                s.Explicit = source.Explicit;
                 context.Reporter.Info() << s.ToJsonString() << std::endl;
             }
         }
 
@@ -1,4 +1,4 @@
-// -----------------------------------------------------------------------------
+// -----------------------------------------------------------------------------
 // <copyright file="Constants.cs" company="Microsoft Corporation">
 //     Copyright (c) Microsoft Corporation. Licensed under the MIT License.
 // </copyright>
 
@@ -1,4 +1,4 @@
-// -----------------------------------------------------------------------------
+// -----------------------------------------------------------------------------
 // <copyright file="GroupPolicy.cs" company="Microsoft Corporation">
 //     Copyright (c) Microsoft Corporation. Licensed under the MIT License.
 // </copyright>
@@ -180,6 +180,32 @@ public void EnableAdditionalSources()
             Assert.AreEqual(Constants.ErrorCode.S_OK, result.ExitCode);
         }
 
+        /// <summary>
+        /// Test additional sources with trust levels and explicit are enabled by policy.
+        /// </summary>
+        [Test]
+        public void EnableAdditionalSources_TrustLevel_Explicit()
+        {
+            // Remove the test source, then add it with policy.
+            TestCommon.RunAICLICommand("source remove", "TestSource");
+            var result = TestCommon.RunAICLICommand("source list", "TestSource");
+            Assert.AreEqual(Constants.ErrorCode.ERROR_SOURCE_NAME_DOES_NOT_EXIST, result.ExitCode);
+
+            GroupPolicyHelper.EnableAdditionalSources.SetEnabledList(new string[]
+            {
+                "{\"Arg\":\"https://localhost:5001/TestKit\",\"Data\":\"WingetE2E.Tests_8wekyb3d8bbwe\",\"Identifier\":\"WingetE2E.Tests_8wekyb3d8bbwe\",\"Name\":\"TestSource\",\"Type\":\"Microsoft.PreIndexed.Package\",\"TrustLevel\":[\"Trusted\"],\"Explicit\":true}",
+            });
+
+            result = TestCommon.RunAICLICommand("source list", "TestSource");
+            Assert.AreEqual(Constants.ErrorCode.S_OK, result.ExitCode);
+            Assert.True(result.StdOut.Contains("Trust Level"));
+            Assert.True(result.StdOut.Contains("Trusted"));
+
+            var searchResult = TestCommon.RunAICLICommand("search", "TestExampleInstaller");
+            Assert.AreEqual(Constants.ErrorCode.ERROR_NO_SOURCES_DEFINED, searchResult.ExitCode);
+            Assert.True(searchResult.StdOut.Contains("No sources defined; add one with 'source add' or reset to defaults with 'source reset'"));
+        }
+
         /// <summary>
         /// Test enable allowed sources.
         /// </summary>
 
@@ -1,4 +1,4 @@
-// -----------------------------------------------------------------------------
+// -----------------------------------------------------------------------------
 // <copyright file="GroupPolicyHelper.cs" company="Microsoft Corporation">
 //     Copyright (c) Microsoft Corporation. Licensed under the MIT License.
 // </copyright>
@@ -385,6 +385,16 @@ public class GroupPolicySource
             /// Gets or sets certificate pinning.
             /// </summary>
             public GroupPolicyCertificatePinning CertificatePinning { get; set; }
+
+            /// <summary>
+            /// Gets or sets the source trust levels.
+            /// </summary>
+            public string[] TrustLevel { get; set; }
+
+            /// <summary>
+            /// Gets or sets a value indicating whether the source is explicit.
+            /// </summary>
+            public bool Explicit { get; set; }
         }
 
         /// <summary>
Original file line number	Diff line number	Diff line change
`@@ -107,8 +107,16 @@ namespace AppInstaller::CLI::Workflow`
`107`	`107`	`std::string_view name = context.Args.GetArg(Args::Type::SourceName);`
`108`	`108`	`std::string_view arg = context.Args.GetArg(Args::Type::SourceArg);`
`109`	`109`	`std::string_view type = context.Args.GetArg(Args::Type::SourceType);`
	`110`	`+ bool isExplicit = context.Args.Contains(Args::Type::SourceExplicit);`
`110`	`111`
`111`		`- Repository::Source sourceToAdd{ name, arg, type };`
	`112`	`+ Repository::SourceTrustLevel trustLevel = Repository::SourceTrustLevel::None;`
	`113`	`+ if (context.Args.Contains(Execution::Args::Type::SourceTrustLevel))`
	`114`	`+ {`
	`115`	`+ std::vector<std::string> trustLevelArgs = Utility::Split(std::string{ context.Args.GetArg(Execution::Args::Type::SourceTrustLevel) }, '\|', true);`
	`116`	`+ trustLevel = Repository::ConvertToSourceTrustLevelFlag(trustLevelArgs);`
	`117`	`+ }`
	`118`	`+`
	`119`	`+ Repository::Source sourceToAdd{ name, arg, type, trustLevel, isExplicit};`
`112`	`120`
`113`	`121`	`if (context.Args.Contains(Execution::Args::Type::CustomHeader))`
`114`	`122`	`{`
`@@ -156,6 +164,8 @@ namespace AppInstaller::CLI::Workflow`
`156`	`164`	`table.OutputLine({ Resource::LocString(Resource::String::SourceListArg), source.Arg });`
`157`	`165`	`table.OutputLine({ Resource::LocString(Resource::String::SourceListData), source.Data });`
`158`	`166`	`table.OutputLine({ Resource::LocString(Resource::String::SourceListIdentifier), source.Identifier });`
	`167`	`+ table.OutputLine({ Resource::LocString(Resource::String::SourceListTrustLevel), Repository::GetSourceTrustLevelForDisplay(source.TrustLevel)});`
	`168`	`+ table.OutputLine({ Resource::LocString(Resource::String::SourceListExplicit), std::string{ Utility::ConvertBoolToString(source.Explicit) }});`
`159`	`169`
`160`	`170`	`if (source.LastUpdateTime == Utility::ConvertUnixEpochToSystemClock(0))`
`161`	`171`	`{`
`@@ -181,10 +191,10 @@ namespace AppInstaller::CLI::Workflow`
`181`	`191`	`}`
`182`	`192`	`else`
`183`	`193`	`{`
`184`		`- Execution::TableOutput<2> table(context.Reporter, { Resource::String::SourceListName, Resource::String::SourceListArg });`
	`194`	`+ Execution::TableOutput<3> table(context.Reporter, { Resource::String::SourceListName, Resource::String::SourceListArg, Resource::String::SourceListExplicit });`
`185`	`195`	`for (const auto& source : sources)`
`186`	`196`	`{`
`187`		`- table.OutputLine({ source.Name, source.Arg });`
	`197`	`+ table.OutputLine({ source.Name, source.Arg, std::string{ Utility::ConvertBoolToString(source.Explicit) }});`
`188`	`198`	`}`
`189`	`199`	`table.Complete();`
`190`	`200`	`}`
`@@ -199,6 +209,7 @@ namespace AppInstaller::CLI::Workflow`
`199`	`209`	`}`
`200`	`210`
`201`	`211`	`const std::vector<Repository::SourceDetails>& sources = context.Get<Data::SourceList>();`
	`212`	`+`
`202`	`213`	`for (const auto& sd : sources)`
`203`	`214`	`{`
`204`	`215`	`Repository::Source source{ sd.Name };`
`@@ -303,6 +314,10 @@ namespace AppInstaller::CLI::Workflow`
`303`	`314`	`s.Arg = source.Arg;`
`304`	`315`	`s.Data = source.Data;`
`305`	`316`	`s.Identifier = source.Identifier;`
	`317`	`+`
	`318`	`+ std::vector<std::string_view> sourceTrustLevels = Repository::SourceTrustLevelFlagToList(source.TrustLevel);`
	`319`	`+ s.TrustLevel = std::vector<std::string>(sourceTrustLevels.begin(), sourceTrustLevels.end());`
	`320`	`+ s.Explicit = source.Explicit;`
`306`	`321`	`context.Reporter.Info() << s.ToJsonString() << std::endl;`
`307`	`322`	`}`
`308`	`323`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-// -----------------------------------------------------------------------------`
	`1`	`+// -----------------------------------------------------------------------------`
`2`	`2`	`// <copyright file="Constants.cs" company="Microsoft Corporation">`
`3`	`3`	`// Copyright (c) Microsoft Corporation. Licensed under the MIT License.`
`4`	`4`	`// </copyright>`