`mcpb verify` reports every signed bundle as "Extension is not signed" (node-forge `p7.verify` is unimplemented)

[jeffreyaven]

Describe the bug
mcpb verify reports every signed bundle as "Extension is not signed", including bundles signed moments earlier by mcpb sign from the same CLI version. The verification path in dist/node/sign.js calls node-forge's PkcsSignedData.verify(), which node-forge has never implemented - it unconditionally throws "PKCS#7 signature verification not yet implemented." The catch-all in verifyMcpbFile maps that throw (and every other failure mode) to { status: "unsigned" }, so the command exits 1 with a misleading message for well-formed signatures. As a result, no publisher can confirm their signing pipeline with the CLI.

To Reproduce
Steps to reproduce the behavior:

1. npx --yes @anthropic-ai/mcpb pack my-extension/ test.mcpb
2. npx --yes @anthropic-ai/mcpb sign test.mcpb --self-signed (also reproduces with a real cert/key via --cert/--key)
3. npx --yes @anthropic-ai/mcpb verify test.mcpb

Expected behavior
mcpb verify succeeds on bundles produced by mcpb sign (e.g. by verifying the CMS SignedData with an implementation that supports it, such as pkijs/WebCrypto or a platform verifier). Separately, distinct failure states - "no signature present", "signature invalid", "certificate not trusted", "internal verification error" - should be reported distinctly rather than all printing as "Extension is not signed".

Logs

$ npx --yes @anthropic-ai/mcpb verify test.mcpb
Verifying test.mcpb...
ERROR: Extension is not signed

Isolating the steps inside verifyMcpbFile against the same file:

sig extracted: true  (2237-byte DER, MCPB_SIG_V1 framing intact)
type signedData: true
certs: 1
p7.verify THREW: PKCS#7 signature verification not yet implemented.

Additional context

• @anthropic-ai/mcpb 2.1.2; platform-independent (reproduced on Windows and Linux).
• The throwing call is p7.verify({ authenticatedAttributes: true }) in dist/node/sign.js. node-forge's PKCS#7 verify has been unimplemented since inception (how to convert pkcs CSR to DER and Encode it. any pkcs10.js file is available digitalbazaar/forge#447).
• Additionally, p7.signerInfos is not populated by forge.pkcs7.messageFromAsn1, so the messageDigest comparison after the verify call can never execute either.
• The signature block itself is well-formed: the DER parses as SignedData, the certificate extracts, and the signed messageDigest attribute matches the sha256 of the pre-signature content when checked manually.
• Compounds with the EOCD/strict-zip issue (filed separately): together they make signing unusable end to end.

[jeffreyaven]

Still reproduces on main. The cause is in the verify path: p7.verify() (node-forge) throws "PKCS#7 signature verification not yet implemented", and the surrounding catch returns { status: "unsigned" } - so a correctly signed bundle reports as unsigned, and distinct states (no signature / invalid signature / untrusted cert / internal error) all collapse to the same result.

node-forge has never implemented PKCS#7 verification, so the verify step needs replacing. Two options:

1. verify the CMS/PKCS#7 with pkijs; or
2. shell out to the platform verifier (openssl cms -verify etc), which this file already does for the cert-chain check - so there's precedent and no new dependency.

Happy to put up a PR. Do you have a preference between the two, and should the catch distinguish the failure states rather than returning "unsigned" for everything?