docs: Remove outdated ref to CreativeWork, other small edits (#1770)

* Remove outdated ref to CreativeWork, other small edits

* Put full CLI reference in separate file

* misc edits

* docs: Change header levels

* Remove command ref

* docs: Clarify -o option

* docs: Update trust support info

* docs: add URL for aca inspect

Author: crandmck

cli/README.md

@@ -14,17 +14,25 @@ For a simple example of calling c2patool from a Node.js server application, see
 
 **Additional documentation**:
 
-- [Using C2PA Tool](https://github.com/contentauth/c2pa-rs/blob/main/cli/docs/usage.md)
-- [Manifest definition file](https://github.com/contentauth/c2pa-rs/blob/main/cli/docs/manifest.md)
-- [Using an X.509 certificate](https://github.com/contentauth/c2pa-rs/blob/main/cli/docs/x_509.md)
-- [Change log / release notes](https://github.com/contentauth/c2pa-rs/blob/main/cli/CHANGELOG.md)
-- [Contributing to the project](https://github.com/contentauth/c2pa-rs/blob/main/cli/docs/project-contributions.md)
+- [Using C2PA Tool](docs/usage.md)
+- [Manifest definition file](docs/manifest.md)
+- [Using an X.509 certificate](docs/x_509.md)
+- [Change log / release notes](CHANGELOG.md)
+- [Contributing to the project](docs/project-contributions.md)
 
 </div>
 
 ## Installation
 
-To install a prebuilt binary of C2PA Tool:
+If you are using macOS, you can install C2PA Tool using Homebrew:
+
+1. Install [Homebrew](https://brew.sh/) if you haven't already done so.
+1. Install C2PA Tool:
+   ```
+   brew install c2patool
+   ```
+
+If you're using another OS or don't want to use Homebrew, install a prebuilt binary of C2PA Tool:
 
 1. Go to the [Releases page and filter for c2patool](https://github.com/contentauth/c2pa-rs/releases?q=c2patool). 
 2. Under **Assets**, click on the archive file for your operating system:
@@ -33,19 +41,20 @@ To install a prebuilt binary of C2PA Tool:
    - Linux: `c2patool-vx.y.z-x86_64-unknown-linux-gnu.tar.gz`
 3. Download and extract the archive file.
 4. Copy the `c2patool` executable file to a location on your `PATH`.
-5. Confirm that you can run the tool by entering a command such as:
+
+
+After installing, confirm that you can run the tool by entering a command such as:
 ```
 c2patool -h
 ```
 
-You may need to set execution permission for the tool on your system. 
-For macOS, see [If you want to open an app that hasn’t been notarized or is from an unidentified developer](https://support.apple.com/en-us/102445#openanyway).
+When running a prebuilt binary, you may need to set execution permission for the tool on your system. For macOS, see [If you want to open an app that hasn’t been notarized or is from an unidentified developer](https://support.apple.com/en-us/102445#openanyway).
 
 NOTE: You also may want to get some of the example files provided in the repository `sample` directory.   To do so, clone the repository with `git clone https://github.com/contentauth/c2pa-rs.git`.
 
 ### Installing from source
 
-Instead of installing a prebuilt binary, you can [build the project from source](https://github.com/contentauth/c2pa-rs/blob/main/cli/docs/project-contributions.md#building-from-source).
+Instead of installing a prebuilt binary, you can [build the project from source](docs/project-contributions.md#building-from-source).
 
 ### Upgrading
 
@@ -55,4 +64,6 @@ To display the version of C2PA Tool that you have, enter this command:
 c2patool -V
 ```
 
-The tool will display the version installed. Compare the version number displayed with the latest release version shown in the [repository releases page filtered for c2patool](https://github.com/contentauth/c2pa-rs/releases?q=c2patool).  If you don't have the latest version, simply reinstall to get the latest version.
+The tool will display the version installed. Compare the version number displayed with the latest release version shown in the [repository releases page filtered for c2patool](https://github.com/contentauth/c2pa-rs/releases?q=c2patool).  
+
+If you don't have the latest version, simply reinstall C2PA Tool to get the latest version.

cli/docs/manifest.md

@@ -5,18 +5,13 @@ In the manifest definition file, file paths are relative to the location of the
 
 ## JSON format
 
-The C2PA specification describes a manifest that has a binary structure in JPEG universal metadata box format (JUMBF).  However, C2PA Tool works with a JSON manifest structure that's easier to understand and work with.  It's a declarative language for representing and creating a manifest in binary format. For more information on the JSON manifest, see [Working with manifests](https://opensource.contentauthenticity.org/docs/manifest/understanding-manifest).
+The C2PA specification describes a manifest that has a binary structure in JPEG universal metadata box format (JUMBF).  However, C2PA Tool works with a JSON manifest structure that's easier to understand and work with.  It's a declarative language for representing and creating a manifest in binary format. 
 
-See also:
-
-* <a href="https://opensource.contentauthenticity.org/docs/manifest/manifest-ref" target="_self">Manifest store reference</a>
-* <a href="https://opensource.contentauthenticity.org/docs/manifest/manifest-json-schema" target="_self">Manifest store schema</a>
-* <a href="https://github.com/contentauth/c2pa-rs/blob/main/cli/schemas/manifest-definition.json" target="_self">Manifest definition schema</a>
-* <a href="https://github.com/contentauth/c2pa-rs/blob/main/cli/schemas/ingredient.json" target="_self">Ingredient schema</a>
+See also <a href="https://opensource.contentauthenticity.org/docs/manifest/json-ref/" target="_self">JSON manifest reference</a>.
 
 ## Adding a claim generator icon
 
-You can specify an icon to be displayed by tools such as [Verify](https://contentcredentials.org/verify) to indicate the signer of the manifest.
+You can specify an icon to be displayed by tools such as [Inspect tool on Adobe Content Authenticity (Beta)](https://inspect.cr/) (also called ACA Inspect) to indicate the signer of the manifest.
 
 To do this, add a `claim_generator_info` property to the manifest definition. The `claim_generator_info.icon` property contains information on the icon:
 - `icon.format` specifies the MIME type of the icon file.  SVG format is preferred, but you can also use PNG or JPEG formats. 
@@ -43,43 +38,49 @@ To add the icon using C2PA Tool, make sure the icon file and the manifest defini
 c2patool image_to_sign.jpg -m manifest.json -o signed_with_icon.jpg
 ```
 
-NOTE: The [Verify](https://contentcredentials.org/verify) tool will not display an icon for a signing certificate that is not on the temporary certificate list, such as the C2PA Tool test certificate.
-
-## Example
-
-The example below is a snippet of a manifest definition that inserts a `CreativeWork` author assertion. This example uses the default testing certificates in the [sample folder](https://github.com/contentauth/c2pa-rs/tree/main/cli/sample) that are also built into the `c2patool` binary.
+NOTE: [ACA Inspect](https://inspect.cr/) will only display an icon for a signing certificate if the certificate can be traced back to a root certificate on the [C2PA trust list](https://opensource.contentauthenticity.org/docs/conformance/trust-lists#c2pa-trust-list).
 
-**NOTE**:  When you don't specify a key or certificate in the manifest `private_key` and `sign_cert` fields, the tool will use the built-in key and cert. You'll see a warning message, since they are meant for development purposes only. For actual use, provide a permanent key and certificate in the manifest definition or environment variables; see [Creating and using an X.509 certificate](x_509.md). 
+## Special properties used by C2PA Tool
 
-The following manifest properties are specific to c2patool and used for signing manifests:
+The following manifest properties are specific to C2PA Tool and used for signing manifests:
 
 - `alg`: Signing algorithm to use. See [Creating and using an X.509 certificate](x_509.md) for possible values. Default: `es256`.
 - `private_key`: Private key to use. Default: `es256_private.key`
 - `sign_cert`: Signing certificate to use. Default: `es256_certs.pem`
-- `ta_url`:  Time Authority URL for getting a time-stamp (for example, `http://timestamp.digicert.com`). A time-stamp provides a way to confirm that the manifest was signed when the certificate was valid, even if the certificate has since expired. Howver, the Time Authority URL requires a live online connection for confirmation, which may not always be available.
+- `ta_url`:  Time Authority URL for getting a time-stamp (for example, `http://timestamp.digicert.com`). A time-stamp provides a way to confirm that the manifest was signed when the certificate was valid, even if the certificate has since expired. However, the Time Authority URL requires a live online connection for confirmation, which may not always be available.
+
+## Example
+
+The example below is a minimal manifest definition that uses a default testing certificate in the [sample folder](https://github.com/contentauth/c2pa-rs/tree/main/cli/sample) that are also built into the `c2patool` binary.
+
+**NOTE**:  When you don't specify a key or certificate in the manifest `private_key` and `sign_cert` fields, the tool will use the built-in key and cert. You'll see a warning message, since they are meant for development purposes only. 
+
+For actual use, provide a permanent key and certificate in the manifest definition or environment variables; see [Creating and using an X.509 certificate](x_509.md). 
 
 ```json
 {
     "alg": "es256",
-    "private_key": "es256_private.key",
-    "sign_cert": "es256_certs.pem",
+    "private_key": "/Users/randmckinney/work/cai/c2pa-rs/cli/sample/es256_private.key",
+    "sign_cert": "/Users/randmckinney/work/cai/c2pa-rs/cli/sample/es256_certs.pem",
     "ta_url": "http://timestamp.digicert.com",
 
     "claim_generator": "TestApp",
     "assertions": [
         {
-            "label": "stds.schema-org.CreativeWork",
-            "data": {
-                "@context": "https://schema.org",
-                "@type": "CreativeWork",
-                "author": [
-                    {
-                        "@type": "Person",
-                        "name": "Joe Bloggs"
-                    }
-                ]
-            }
+          "label": "c2pa.actions.v2",
+          "data": {
+            "actions": [
+              {
+                "action": "c2pa.created",
+                "softwareAgent": "My Demo",
+                "digitalSourceType": "http://cv.iptc.org/newscodes/digitalsourcetype/digitalArt"
+              }
+            ],
+            "allActionsIncluded": true
+          }
         }
-    ]
+      ]
 }
 ```
+
+