From 58aed4c8b5eaef90c1caf74edc8eac55a2f96bc6 Mon Sep 17 00:00:00 2001
From: Dariush Malek <dariush.malek86@gmail.com>
Date: Sat, 30 May 2026 09:12:09 -0400
Subject: [PATCH] feat: add --check-cert argument to main.py for standalone
 trust verification

---
 main.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/main.py b/main.py
index 76e7370b..802b6d52 100644
--- a/main.py
+++ b/main.py
@@ -89,6 +89,11 @@ def parse_args():
         action="store_true",
         help="Remove the MITM CA certificate from trusted roots and exit.",
     )
+    parser.add_argument(
+        "--check-cert",
+        action="store_true",
+        help="Check if the CA certificate is trusted and exit.",
+    )
     parser.add_argument(
         "--no-cert-check",
         action="store_true",
@@ -106,10 +111,14 @@ def main():
     args = parse_args()
 
     # Handle cert-only commands before loading config so they can run standalone.
-    if args.install_cert or args.uninstall_cert:
+    if args.install_cert or args.uninstall_cert or args.check_cert:
         configure_logging("INFO")
         _log = logging.getLogger("Main")
 
+        if args.check_cert:
+            trusted = is_ca_trusted(CA_CERT_FILE)
+            sys.exit(0 if trusted else 2)
+
         if args.install_cert:
             _log.info("Installing CA certificate…")
             if not os.path.exists(CA_CERT_FILE):