Update CLI documentation

docs/cli/opkssh.md

@@ -37,4 +37,4 @@ opkssh [flags]
 * [opkssh readhome](opkssh_readhome.md)	 - Read the principal's home policy file
 * [opkssh verify](opkssh_verify.md)	 - Verify an SSH key (used by sshd AuthorizedKeysCommand)
 
-###### Auto generated by spf13/cobra on 9-Oct-2025
+###### Auto generated by spf13/cobra on 13-Oct-2025

docs/cli/opkssh_add.md

@@ -9,13 +9,13 @@ Add appends a new policy entry in the auth_id policy file granting SSH access to
 It first attempts to write to the system-wide file (/etc/opk/auth_id). If it lacks permissions to update this file it falls back to writing to the user-specific file (~/.opk/auth_id).
 
 Arguments:
-  PRINCIPAL            The target user account (requested principal).
-  EMAIL|SUB|GROUP      Email address, subscriber ID or group authorized to assume this principal. If using an OIDC group, the argument needs to be in the format of oidc:groups:<groupId>.
-  ISSUER               OpenID Connect provider (issuer) URL associated with the email/sub/group.
+  principal            The target user account (requested principal).
+  email|sub|group      Email address, subscriber ID or group authorized to assume this principal. If using an OIDC group, the argument needs to be in the format of oidc:groups:<groupId>.
+  issuer               OpenID Connect provider (issuer) URL associated with the email/sub/group.
 
 
 ```
-opkssh add <PRINCIPAL> <EMAIL|SUB|GROUP> <ISSUER> [flags]
+opkssh add <principal> <email|sub|group> <issuer> [flags]
 ```
 
 ### Examples
@@ -36,4 +36,4 @@ opkssh add <PRINCIPAL> <EMAIL|SUB|GROUP> <ISSUER> [flags]
 
 * [opkssh](opkssh.md)	 - SSH with OpenPubkey
 
-###### Auto generated by spf13/cobra on 9-Oct-2025
+###### Auto generated by spf13/cobra on 13-Oct-2025

docs/cli/opkssh_client.md

@@ -19,4 +19,4 @@ Interact with client configuration
 * [opkssh](opkssh.md)	 - SSH with OpenPubkey
 * [opkssh client provider](opkssh_client_provider.md)	 - Interact with provider configuration
 
-###### Auto generated by spf13/cobra on 9-Oct-2025
+###### Auto generated by spf13/cobra on 13-Oct-2025

docs/cli/opkssh_client_provider.md

@@ -19,4 +19,4 @@ Interact with provider configuration
 * [opkssh client](opkssh_client.md)	 - Interact with client configuration
 * [opkssh client provider list](opkssh_client_provider_list.md)	 - List configured providers
 
-###### Auto generated by spf13/cobra on 9-Oct-2025
+###### Auto generated by spf13/cobra on 13-Oct-2025

docs/cli/opkssh_client_provider_list.md

@@ -23,4 +23,4 @@ opkssh client provider list [flags]
 
 * [opkssh client provider](opkssh_client_provider.md)	 - Interact with provider configuration
 
-###### Auto generated by spf13/cobra on 9-Oct-2025
+###### Auto generated by spf13/cobra on 13-Oct-2025

docs/cli/opkssh_inspect.md

@@ -22,4 +22,4 @@ opkssh inspect <path> [flags]
 
 * [opkssh](opkssh.md)	 - SSH with OpenPubkey
 
-###### Auto generated by spf13/cobra on 9-Oct-2025
+###### Auto generated by spf13/cobra on 13-Oct-2025

docs/cli/opkssh_login.md

@@ -46,4 +46,4 @@ opkssh login [alias] [flags]
 
 * [opkssh](opkssh.md)	 - SSH with OpenPubkey
 
-###### Auto generated by spf13/cobra on 9-Oct-2025
+###### Auto generated by spf13/cobra on 13-Oct-2025

docs/cli/opkssh_readhome.md

@@ -4,13 +4,13 @@ Read the principal's home policy file
 
 ### Synopsis
 
-Read the principal's policy file (/home/<PRINCIPAL>/.opk/auth_id).
+Read the principal's policy file (/home/<principal>/.opk/auth_id).
 
 You should not call this command directly. It is called by the opkssh verify command as part of the AuthorizedKeysCommand process to read the user's policy  (principals) home file (~/.opk/auth_id) with sudoer permissions. This allows us to use an unprivileged user as the AuthorizedKeysCommand user.
 
 
 ```
-opkssh readhome <PRINCIPAL> [flags]
+opkssh readhome <principal> [flags]
 ```
 
 ### Examples
@@ -29,4 +29,4 @@ opkssh readhome <PRINCIPAL> [flags]
 
 * [opkssh](opkssh.md)	 - SSH with OpenPubkey
 
-###### Auto generated by spf13/cobra on 9-Oct-2025
+###### Auto generated by spf13/cobra on 13-Oct-2025

docs/cli/opkssh_verify.md

@@ -26,12 +26,12 @@ Verification checks performed:
 If all checks pass, Verify authorizes the SSH connection.
 
 Arguments:
-  PRINCIPAL    Target username.
-  CERT         Base64-encoded SSH certificate.
-  KEY_TYPE     SSH certificate key type (e.g., ecdsa-sha2-nistp256-cert-v01@openssh.com)
+  principal    Target username.
+  cert         Base64-encoded SSH certificate.
+  key_type     SSH certificate key type (e.g., ecdsa-sha2-nistp256-cert-v01@openssh.com)
 
 ```
-opkssh verify <PRINCIPAL> <CERT> <KEY_TYPE> [flags]
+opkssh verify <principal> <cert> <key_type> [flags]
 ```
 
 ### Examples
@@ -51,4 +51,4 @@ opkssh verify <PRINCIPAL> <CERT> <KEY_TYPE> [flags]
 
 * [opkssh](opkssh.md)	 - SSH with OpenPubkey
 
-###### Auto generated by spf13/cobra on 9-Oct-2025
+###### Auto generated by spf13/cobra on 13-Oct-2025