hushspec-cli 0.1.1

CLI tool for validating, testing, and scaffolding HushSpec policies
hushspec-cli-0.1.1 is not a library.

hushspec-cli (h2h)

hush to hush -- because your agent's permissions shouldn't be shouted about.

h2h is the command-line tool for working with HushSpec policy documents. It covers the full policy lifecycle: validate, lint, test, diff, format, scaffold, sign, and emergency override.

Installation

cargo install hushspec-cli

This installs the h2h binary.

Commands

# Validate a policy against the HushSpec schema
h2h validate policy.yaml

# Static analysis and linting
h2h lint policy.yaml
h2h lint --fail-on-warnings policy.yaml

# Run evaluation test suites
h2h test policy.test.yaml
h2h test --fixtures ./tests/

# Compare two policies and show decision changes
h2h diff old.yaml new.yaml

# Format policy files canonically
h2h fmt policy.yaml
h2h fmt --check policy.yaml    # CI mode (exit 1 if unformatted)
h2h fmt --diff policy.yaml     # Show what would change

# Scaffold a new policy project
h2h init --preset default      # also: strict, permissive
h2h init --preset strict --dir ./my-project

# Policy signing (Ed25519)
h2h keygen                     # creates h2h.key + h2h.pub
h2h sign policy.yaml --key h2h.key
h2h verify policy.yaml --key h2h.pub

# Display governance metadata and run advisory checks
h2h audit policy.yaml

# Emergency deny-all kill switch
h2h panic activate --sentinel /tmp/hushspec.panic
h2h panic deactivate --sentinel /tmp/hushspec.panic
h2h panic status --sentinel /tmp/hushspec.panic

Output Formats

Most commands support --format text (default), --format json, and where applicable --format tap for CI integration.

h2h validate --format json policy.yaml
h2h lint --format json policy.yaml
h2h test --format tap tests/
h2h diff --format json old.yaml new.yaml

Getting Started

# Scaffold a project, validate, and run tests in one go
h2h init --preset default --dir my-agent
h2h validate my-agent/.hushspec/policy.yaml
h2h test --fixtures my-agent/.hushspec/tests

Library

The h2h CLI is built on the hushspec Rust library. If you need programmatic access to parsing, validation, or evaluation, use that crate directly.

License

Apache-2.0