hushspec-cli 0.1.1

CLI tool for validating, testing, and scaffolding HushSpec policies
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

# hushspec-cli (h2h)

*hush to hush* -- because your agent's permissions shouldn't be shouted about.

`h2h` is the command-line tool for working with [HushSpec](https://github.com/backbay-labs/hush) policy documents. It covers the full policy lifecycle: validate, lint, test, diff, format, scaffold, sign, and emergency override.

## Installation

```bash
cargo install hushspec-cli
```

This installs the `h2h` binary.

## Commands

```bash
# Validate a policy against the HushSpec schema
h2h validate policy.yaml

# Static analysis and linting
h2h lint policy.yaml
h2h lint --fail-on-warnings policy.yaml

# Run evaluation test suites
h2h test policy.test.yaml
h2h test --fixtures ./tests/

# Compare two policies and show decision changes
h2h diff old.yaml new.yaml

# Format policy files canonically
h2h fmt policy.yaml
h2h fmt --check policy.yaml    # CI mode (exit 1 if unformatted)
h2h fmt --diff policy.yaml     # Show what would change

# Scaffold a new policy project
h2h init --preset default      # also: strict, permissive
h2h init --preset strict --dir ./my-project

# Policy signing (Ed25519)
h2h keygen                     # creates h2h.key + h2h.pub
h2h sign policy.yaml --key h2h.key
h2h verify policy.yaml --key h2h.pub

# Display governance metadata and run advisory checks
h2h audit policy.yaml

# Emergency deny-all kill switch
h2h panic activate --sentinel /tmp/hushspec.panic
h2h panic deactivate --sentinel /tmp/hushspec.panic
h2h panic status --sentinel /tmp/hushspec.panic
```

## Output Formats

Most commands support `--format text` (default), `--format json`, and where applicable `--format tap` for CI integration.

```bash
h2h validate --format json policy.yaml
h2h lint --format json policy.yaml
h2h test --format tap tests/
h2h diff --format json old.yaml new.yaml
```

## Getting Started

```bash
# Scaffold a project, validate, and run tests in one go
h2h init --preset default --dir my-agent
h2h validate my-agent/.hushspec/policy.yaml
h2h test --fixtures my-agent/.hushspec/tests
```

## Library

The `h2h` CLI is built on the [`hushspec`](https://crates.io/crates/hushspec) Rust library. If you need programmatic access to parsing, validation, or evaluation, use that crate directly.

## License

Apache-2.0