ward-cli 0.2.1

GitHub repository management for developers. Plan, apply, verify.
Documentation

Rust License CI Crates.io Downloads

Lines of Code Tests Commands GitHub Release

Install · Quick Start · Docs · Contributing

What is Ward?

Ward is a Rust CLI that treats GitHub repository management as infrastructure-as-code. Declare your desired state in ward.toml, diff it against reality, apply changes, and verify the result. No shell scripts, no cloning, no guessing.

Features

Feature What it does
Security ward security Dependabot, secret scanning, push protection across repos
Protection ward protection Declarative branch protection rules and policies
Templates ward commit Deploy workflow configs via Git Trees API -- no cloning
Drift ward drift Detect config drift from desired state, CI-friendly exit codes
Plan ward plan Unified compliance check across all features at once
Policy ward policy Org-wide rules engine -- fail CI on violations
Rulesets ward rulesets Manage GitHub rulesets (branch protection successor)
Teams ward teams Manage team access permissions across repos
Import ward import Reverse-engineer an existing org into ward.toml
TUI ward tui Interactive terminal dashboard
Doctor ward doctor Diagnose setup: config, token, API, systems
Rollback ward rollback Undo changes using the audit trail

Install

# from crates.io (recommended)
cargo install ward-cli

# homebrew (macOS / Linux)
brew install OriginalMHV/tap/ward-cli

# shell script (macOS / Linux)
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/OriginalMHV/Ward/releases/latest/download/ward-cli-installer.sh | sh

# powershell (Windows)
powershell -ExecutionPolicy ByPass -c "irm https://github.com/OriginalMHV/Ward/releases/latest/download/ward-cli-installer.ps1 | iex"

# from source
git clone https://github.com/OriginalMHV/Ward.git
cd Ward && cargo install --path .

Requires Rust >= 1.85 (source install only) and a GitHub token (GH_TOKEN, GITHUB_TOKEN, or gh auth token). Token scopes needed: repo, read:org, workflow.

ward completions bash > ~/.bash_completion.d/ward
ward completions zsh  > ~/.zfunc/_ward
ward completions fish > ~/.config/fish/completions/ward.fish

Quick Start

ward init                               # interactive setup wizard
vim ward.toml                           # review and adjust config
ward repos list --system backend        # see what's out there
ward security plan --system backend     # dry-run: what would change?
ward security apply --system backend    # apply + auto-verify

Use ward init --non-interactive to scaffold a minimal ward.toml without the wizard.

Documentation

Guide Description
Configuration ward.toml format, systems, overrides
Commands Full CLI reference
Templates Built-in and custom Tera templates
TUI Dashboard Interactive terminal interface
CI Integration Using Ward in GitHub Actions
Architecture How Ward works under the hood

How it works

Every mutating command follows the same three-phase cycle: plan reads the current state from the GitHub API and diffs it against your ward.toml, showing what would change without touching anything. Apply executes those changes, logging every mutation to an audit trail. Verify re-reads the state from the API and confirms it matches the desired config.

File commits are made server-side through the Git Trees API -- no repos are cloned, no temp directories created. All operations are idempotent: Ward detects what's already in place and skips it.

Contributing

See CONTRIBUTING.md for setup and workflow details.

cargo fmt && cargo clippy --tests -- -D warnings && cargo test

License

MIT. See LICENSE.