creed-space-cli 0.1.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- creed_cli/.gitignore +316 -0
- creed_cli/PKG-INFO +179 -0
- creed_cli/README.md +151 -0
- creed_cli/__init__.py +8 -0
- creed_cli/__main__.py +8 -0
- creed_cli/commands/__init__.py +0 -0
- creed_cli/commands/constitution.py +109 -0
- creed_cli/commands/guardian.py +85 -0
- creed_cli/commands/score.py +149 -0
- creed_cli/commands/validate.py +247 -0
- creed_cli/commands/vcp.py +174 -0
- creed_cli/detect.py +186 -0
- creed_cli/main.py +87 -0
- creed_cli/report.py +116 -0
- creed_cli/validators/__init__.py +1 -0
- creed_cli/validators/constitution/__init__.py +26 -0
- creed_cli/validators/constitution/_schema/constitution.schema.json +450 -0
- creed_cli/validators/constitution/linter.py +343 -0
- creed_cli/validators/creed/__init__.py +10 -0
- creed_cli/validators/creed/conflict_detector.py +234 -0
- creed_cli/validators/creed/constants.py +133 -0
- creed_cli/validators/creed/creed_parser.py +254 -0
- creed_cli/validators/creed/hook_coverage.py +117 -0
- creed_cli/validators/creed/quality_scorer.py +174 -0
- creed_cli/validators/creed/readability.py +205 -0
- creed_cli/validators/creed/uef_compatibility.py +194 -0
- creed_cli/validators/vcp_adapter.py +323 -0
- creed_space_cli-0.1.0.dist-info/METADATA +179 -0
- creed_space_cli-0.1.0.dist-info/RECORD +31 -0
- creed_space_cli-0.1.0.dist-info/WHEEL +4 -0
- creed_space_cli-0.1.0.dist-info/entry_points.txt +2 -0
creed_cli/.gitignore
ADDED
|
@@ -0,0 +1,316 @@
|
|
|
1
|
+
# Local per-collaborator overrides (top of Scope Hierarchy; must not be committed)
|
|
2
|
+
CLAUDE.local.md
|
|
3
|
+
|
|
4
|
+
# Build artifacts
|
|
5
|
+
bin/creed-crypto
|
|
6
|
+
|
|
7
|
+
# Dependencies
|
|
8
|
+
node_modules
|
|
9
|
+
node_modules/
|
|
10
|
+
.pnp
|
|
11
|
+
.pnp.js
|
|
12
|
+
venv/
|
|
13
|
+
__pycache__/
|
|
14
|
+
*.pyc
|
|
15
|
+
*.pyo
|
|
16
|
+
*.pyd
|
|
17
|
+
.Python
|
|
18
|
+
.mypy_cache/
|
|
19
|
+
env/
|
|
20
|
+
build/
|
|
21
|
+
dist/
|
|
22
|
+
*.egg-info/
|
|
23
|
+
|
|
24
|
+
# Testing
|
|
25
|
+
coverage/
|
|
26
|
+
*.lcov
|
|
27
|
+
.nyc_output
|
|
28
|
+
.coverage
|
|
29
|
+
.coverage.*
|
|
30
|
+
htmlcov/
|
|
31
|
+
.pytest_cache/
|
|
32
|
+
|
|
33
|
+
# Production
|
|
34
|
+
/build
|
|
35
|
+
/dist
|
|
36
|
+
*/dist
|
|
37
|
+
*/build
|
|
38
|
+
|
|
39
|
+
# SvelteKit build artifacts
|
|
40
|
+
.svelte-kit/
|
|
41
|
+
*/.svelte-kit/
|
|
42
|
+
|
|
43
|
+
# Logs and output files
|
|
44
|
+
logs
|
|
45
|
+
*.log
|
|
46
|
+
*.out
|
|
47
|
+
|
|
48
|
+
# Backup files
|
|
49
|
+
*.bak
|
|
50
|
+
*.backup
|
|
51
|
+
*.old
|
|
52
|
+
npm-debug.log*
|
|
53
|
+
yarn-debug.log*
|
|
54
|
+
yarn-error.log*
|
|
55
|
+
pnpm-debug.log*
|
|
56
|
+
lerna-debug.log*
|
|
57
|
+
|
|
58
|
+
# Environment (comprehensive — covers .env, .env.*, and *.env)
|
|
59
|
+
.env
|
|
60
|
+
.env.*
|
|
61
|
+
*.env
|
|
62
|
+
|
|
63
|
+
# IDE
|
|
64
|
+
.vscode/*
|
|
65
|
+
!.vscode/extensions.json
|
|
66
|
+
!.vscode/settings.json.example
|
|
67
|
+
.idea
|
|
68
|
+
*.swp
|
|
69
|
+
*.swo
|
|
70
|
+
*~
|
|
71
|
+
.DS_Store
|
|
72
|
+
# macOS AppleDouble sidecars and archive metadata (non-UTF-8; crash py scans)
|
|
73
|
+
._*
|
|
74
|
+
__MACOSX/
|
|
75
|
+
|
|
76
|
+
# Turborepo
|
|
77
|
+
.turbo
|
|
78
|
+
|
|
79
|
+
# Changesets
|
|
80
|
+
.changeset/
|
|
81
|
+
|
|
82
|
+
# Temporary
|
|
83
|
+
tmp/
|
|
84
|
+
temp/
|
|
85
|
+
*.tmp
|
|
86
|
+
|
|
87
|
+
# Production PostgreSQL configuration
|
|
88
|
+
.env.production.postgresql
|
|
89
|
+
.mypy_baseline.json
|
|
90
|
+
|
|
91
|
+
# Test artifacts and reports
|
|
92
|
+
test_artifacts/
|
|
93
|
+
test-results/
|
|
94
|
+
test_results/
|
|
95
|
+
test_reports/
|
|
96
|
+
reports/memory/
|
|
97
|
+
reports/fagan/
|
|
98
|
+
reports/performance/
|
|
99
|
+
reports/qa/
|
|
100
|
+
reports/qa-crawl/*/
|
|
101
|
+
output/playwright/
|
|
102
|
+
test*.db
|
|
103
|
+
dump.rdb
|
|
104
|
+
|
|
105
|
+
# Large regenerable artifacts — build output, research dumps (never in git history)
|
|
106
|
+
superego-frontend/output/
|
|
107
|
+
research/fablereconstruction/
|
|
108
|
+
|
|
109
|
+
# SSL private material (never commit secrets)
|
|
110
|
+
ssl/*.key
|
|
111
|
+
ssl/*.srl
|
|
112
|
+
ssl/*.csr
|
|
113
|
+
|
|
114
|
+
# Temporary test files
|
|
115
|
+
test-*.html
|
|
116
|
+
test-*.js
|
|
117
|
+
test_*.html
|
|
118
|
+
test_*.js
|
|
119
|
+
|
|
120
|
+
# Report files in root (should be in reports/)
|
|
121
|
+
*_report*.json
|
|
122
|
+
*_report*.md
|
|
123
|
+
fagan*.json
|
|
124
|
+
memory_leak*.json
|
|
125
|
+
smart_memory*.json
|
|
126
|
+
security-scan*.json
|
|
127
|
+
# Re-assert env exclusions for nested paths
|
|
128
|
+
config/*.env
|
|
129
|
+
superego-frontend/.env*
|
|
130
|
+
!.env.example
|
|
131
|
+
!.env.template
|
|
132
|
+
!.env.staging.example
|
|
133
|
+
!superego-frontend/.env.example
|
|
134
|
+
data/sessions/superego.db
|
|
135
|
+
docs/UVC_CSM_EMOJI_DUMP.md
|
|
136
|
+
*.db
|
|
137
|
+
*.db-shm
|
|
138
|
+
*.db-wal
|
|
139
|
+
|
|
140
|
+
|
|
141
|
+
# Signing keys (never commit private key material)
|
|
142
|
+
*.key
|
|
143
|
+
data/constitutions/registry/.keys/signing.key
|
|
144
|
+
data/attestation_keys/*.pem
|
|
145
|
+
|
|
146
|
+
# Browser/session state
|
|
147
|
+
cookies.txt
|
|
148
|
+
**/cookies.txt
|
|
149
|
+
|
|
150
|
+
# Secrets directory (salts, encrypted keys — never commit)
|
|
151
|
+
data/secrets/
|
|
152
|
+
# Local JWT/encryption key material (finding #6: .secrets/jwt_secret has no .key suffix
|
|
153
|
+
# so *.key alone did not cover it). Rotate + untrack existing tracked copies separately.
|
|
154
|
+
.secrets/
|
|
155
|
+
|
|
156
|
+
# GPG keyring (contains private key)
|
|
157
|
+
data/keys/.gnupg/
|
|
158
|
+
.venv
|
|
159
|
+
.venv_check/
|
|
160
|
+
|
|
161
|
+
# Coverage reports
|
|
162
|
+
coverage.xml
|
|
163
|
+
|
|
164
|
+
# Test artifacts in registry
|
|
165
|
+
data/constitutions/registry/test_safety_*.json
|
|
166
|
+
|
|
167
|
+
# ML Model Cache
|
|
168
|
+
.cache/
|
|
169
|
+
# Hypothesis database (property-based testing)
|
|
170
|
+
.hypothesis/
|
|
171
|
+
.mcp.json
|
|
172
|
+
|
|
173
|
+
# Runtime data (not source code)
|
|
174
|
+
data/compliance_reports/
|
|
175
|
+
data/gdpr_trust_states.json
|
|
176
|
+
data/billing/dead_letters/
|
|
177
|
+
data/audit_logs/
|
|
178
|
+
services/data/audit_logs/
|
|
179
|
+
profiling_data/
|
|
180
|
+
memory/superego/welfare/
|
|
181
|
+
:memory:
|
|
182
|
+
|
|
183
|
+
# Flash Review Cache
|
|
184
|
+
.flash_findings.json
|
|
185
|
+
.flash_full_review_checkpoint.json
|
|
186
|
+
.review_for_claude.diff
|
|
187
|
+
reports/flash_full_review_*.json
|
|
188
|
+
reports/flash_full_review_*.md
|
|
189
|
+
reports/red_team_audit/
|
|
190
|
+
data/deployment_snapshots/snapshot_*/
|
|
191
|
+
archives/reports/untracked/
|
|
192
|
+
|
|
193
|
+
# Runtime audit logs (regenerated, can contain sensitive session metadata)
|
|
194
|
+
data/audit/*.jsonl
|
|
195
|
+
|
|
196
|
+
# Security audit reports (regenerable, large files)
|
|
197
|
+
archives/docs/security/security_audit_*.json
|
|
198
|
+
archives/docs/security/security_audit_*.txt
|
|
199
|
+
archives/docs/security/type_safety_report.json
|
|
200
|
+
**/security_audit_*.json
|
|
201
|
+
**/security_audit_*.txt
|
|
202
|
+
|
|
203
|
+
# Gitleaks and security scan reports (regenerable)
|
|
204
|
+
gitleaks-report.json
|
|
205
|
+
bandit_report.json
|
|
206
|
+
|
|
207
|
+
# UVC debug dumps (keep UVC_CSM_EMOJI_COMPLETE_DUMP.json - it's conversation history)
|
|
208
|
+
|
|
209
|
+
# Playwright MCP artifacts
|
|
210
|
+
.playwright-mcp/
|
|
211
|
+
|
|
212
|
+
# LibreOffice lock files
|
|
213
|
+
.~lock.*
|
|
214
|
+
|
|
215
|
+
# Claude Code agent execution logs
|
|
216
|
+
.code/agents/*/exec-call_*.txt
|
|
217
|
+
# Claude Code agent worktrees (isolated agent copies)
|
|
218
|
+
.claude/worktrees/
|
|
219
|
+
.flash_costs.json
|
|
220
|
+
|
|
221
|
+
# Large benchmark results (use Git LFS or external storage)
|
|
222
|
+
benchmarks/results/*.jsonl
|
|
223
|
+
logs/flash_review.log
|
|
224
|
+
|
|
225
|
+
# Archived audit logs (local reference only)
|
|
226
|
+
archives/audit_logs/
|
|
227
|
+
|
|
228
|
+
# Mutation Testing
|
|
229
|
+
reports/mutation/*.html
|
|
230
|
+
reports/mutation/*.json
|
|
231
|
+
reports/mutation/*.sqlite
|
|
232
|
+
reports/mutation/*.toml
|
|
233
|
+
superego-frontend/mutation-report/
|
|
234
|
+
superego-frontend/mutation-report.json
|
|
235
|
+
superego-frontend/.stryker-tmp/
|
|
236
|
+
superego-frontend/.stryker-tmp-*/
|
|
237
|
+
.stryker-tmp/
|
|
238
|
+
.stryker-tmp-*/
|
|
239
|
+
|
|
240
|
+
# Performance benchmark baselines
|
|
241
|
+
.benchmarks/
|
|
242
|
+
# Rust build artifacts
|
|
243
|
+
crates/*/target/
|
|
244
|
+
/target/
|
|
245
|
+
|
|
246
|
+
# Session diaries and retrospectives (PRIVATE - never commit)
|
|
247
|
+
memory/diary/
|
|
248
|
+
memory/retrospective/
|
|
249
|
+
scripts/test_api_keys.py
|
|
250
|
+
|
|
251
|
+
# Vector stores (too large for GitHub)
|
|
252
|
+
memory/vector_stores/
|
|
253
|
+
|
|
254
|
+
# Session transcript backups (local only)
|
|
255
|
+
memory/transcript_backups/
|
|
256
|
+
mettle-api/
|
|
257
|
+
|
|
258
|
+
# Screenshots (use archives/ or external storage)
|
|
259
|
+
*.png
|
|
260
|
+
*.jpg
|
|
261
|
+
*.jpeg
|
|
262
|
+
!superego-frontend/static/**/*.png
|
|
263
|
+
!superego-frontend/static/**/*.jpg
|
|
264
|
+
!docs/**/*.png
|
|
265
|
+
# public/ is the served static-asset dir — its brand images are deliberate app
|
|
266
|
+
# assets, not screenshots. Without this, *.png assets there 404 in every deploy
|
|
267
|
+
# (e.g. creed-logo.png → blank hero wave) while .webp siblings ship fine.
|
|
268
|
+
!superego-frontend/public/**/*.png
|
|
269
|
+
!superego-frontend/public/**/*.jpg
|
|
270
|
+
!superego-frontend/public/**/*.jpeg
|
|
271
|
+
~$lue Context Protocol MDPI I3D1.docx
|
|
272
|
+
|
|
273
|
+
# Runtime state (process IDs, lock files)
|
|
274
|
+
.backend.pid
|
|
275
|
+
.frontend.pid
|
|
276
|
+
.claude/scheduled_tasks.lock
|
|
277
|
+
|
|
278
|
+
# Playwright CLI local snapshots (distinct from .playwright-mcp)
|
|
279
|
+
.playwright-cli/
|
|
280
|
+
creed_guardian/models/
|
|
281
|
+
|
|
282
|
+
# Model weights (large binaries)
|
|
283
|
+
weights/
|
|
284
|
+
*.gguf
|
|
285
|
+
|
|
286
|
+
# Paper preparation scripts (moved to _papers/scripts/)
|
|
287
|
+
apply_i3d8_*.py
|
|
288
|
+
diag_*.py
|
|
289
|
+
fix_narrative*.py
|
|
290
|
+
restore_*.py
|
|
291
|
+
validate_docx.py
|
|
292
|
+
deep_validate.py
|
|
293
|
+
compare_structure.py
|
|
294
|
+
check_ordering.py
|
|
295
|
+
minimal_edit.py
|
|
296
|
+
test_repack.py
|
|
297
|
+
test_minimal_edit.py
|
|
298
|
+
diff_parts.py
|
|
299
|
+
probe_refs.py
|
|
300
|
+
strip_numpr_refs.py
|
|
301
|
+
find_*.py
|
|
302
|
+
|
|
303
|
+
# VCP concordance debug artifacts (binary, not source)
|
|
304
|
+
*.docx
|
|
305
|
+
|
|
306
|
+
# Fagan reports and audit artifacts
|
|
307
|
+
fagan_*.md
|
|
308
|
+
*_fagan_report*.md
|
|
309
|
+
*_audit_report*.md
|
|
310
|
+
|
|
311
|
+
# design-sync upload staging (regenerable; source of truth is the claude.ai/design project + .design-sync/)
|
|
312
|
+
ds-bundle/
|
|
313
|
+
fleet-server/target/
|
|
314
|
+
|
|
315
|
+
# freeze skill session config (per-checkout, not shared)
|
|
316
|
+
.claude/skills/freeze/.active-freeze.json
|
creed_cli/PKG-INFO
ADDED
|
@@ -0,0 +1,179 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: creed-space-cli
|
|
3
|
+
Version: 0.1.0
|
|
4
|
+
Summary: Creed Space CLI — validate creeds, constitutions, and VCP tokens
|
|
5
|
+
Project-URL: Homepage, https://valuecontextprotocol.org
|
|
6
|
+
Project-URL: Repository, https://github.com/Creed-Space/creedspace
|
|
7
|
+
Author-email: Creed Space <hello@creed.space>
|
|
8
|
+
License-Expression: Apache-2.0
|
|
9
|
+
Keywords: ai,alignment,cli,creed,ethics,safety,values,vcp
|
|
10
|
+
Classifier: Development Status :: 3 - Alpha
|
|
11
|
+
Classifier: Environment :: Console
|
|
12
|
+
Classifier: Intended Audience :: Developers
|
|
13
|
+
Classifier: License :: OSI Approved :: Apache Software License
|
|
14
|
+
Classifier: Programming Language :: Python :: 3
|
|
15
|
+
Classifier: Programming Language :: Python :: 3.10
|
|
16
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
17
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
18
|
+
Classifier: Programming Language :: Python :: 3.13
|
|
19
|
+
Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
|
|
20
|
+
Classifier: Topic :: Software Development :: Libraries :: Python Modules
|
|
21
|
+
Requires-Python: >=3.10
|
|
22
|
+
Requires-Dist: jsonschema>=4
|
|
23
|
+
Requires-Dist: pyyaml>=6
|
|
24
|
+
Requires-Dist: vcp-sdk>=0.3
|
|
25
|
+
Provides-Extra: guardian
|
|
26
|
+
Requires-Dist: creed-guardian>=2.0; extra == 'guardian'
|
|
27
|
+
Description-Content-Type: text/markdown
|
|
28
|
+
|
|
29
|
+
# creed-space-cli
|
|
30
|
+
|
|
31
|
+
`creed` is a command-line validator for [Creed Space](https://creed.space)
|
|
32
|
+
artifacts: **creeds**, **constitutions**, and **VCP** tokens. It runs locally and
|
|
33
|
+
in CI, needs no authentication, and speaks JSON for machine consumption. Think
|
|
34
|
+
`terraform validate` or `gh`, but for values declarations.
|
|
35
|
+
|
|
36
|
+
## Install
|
|
37
|
+
|
|
38
|
+
```bash
|
|
39
|
+
pip install creed-space-cli
|
|
40
|
+
|
|
41
|
+
# With the optional guardian passthrough (pulls in the creed-guardian runtime):
|
|
42
|
+
pip install creed-space-cli[guardian]
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
Requires Python 3.10+. Inside the Creed Space monorepo it is available as
|
|
46
|
+
`python -m creed_cli` (or `poetry run creed`) without a separate install; from
|
|
47
|
+
a source checkout, `pip install ./vcp-sdk-python ./creed_cli`.
|
|
48
|
+
|
|
49
|
+
## Command surface
|
|
50
|
+
|
|
51
|
+
```
|
|
52
|
+
creed --version
|
|
53
|
+
creed --help
|
|
54
|
+
creed validate <path|dir|string>... [--type auto|creed|constitution|vcp-lite|vcp-token|csm1]
|
|
55
|
+
[--format text|json] [--strict] [--quiet]
|
|
56
|
+
creed score <creed-file>... [--min-score N] [--format text|json]
|
|
57
|
+
creed vcp validate <token-or-file> # VCP token / CSM1 code / VCP-Lite JSON (auto-detected)
|
|
58
|
+
creed vcp parse <token-or-csm1> # pretty-print the parsed structure
|
|
59
|
+
creed constitution lint <path|dir>... [--format text|json]
|
|
60
|
+
creed guardian <argv...> # passthrough to the creed-guardian runtime
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
`validate` is the umbrella command. It auto-detects artifact type:
|
|
64
|
+
|
|
65
|
+
- `*.creed.md` / `*.creed` → **creed**
|
|
66
|
+
- `.json` / `.yaml` matching the constitution shape, or files under a
|
|
67
|
+
`constitutions/` directory → **constitution**
|
|
68
|
+
- `vcp:`-prefixed or CSM1-patterned strings, and `.vcp` files → **VCP**
|
|
69
|
+
|
|
70
|
+
Directories recurse over known extensions. Unknown inputs are reported as
|
|
71
|
+
`skipped` (and become findings under `--strict`). Pass `--type` to override
|
|
72
|
+
detection.
|
|
73
|
+
|
|
74
|
+
### Exit codes
|
|
75
|
+
|
|
76
|
+
Every command uses the same convention (also printed in `creed --help`):
|
|
77
|
+
|
|
78
|
+
| Code | Meaning |
|
|
79
|
+
|------|---------|
|
|
80
|
+
| `0` | all inputs valid |
|
|
81
|
+
| `1` | validation findings (at least one artifact failed) |
|
|
82
|
+
| `2` | usage error / missing input |
|
|
83
|
+
| `3` | internal error |
|
|
84
|
+
|
|
85
|
+
`creed guardian` **preserves the exit code** of the underlying `creed-guardian`
|
|
86
|
+
process, so guardian's own status codes propagate unchanged.
|
|
87
|
+
|
|
88
|
+
## JSON output contract
|
|
89
|
+
|
|
90
|
+
`--format json` emits a stable, versioned document (schema version `"1"`):
|
|
91
|
+
|
|
92
|
+
```json
|
|
93
|
+
{
|
|
94
|
+
"schema_version": "1",
|
|
95
|
+
"results": [
|
|
96
|
+
{
|
|
97
|
+
"path": "data/constitutions/_source/example.yaml",
|
|
98
|
+
"artifact_type": "constitution",
|
|
99
|
+
"status": "failed",
|
|
100
|
+
"findings": [
|
|
101
|
+
{"severity": "error", "code": "SCHEMA",
|
|
102
|
+
"message": "...", "location": "$.rules[3]"}
|
|
103
|
+
]
|
|
104
|
+
}
|
|
105
|
+
],
|
|
106
|
+
"summary": {"checked": 12, "passed": 11, "failed": 1, "skipped": 0}
|
|
107
|
+
}
|
|
108
|
+
```
|
|
109
|
+
|
|
110
|
+
- `status` is one of `passed`, `failed`, `skipped`.
|
|
111
|
+
- `severity` is `error` or `warning`; `code` is a stable machine token.
|
|
112
|
+
- Parse the top-level `summary` for a quick pass/fail count; drive gating logic
|
|
113
|
+
off the process exit code.
|
|
114
|
+
|
|
115
|
+
## Guardian passthrough
|
|
116
|
+
|
|
117
|
+
`creed guardian <argv...>` forwards every argument verbatim to the
|
|
118
|
+
[`creed-guardian`](https://pypi.org/project/creed-guardian/) runtime:
|
|
119
|
+
|
|
120
|
+
```bash
|
|
121
|
+
creed guardian --help # prints creed-guardian's help
|
|
122
|
+
creed guardian proxy --port 9090
|
|
123
|
+
creed guardian serve
|
|
124
|
+
creed guardian mcp
|
|
125
|
+
```
|
|
126
|
+
|
|
127
|
+
If `creed-guardian` is not installed, `creed guardian` prints an install hint
|
|
128
|
+
(`pip install creed-space-cli[guardian]`) and exits `2` rather than crashing.
|
|
129
|
+
|
|
130
|
+
## CI recipes
|
|
131
|
+
|
|
132
|
+
### GitHub Actions
|
|
133
|
+
|
|
134
|
+
```yaml
|
|
135
|
+
# .github/workflows/creed-validate.yml
|
|
136
|
+
name: creed validate
|
|
137
|
+
on: [push, pull_request]
|
|
138
|
+
|
|
139
|
+
jobs:
|
|
140
|
+
validate:
|
|
141
|
+
runs-on: ubuntu-latest
|
|
142
|
+
steps:
|
|
143
|
+
- uses: actions/checkout@v4
|
|
144
|
+
- uses: actions/setup-python@v5
|
|
145
|
+
with:
|
|
146
|
+
python-version: "3.12"
|
|
147
|
+
- run: pip install creed-space-cli
|
|
148
|
+
- name: Validate constitutions
|
|
149
|
+
run: creed constitution lint data/constitutions/_source --format json
|
|
150
|
+
- name: Gate creed quality
|
|
151
|
+
run: creed score creeds/*.creed.md --min-score 70
|
|
152
|
+
```
|
|
153
|
+
|
|
154
|
+
The step fails the job automatically when `creed` exits non-zero.
|
|
155
|
+
|
|
156
|
+
### pre-commit
|
|
157
|
+
|
|
158
|
+
```yaml
|
|
159
|
+
# .pre-commit-config.yaml
|
|
160
|
+
repos:
|
|
161
|
+
- repo: local
|
|
162
|
+
hooks:
|
|
163
|
+
- id: creed-validate
|
|
164
|
+
name: creed validate
|
|
165
|
+
entry: creed validate
|
|
166
|
+
language: python
|
|
167
|
+
additional_dependencies: ["creed-space-cli"]
|
|
168
|
+
files: '\.(creed\.md|creed)$|constitutions/.*\.(json|ya?ml)$'
|
|
169
|
+
pass_filenames: true
|
|
170
|
+
```
|
|
171
|
+
|
|
172
|
+
`pass_filenames: true` hands the staged, matching files to `creed validate`;
|
|
173
|
+
the commit is blocked when validation reports findings.
|
|
174
|
+
|
|
175
|
+
## Related
|
|
176
|
+
|
|
177
|
+
- `docs/CREED_CLI.md` — architecture and design overview.
|
|
178
|
+
- [Creed Guardian Quick Start](../docs/CREED_GUARDIAN_QUICKSTART.md) — the
|
|
179
|
+
local safety runtime behind `creed guardian`.
|
creed_cli/README.md
ADDED
|
@@ -0,0 +1,151 @@
|
|
|
1
|
+
# creed-space-cli
|
|
2
|
+
|
|
3
|
+
`creed` is a command-line validator for [Creed Space](https://creed.space)
|
|
4
|
+
artifacts: **creeds**, **constitutions**, and **VCP** tokens. It runs locally and
|
|
5
|
+
in CI, needs no authentication, and speaks JSON for machine consumption. Think
|
|
6
|
+
`terraform validate` or `gh`, but for values declarations.
|
|
7
|
+
|
|
8
|
+
## Install
|
|
9
|
+
|
|
10
|
+
```bash
|
|
11
|
+
pip install creed-space-cli
|
|
12
|
+
|
|
13
|
+
# With the optional guardian passthrough (pulls in the creed-guardian runtime):
|
|
14
|
+
pip install creed-space-cli[guardian]
|
|
15
|
+
```
|
|
16
|
+
|
|
17
|
+
Requires Python 3.10+. Inside the Creed Space monorepo it is available as
|
|
18
|
+
`python -m creed_cli` (or `poetry run creed`) without a separate install; from
|
|
19
|
+
a source checkout, `pip install ./vcp-sdk-python ./creed_cli`.
|
|
20
|
+
|
|
21
|
+
## Command surface
|
|
22
|
+
|
|
23
|
+
```
|
|
24
|
+
creed --version
|
|
25
|
+
creed --help
|
|
26
|
+
creed validate <path|dir|string>... [--type auto|creed|constitution|vcp-lite|vcp-token|csm1]
|
|
27
|
+
[--format text|json] [--strict] [--quiet]
|
|
28
|
+
creed score <creed-file>... [--min-score N] [--format text|json]
|
|
29
|
+
creed vcp validate <token-or-file> # VCP token / CSM1 code / VCP-Lite JSON (auto-detected)
|
|
30
|
+
creed vcp parse <token-or-csm1> # pretty-print the parsed structure
|
|
31
|
+
creed constitution lint <path|dir>... [--format text|json]
|
|
32
|
+
creed guardian <argv...> # passthrough to the creed-guardian runtime
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
`validate` is the umbrella command. It auto-detects artifact type:
|
|
36
|
+
|
|
37
|
+
- `*.creed.md` / `*.creed` → **creed**
|
|
38
|
+
- `.json` / `.yaml` matching the constitution shape, or files under a
|
|
39
|
+
`constitutions/` directory → **constitution**
|
|
40
|
+
- `vcp:`-prefixed or CSM1-patterned strings, and `.vcp` files → **VCP**
|
|
41
|
+
|
|
42
|
+
Directories recurse over known extensions. Unknown inputs are reported as
|
|
43
|
+
`skipped` (and become findings under `--strict`). Pass `--type` to override
|
|
44
|
+
detection.
|
|
45
|
+
|
|
46
|
+
### Exit codes
|
|
47
|
+
|
|
48
|
+
Every command uses the same convention (also printed in `creed --help`):
|
|
49
|
+
|
|
50
|
+
| Code | Meaning |
|
|
51
|
+
|------|---------|
|
|
52
|
+
| `0` | all inputs valid |
|
|
53
|
+
| `1` | validation findings (at least one artifact failed) |
|
|
54
|
+
| `2` | usage error / missing input |
|
|
55
|
+
| `3` | internal error |
|
|
56
|
+
|
|
57
|
+
`creed guardian` **preserves the exit code** of the underlying `creed-guardian`
|
|
58
|
+
process, so guardian's own status codes propagate unchanged.
|
|
59
|
+
|
|
60
|
+
## JSON output contract
|
|
61
|
+
|
|
62
|
+
`--format json` emits a stable, versioned document (schema version `"1"`):
|
|
63
|
+
|
|
64
|
+
```json
|
|
65
|
+
{
|
|
66
|
+
"schema_version": "1",
|
|
67
|
+
"results": [
|
|
68
|
+
{
|
|
69
|
+
"path": "data/constitutions/_source/example.yaml",
|
|
70
|
+
"artifact_type": "constitution",
|
|
71
|
+
"status": "failed",
|
|
72
|
+
"findings": [
|
|
73
|
+
{"severity": "error", "code": "SCHEMA",
|
|
74
|
+
"message": "...", "location": "$.rules[3]"}
|
|
75
|
+
]
|
|
76
|
+
}
|
|
77
|
+
],
|
|
78
|
+
"summary": {"checked": 12, "passed": 11, "failed": 1, "skipped": 0}
|
|
79
|
+
}
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
- `status` is one of `passed`, `failed`, `skipped`.
|
|
83
|
+
- `severity` is `error` or `warning`; `code` is a stable machine token.
|
|
84
|
+
- Parse the top-level `summary` for a quick pass/fail count; drive gating logic
|
|
85
|
+
off the process exit code.
|
|
86
|
+
|
|
87
|
+
## Guardian passthrough
|
|
88
|
+
|
|
89
|
+
`creed guardian <argv...>` forwards every argument verbatim to the
|
|
90
|
+
[`creed-guardian`](https://pypi.org/project/creed-guardian/) runtime:
|
|
91
|
+
|
|
92
|
+
```bash
|
|
93
|
+
creed guardian --help # prints creed-guardian's help
|
|
94
|
+
creed guardian proxy --port 9090
|
|
95
|
+
creed guardian serve
|
|
96
|
+
creed guardian mcp
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
If `creed-guardian` is not installed, `creed guardian` prints an install hint
|
|
100
|
+
(`pip install creed-space-cli[guardian]`) and exits `2` rather than crashing.
|
|
101
|
+
|
|
102
|
+
## CI recipes
|
|
103
|
+
|
|
104
|
+
### GitHub Actions
|
|
105
|
+
|
|
106
|
+
```yaml
|
|
107
|
+
# .github/workflows/creed-validate.yml
|
|
108
|
+
name: creed validate
|
|
109
|
+
on: [push, pull_request]
|
|
110
|
+
|
|
111
|
+
jobs:
|
|
112
|
+
validate:
|
|
113
|
+
runs-on: ubuntu-latest
|
|
114
|
+
steps:
|
|
115
|
+
- uses: actions/checkout@v4
|
|
116
|
+
- uses: actions/setup-python@v5
|
|
117
|
+
with:
|
|
118
|
+
python-version: "3.12"
|
|
119
|
+
- run: pip install creed-space-cli
|
|
120
|
+
- name: Validate constitutions
|
|
121
|
+
run: creed constitution lint data/constitutions/_source --format json
|
|
122
|
+
- name: Gate creed quality
|
|
123
|
+
run: creed score creeds/*.creed.md --min-score 70
|
|
124
|
+
```
|
|
125
|
+
|
|
126
|
+
The step fails the job automatically when `creed` exits non-zero.
|
|
127
|
+
|
|
128
|
+
### pre-commit
|
|
129
|
+
|
|
130
|
+
```yaml
|
|
131
|
+
# .pre-commit-config.yaml
|
|
132
|
+
repos:
|
|
133
|
+
- repo: local
|
|
134
|
+
hooks:
|
|
135
|
+
- id: creed-validate
|
|
136
|
+
name: creed validate
|
|
137
|
+
entry: creed validate
|
|
138
|
+
language: python
|
|
139
|
+
additional_dependencies: ["creed-space-cli"]
|
|
140
|
+
files: '\.(creed\.md|creed)$|constitutions/.*\.(json|ya?ml)$'
|
|
141
|
+
pass_filenames: true
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
`pass_filenames: true` hands the staged, matching files to `creed validate`;
|
|
145
|
+
the commit is blocked when validation reports findings.
|
|
146
|
+
|
|
147
|
+
## Related
|
|
148
|
+
|
|
149
|
+
- `docs/CREED_CLI.md` — architecture and design overview.
|
|
150
|
+
- [Creed Guardian Quick Start](../docs/CREED_GUARDIAN_QUICKSTART.md) — the
|
|
151
|
+
local safety runtime behind `creed guardian`.
|
creed_cli/__init__.py
ADDED
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
"""Creed Space command-line interface (``creed``).
|
|
2
|
+
|
|
3
|
+
A lint-style validator for creeds, constitutions, and VCP tokens. Runs locally
|
|
4
|
+
and in CI with no auth. See :mod:`creed_cli.main` for the command surface and
|
|
5
|
+
exit-code contract.
|
|
6
|
+
"""
|
|
7
|
+
|
|
8
|
+
__version__ = "0.1.0"
|
creed_cli/__main__.py
ADDED
|
File without changes
|