creed-space-cli 0.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
creed_cli/.gitignore ADDED
@@ -0,0 +1,316 @@
1
+ # Local per-collaborator overrides (top of Scope Hierarchy; must not be committed)
2
+ CLAUDE.local.md
3
+
4
+ # Build artifacts
5
+ bin/creed-crypto
6
+
7
+ # Dependencies
8
+ node_modules
9
+ node_modules/
10
+ .pnp
11
+ .pnp.js
12
+ venv/
13
+ __pycache__/
14
+ *.pyc
15
+ *.pyo
16
+ *.pyd
17
+ .Python
18
+ .mypy_cache/
19
+ env/
20
+ build/
21
+ dist/
22
+ *.egg-info/
23
+
24
+ # Testing
25
+ coverage/
26
+ *.lcov
27
+ .nyc_output
28
+ .coverage
29
+ .coverage.*
30
+ htmlcov/
31
+ .pytest_cache/
32
+
33
+ # Production
34
+ /build
35
+ /dist
36
+ */dist
37
+ */build
38
+
39
+ # SvelteKit build artifacts
40
+ .svelte-kit/
41
+ */.svelte-kit/
42
+
43
+ # Logs and output files
44
+ logs
45
+ *.log
46
+ *.out
47
+
48
+ # Backup files
49
+ *.bak
50
+ *.backup
51
+ *.old
52
+ npm-debug.log*
53
+ yarn-debug.log*
54
+ yarn-error.log*
55
+ pnpm-debug.log*
56
+ lerna-debug.log*
57
+
58
+ # Environment (comprehensive — covers .env, .env.*, and *.env)
59
+ .env
60
+ .env.*
61
+ *.env
62
+
63
+ # IDE
64
+ .vscode/*
65
+ !.vscode/extensions.json
66
+ !.vscode/settings.json.example
67
+ .idea
68
+ *.swp
69
+ *.swo
70
+ *~
71
+ .DS_Store
72
+ # macOS AppleDouble sidecars and archive metadata (non-UTF-8; crash py scans)
73
+ ._*
74
+ __MACOSX/
75
+
76
+ # Turborepo
77
+ .turbo
78
+
79
+ # Changesets
80
+ .changeset/
81
+
82
+ # Temporary
83
+ tmp/
84
+ temp/
85
+ *.tmp
86
+
87
+ # Production PostgreSQL configuration
88
+ .env.production.postgresql
89
+ .mypy_baseline.json
90
+
91
+ # Test artifacts and reports
92
+ test_artifacts/
93
+ test-results/
94
+ test_results/
95
+ test_reports/
96
+ reports/memory/
97
+ reports/fagan/
98
+ reports/performance/
99
+ reports/qa/
100
+ reports/qa-crawl/*/
101
+ output/playwright/
102
+ test*.db
103
+ dump.rdb
104
+
105
+ # Large regenerable artifacts — build output, research dumps (never in git history)
106
+ superego-frontend/output/
107
+ research/fablereconstruction/
108
+
109
+ # SSL private material (never commit secrets)
110
+ ssl/*.key
111
+ ssl/*.srl
112
+ ssl/*.csr
113
+
114
+ # Temporary test files
115
+ test-*.html
116
+ test-*.js
117
+ test_*.html
118
+ test_*.js
119
+
120
+ # Report files in root (should be in reports/)
121
+ *_report*.json
122
+ *_report*.md
123
+ fagan*.json
124
+ memory_leak*.json
125
+ smart_memory*.json
126
+ security-scan*.json
127
+ # Re-assert env exclusions for nested paths
128
+ config/*.env
129
+ superego-frontend/.env*
130
+ !.env.example
131
+ !.env.template
132
+ !.env.staging.example
133
+ !superego-frontend/.env.example
134
+ data/sessions/superego.db
135
+ docs/UVC_CSM_EMOJI_DUMP.md
136
+ *.db
137
+ *.db-shm
138
+ *.db-wal
139
+
140
+
141
+ # Signing keys (never commit private key material)
142
+ *.key
143
+ data/constitutions/registry/.keys/signing.key
144
+ data/attestation_keys/*.pem
145
+
146
+ # Browser/session state
147
+ cookies.txt
148
+ **/cookies.txt
149
+
150
+ # Secrets directory (salts, encrypted keys — never commit)
151
+ data/secrets/
152
+ # Local JWT/encryption key material (finding #6: .secrets/jwt_secret has no .key suffix
153
+ # so *.key alone did not cover it). Rotate + untrack existing tracked copies separately.
154
+ .secrets/
155
+
156
+ # GPG keyring (contains private key)
157
+ data/keys/.gnupg/
158
+ .venv
159
+ .venv_check/
160
+
161
+ # Coverage reports
162
+ coverage.xml
163
+
164
+ # Test artifacts in registry
165
+ data/constitutions/registry/test_safety_*.json
166
+
167
+ # ML Model Cache
168
+ .cache/
169
+ # Hypothesis database (property-based testing)
170
+ .hypothesis/
171
+ .mcp.json
172
+
173
+ # Runtime data (not source code)
174
+ data/compliance_reports/
175
+ data/gdpr_trust_states.json
176
+ data/billing/dead_letters/
177
+ data/audit_logs/
178
+ services/data/audit_logs/
179
+ profiling_data/
180
+ memory/superego/welfare/
181
+ :memory:
182
+
183
+ # Flash Review Cache
184
+ .flash_findings.json
185
+ .flash_full_review_checkpoint.json
186
+ .review_for_claude.diff
187
+ reports/flash_full_review_*.json
188
+ reports/flash_full_review_*.md
189
+ reports/red_team_audit/
190
+ data/deployment_snapshots/snapshot_*/
191
+ archives/reports/untracked/
192
+
193
+ # Runtime audit logs (regenerated, can contain sensitive session metadata)
194
+ data/audit/*.jsonl
195
+
196
+ # Security audit reports (regenerable, large files)
197
+ archives/docs/security/security_audit_*.json
198
+ archives/docs/security/security_audit_*.txt
199
+ archives/docs/security/type_safety_report.json
200
+ **/security_audit_*.json
201
+ **/security_audit_*.txt
202
+
203
+ # Gitleaks and security scan reports (regenerable)
204
+ gitleaks-report.json
205
+ bandit_report.json
206
+
207
+ # UVC debug dumps (keep UVC_CSM_EMOJI_COMPLETE_DUMP.json - it's conversation history)
208
+
209
+ # Playwright MCP artifacts
210
+ .playwright-mcp/
211
+
212
+ # LibreOffice lock files
213
+ .~lock.*
214
+
215
+ # Claude Code agent execution logs
216
+ .code/agents/*/exec-call_*.txt
217
+ # Claude Code agent worktrees (isolated agent copies)
218
+ .claude/worktrees/
219
+ .flash_costs.json
220
+
221
+ # Large benchmark results (use Git LFS or external storage)
222
+ benchmarks/results/*.jsonl
223
+ logs/flash_review.log
224
+
225
+ # Archived audit logs (local reference only)
226
+ archives/audit_logs/
227
+
228
+ # Mutation Testing
229
+ reports/mutation/*.html
230
+ reports/mutation/*.json
231
+ reports/mutation/*.sqlite
232
+ reports/mutation/*.toml
233
+ superego-frontend/mutation-report/
234
+ superego-frontend/mutation-report.json
235
+ superego-frontend/.stryker-tmp/
236
+ superego-frontend/.stryker-tmp-*/
237
+ .stryker-tmp/
238
+ .stryker-tmp-*/
239
+
240
+ # Performance benchmark baselines
241
+ .benchmarks/
242
+ # Rust build artifacts
243
+ crates/*/target/
244
+ /target/
245
+
246
+ # Session diaries and retrospectives (PRIVATE - never commit)
247
+ memory/diary/
248
+ memory/retrospective/
249
+ scripts/test_api_keys.py
250
+
251
+ # Vector stores (too large for GitHub)
252
+ memory/vector_stores/
253
+
254
+ # Session transcript backups (local only)
255
+ memory/transcript_backups/
256
+ mettle-api/
257
+
258
+ # Screenshots (use archives/ or external storage)
259
+ *.png
260
+ *.jpg
261
+ *.jpeg
262
+ !superego-frontend/static/**/*.png
263
+ !superego-frontend/static/**/*.jpg
264
+ !docs/**/*.png
265
+ # public/ is the served static-asset dir — its brand images are deliberate app
266
+ # assets, not screenshots. Without this, *.png assets there 404 in every deploy
267
+ # (e.g. creed-logo.png → blank hero wave) while .webp siblings ship fine.
268
+ !superego-frontend/public/**/*.png
269
+ !superego-frontend/public/**/*.jpg
270
+ !superego-frontend/public/**/*.jpeg
271
+ ~$lue Context Protocol MDPI I3D1.docx
272
+
273
+ # Runtime state (process IDs, lock files)
274
+ .backend.pid
275
+ .frontend.pid
276
+ .claude/scheduled_tasks.lock
277
+
278
+ # Playwright CLI local snapshots (distinct from .playwright-mcp)
279
+ .playwright-cli/
280
+ creed_guardian/models/
281
+
282
+ # Model weights (large binaries)
283
+ weights/
284
+ *.gguf
285
+
286
+ # Paper preparation scripts (moved to _papers/scripts/)
287
+ apply_i3d8_*.py
288
+ diag_*.py
289
+ fix_narrative*.py
290
+ restore_*.py
291
+ validate_docx.py
292
+ deep_validate.py
293
+ compare_structure.py
294
+ check_ordering.py
295
+ minimal_edit.py
296
+ test_repack.py
297
+ test_minimal_edit.py
298
+ diff_parts.py
299
+ probe_refs.py
300
+ strip_numpr_refs.py
301
+ find_*.py
302
+
303
+ # VCP concordance debug artifacts (binary, not source)
304
+ *.docx
305
+
306
+ # Fagan reports and audit artifacts
307
+ fagan_*.md
308
+ *_fagan_report*.md
309
+ *_audit_report*.md
310
+
311
+ # design-sync upload staging (regenerable; source of truth is the claude.ai/design project + .design-sync/)
312
+ ds-bundle/
313
+ fleet-server/target/
314
+
315
+ # freeze skill session config (per-checkout, not shared)
316
+ .claude/skills/freeze/.active-freeze.json
creed_cli/PKG-INFO ADDED
@@ -0,0 +1,179 @@
1
+ Metadata-Version: 2.4
2
+ Name: creed-space-cli
3
+ Version: 0.1.0
4
+ Summary: Creed Space CLI — validate creeds, constitutions, and VCP tokens
5
+ Project-URL: Homepage, https://valuecontextprotocol.org
6
+ Project-URL: Repository, https://github.com/Creed-Space/creedspace
7
+ Author-email: Creed Space <hello@creed.space>
8
+ License-Expression: Apache-2.0
9
+ Keywords: ai,alignment,cli,creed,ethics,safety,values,vcp
10
+ Classifier: Development Status :: 3 - Alpha
11
+ Classifier: Environment :: Console
12
+ Classifier: Intended Audience :: Developers
13
+ Classifier: License :: OSI Approved :: Apache Software License
14
+ Classifier: Programming Language :: Python :: 3
15
+ Classifier: Programming Language :: Python :: 3.10
16
+ Classifier: Programming Language :: Python :: 3.11
17
+ Classifier: Programming Language :: Python :: 3.12
18
+ Classifier: Programming Language :: Python :: 3.13
19
+ Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
20
+ Classifier: Topic :: Software Development :: Libraries :: Python Modules
21
+ Requires-Python: >=3.10
22
+ Requires-Dist: jsonschema>=4
23
+ Requires-Dist: pyyaml>=6
24
+ Requires-Dist: vcp-sdk>=0.3
25
+ Provides-Extra: guardian
26
+ Requires-Dist: creed-guardian>=2.0; extra == 'guardian'
27
+ Description-Content-Type: text/markdown
28
+
29
+ # creed-space-cli
30
+
31
+ `creed` is a command-line validator for [Creed Space](https://creed.space)
32
+ artifacts: **creeds**, **constitutions**, and **VCP** tokens. It runs locally and
33
+ in CI, needs no authentication, and speaks JSON for machine consumption. Think
34
+ `terraform validate` or `gh`, but for values declarations.
35
+
36
+ ## Install
37
+
38
+ ```bash
39
+ pip install creed-space-cli
40
+
41
+ # With the optional guardian passthrough (pulls in the creed-guardian runtime):
42
+ pip install creed-space-cli[guardian]
43
+ ```
44
+
45
+ Requires Python 3.10+. Inside the Creed Space monorepo it is available as
46
+ `python -m creed_cli` (or `poetry run creed`) without a separate install; from
47
+ a source checkout, `pip install ./vcp-sdk-python ./creed_cli`.
48
+
49
+ ## Command surface
50
+
51
+ ```
52
+ creed --version
53
+ creed --help
54
+ creed validate <path|dir|string>... [--type auto|creed|constitution|vcp-lite|vcp-token|csm1]
55
+ [--format text|json] [--strict] [--quiet]
56
+ creed score <creed-file>... [--min-score N] [--format text|json]
57
+ creed vcp validate <token-or-file> # VCP token / CSM1 code / VCP-Lite JSON (auto-detected)
58
+ creed vcp parse <token-or-csm1> # pretty-print the parsed structure
59
+ creed constitution lint <path|dir>... [--format text|json]
60
+ creed guardian <argv...> # passthrough to the creed-guardian runtime
61
+ ```
62
+
63
+ `validate` is the umbrella command. It auto-detects artifact type:
64
+
65
+ - `*.creed.md` / `*.creed` → **creed**
66
+ - `.json` / `.yaml` matching the constitution shape, or files under a
67
+ `constitutions/` directory → **constitution**
68
+ - `vcp:`-prefixed or CSM1-patterned strings, and `.vcp` files → **VCP**
69
+
70
+ Directories recurse over known extensions. Unknown inputs are reported as
71
+ `skipped` (and become findings under `--strict`). Pass `--type` to override
72
+ detection.
73
+
74
+ ### Exit codes
75
+
76
+ Every command uses the same convention (also printed in `creed --help`):
77
+
78
+ | Code | Meaning |
79
+ |------|---------|
80
+ | `0` | all inputs valid |
81
+ | `1` | validation findings (at least one artifact failed) |
82
+ | `2` | usage error / missing input |
83
+ | `3` | internal error |
84
+
85
+ `creed guardian` **preserves the exit code** of the underlying `creed-guardian`
86
+ process, so guardian's own status codes propagate unchanged.
87
+
88
+ ## JSON output contract
89
+
90
+ `--format json` emits a stable, versioned document (schema version `"1"`):
91
+
92
+ ```json
93
+ {
94
+ "schema_version": "1",
95
+ "results": [
96
+ {
97
+ "path": "data/constitutions/_source/example.yaml",
98
+ "artifact_type": "constitution",
99
+ "status": "failed",
100
+ "findings": [
101
+ {"severity": "error", "code": "SCHEMA",
102
+ "message": "...", "location": "$.rules[3]"}
103
+ ]
104
+ }
105
+ ],
106
+ "summary": {"checked": 12, "passed": 11, "failed": 1, "skipped": 0}
107
+ }
108
+ ```
109
+
110
+ - `status` is one of `passed`, `failed`, `skipped`.
111
+ - `severity` is `error` or `warning`; `code` is a stable machine token.
112
+ - Parse the top-level `summary` for a quick pass/fail count; drive gating logic
113
+ off the process exit code.
114
+
115
+ ## Guardian passthrough
116
+
117
+ `creed guardian <argv...>` forwards every argument verbatim to the
118
+ [`creed-guardian`](https://pypi.org/project/creed-guardian/) runtime:
119
+
120
+ ```bash
121
+ creed guardian --help # prints creed-guardian's help
122
+ creed guardian proxy --port 9090
123
+ creed guardian serve
124
+ creed guardian mcp
125
+ ```
126
+
127
+ If `creed-guardian` is not installed, `creed guardian` prints an install hint
128
+ (`pip install creed-space-cli[guardian]`) and exits `2` rather than crashing.
129
+
130
+ ## CI recipes
131
+
132
+ ### GitHub Actions
133
+
134
+ ```yaml
135
+ # .github/workflows/creed-validate.yml
136
+ name: creed validate
137
+ on: [push, pull_request]
138
+
139
+ jobs:
140
+ validate:
141
+ runs-on: ubuntu-latest
142
+ steps:
143
+ - uses: actions/checkout@v4
144
+ - uses: actions/setup-python@v5
145
+ with:
146
+ python-version: "3.12"
147
+ - run: pip install creed-space-cli
148
+ - name: Validate constitutions
149
+ run: creed constitution lint data/constitutions/_source --format json
150
+ - name: Gate creed quality
151
+ run: creed score creeds/*.creed.md --min-score 70
152
+ ```
153
+
154
+ The step fails the job automatically when `creed` exits non-zero.
155
+
156
+ ### pre-commit
157
+
158
+ ```yaml
159
+ # .pre-commit-config.yaml
160
+ repos:
161
+ - repo: local
162
+ hooks:
163
+ - id: creed-validate
164
+ name: creed validate
165
+ entry: creed validate
166
+ language: python
167
+ additional_dependencies: ["creed-space-cli"]
168
+ files: '\.(creed\.md|creed)$|constitutions/.*\.(json|ya?ml)$'
169
+ pass_filenames: true
170
+ ```
171
+
172
+ `pass_filenames: true` hands the staged, matching files to `creed validate`;
173
+ the commit is blocked when validation reports findings.
174
+
175
+ ## Related
176
+
177
+ - `docs/CREED_CLI.md` — architecture and design overview.
178
+ - [Creed Guardian Quick Start](../docs/CREED_GUARDIAN_QUICKSTART.md) — the
179
+ local safety runtime behind `creed guardian`.
creed_cli/README.md ADDED
@@ -0,0 +1,151 @@
1
+ # creed-space-cli
2
+
3
+ `creed` is a command-line validator for [Creed Space](https://creed.space)
4
+ artifacts: **creeds**, **constitutions**, and **VCP** tokens. It runs locally and
5
+ in CI, needs no authentication, and speaks JSON for machine consumption. Think
6
+ `terraform validate` or `gh`, but for values declarations.
7
+
8
+ ## Install
9
+
10
+ ```bash
11
+ pip install creed-space-cli
12
+
13
+ # With the optional guardian passthrough (pulls in the creed-guardian runtime):
14
+ pip install creed-space-cli[guardian]
15
+ ```
16
+
17
+ Requires Python 3.10+. Inside the Creed Space monorepo it is available as
18
+ `python -m creed_cli` (or `poetry run creed`) without a separate install; from
19
+ a source checkout, `pip install ./vcp-sdk-python ./creed_cli`.
20
+
21
+ ## Command surface
22
+
23
+ ```
24
+ creed --version
25
+ creed --help
26
+ creed validate <path|dir|string>... [--type auto|creed|constitution|vcp-lite|vcp-token|csm1]
27
+ [--format text|json] [--strict] [--quiet]
28
+ creed score <creed-file>... [--min-score N] [--format text|json]
29
+ creed vcp validate <token-or-file> # VCP token / CSM1 code / VCP-Lite JSON (auto-detected)
30
+ creed vcp parse <token-or-csm1> # pretty-print the parsed structure
31
+ creed constitution lint <path|dir>... [--format text|json]
32
+ creed guardian <argv...> # passthrough to the creed-guardian runtime
33
+ ```
34
+
35
+ `validate` is the umbrella command. It auto-detects artifact type:
36
+
37
+ - `*.creed.md` / `*.creed` → **creed**
38
+ - `.json` / `.yaml` matching the constitution shape, or files under a
39
+ `constitutions/` directory → **constitution**
40
+ - `vcp:`-prefixed or CSM1-patterned strings, and `.vcp` files → **VCP**
41
+
42
+ Directories recurse over known extensions. Unknown inputs are reported as
43
+ `skipped` (and become findings under `--strict`). Pass `--type` to override
44
+ detection.
45
+
46
+ ### Exit codes
47
+
48
+ Every command uses the same convention (also printed in `creed --help`):
49
+
50
+ | Code | Meaning |
51
+ |------|---------|
52
+ | `0` | all inputs valid |
53
+ | `1` | validation findings (at least one artifact failed) |
54
+ | `2` | usage error / missing input |
55
+ | `3` | internal error |
56
+
57
+ `creed guardian` **preserves the exit code** of the underlying `creed-guardian`
58
+ process, so guardian's own status codes propagate unchanged.
59
+
60
+ ## JSON output contract
61
+
62
+ `--format json` emits a stable, versioned document (schema version `"1"`):
63
+
64
+ ```json
65
+ {
66
+ "schema_version": "1",
67
+ "results": [
68
+ {
69
+ "path": "data/constitutions/_source/example.yaml",
70
+ "artifact_type": "constitution",
71
+ "status": "failed",
72
+ "findings": [
73
+ {"severity": "error", "code": "SCHEMA",
74
+ "message": "...", "location": "$.rules[3]"}
75
+ ]
76
+ }
77
+ ],
78
+ "summary": {"checked": 12, "passed": 11, "failed": 1, "skipped": 0}
79
+ }
80
+ ```
81
+
82
+ - `status` is one of `passed`, `failed`, `skipped`.
83
+ - `severity` is `error` or `warning`; `code` is a stable machine token.
84
+ - Parse the top-level `summary` for a quick pass/fail count; drive gating logic
85
+ off the process exit code.
86
+
87
+ ## Guardian passthrough
88
+
89
+ `creed guardian <argv...>` forwards every argument verbatim to the
90
+ [`creed-guardian`](https://pypi.org/project/creed-guardian/) runtime:
91
+
92
+ ```bash
93
+ creed guardian --help # prints creed-guardian's help
94
+ creed guardian proxy --port 9090
95
+ creed guardian serve
96
+ creed guardian mcp
97
+ ```
98
+
99
+ If `creed-guardian` is not installed, `creed guardian` prints an install hint
100
+ (`pip install creed-space-cli[guardian]`) and exits `2` rather than crashing.
101
+
102
+ ## CI recipes
103
+
104
+ ### GitHub Actions
105
+
106
+ ```yaml
107
+ # .github/workflows/creed-validate.yml
108
+ name: creed validate
109
+ on: [push, pull_request]
110
+
111
+ jobs:
112
+ validate:
113
+ runs-on: ubuntu-latest
114
+ steps:
115
+ - uses: actions/checkout@v4
116
+ - uses: actions/setup-python@v5
117
+ with:
118
+ python-version: "3.12"
119
+ - run: pip install creed-space-cli
120
+ - name: Validate constitutions
121
+ run: creed constitution lint data/constitutions/_source --format json
122
+ - name: Gate creed quality
123
+ run: creed score creeds/*.creed.md --min-score 70
124
+ ```
125
+
126
+ The step fails the job automatically when `creed` exits non-zero.
127
+
128
+ ### pre-commit
129
+
130
+ ```yaml
131
+ # .pre-commit-config.yaml
132
+ repos:
133
+ - repo: local
134
+ hooks:
135
+ - id: creed-validate
136
+ name: creed validate
137
+ entry: creed validate
138
+ language: python
139
+ additional_dependencies: ["creed-space-cli"]
140
+ files: '\.(creed\.md|creed)$|constitutions/.*\.(json|ya?ml)$'
141
+ pass_filenames: true
142
+ ```
143
+
144
+ `pass_filenames: true` hands the staged, matching files to `creed validate`;
145
+ the commit is blocked when validation reports findings.
146
+
147
+ ## Related
148
+
149
+ - `docs/CREED_CLI.md` — architecture and design overview.
150
+ - [Creed Guardian Quick Start](../docs/CREED_GUARDIAN_QUICKSTART.md) — the
151
+ local safety runtime behind `creed guardian`.
creed_cli/__init__.py ADDED
@@ -0,0 +1,8 @@
1
+ """Creed Space command-line interface (``creed``).
2
+
3
+ A lint-style validator for creeds, constitutions, and VCP tokens. Runs locally
4
+ and in CI with no auth. See :mod:`creed_cli.main` for the command surface and
5
+ exit-code contract.
6
+ """
7
+
8
+ __version__ = "0.1.0"
creed_cli/__main__.py ADDED
@@ -0,0 +1,8 @@
1
+ """Enable ``python -m creed_cli``."""
2
+
3
+ import sys
4
+
5
+ from creed_cli.main import main
6
+
7
+ if __name__ == "__main__":
8
+ sys.exit(main())
File without changes