examples/

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

Links

Open Source Insights

README ¶

cli-guard examples

Each subdirectory is a self-contained urfave/cli app that exercises one feature of cli-guard end-to-end. Every example writes its audit rows somewhere under $TMPDIR so nothing pollutes the working directory.

Example	Demonstrates
`audit/`	The foundation. `audit.NewWriter` + `verb.Wrap` produce one JSONL row per invocation.
`passthrough/`	Wrap an existing binary (`echo`) as an audited urfave subcommand via `passthrough.Command`.
`policy/`	`policy.ValidateArgSlice` rejecting argv with shell metacharacters.
`scope/`	`scope.Resolve` mapping `--commit-scope=auto` to a git toplevel.
`gittree/`	`gittree.CheckClean` refusing a verb on a dirty tree.
`repocfg/`	Per-repo verb allowlist loaded from `.coily/coily.yaml`.
`exitcode/`	The public exit-code taxonomy for orchestrators.
`egress/`	Per-invocation CONNECT proxy with an allowlist (used by `passthrough.WithEgress`).

Every feature is built on top of audit. The other examples wire audit in implicitly via verb.Wrap or passthrough.Command; the audit/ example is the bare-minimum case.

Running

From the cli-guard root:

go run ./examples/audit hello world
go run ./examples/passthrough -- echo hello
go run ./examples/policy unsafe 'foo; rm -rf /'
go run ./examples/scope where
go run ./examples/gittree build
cd examples/repocfg && go run . list && cd -
go run ./examples/exitcode policy ; echo "exit: $?"
go run ./examples/egress allowed

Reading order

If you are new to cli-guard, read in this order:

audit/ - the minimum useful program
policy/ - what cli-guard refuses by default
scope/ - how audit rows bind to git history
passthrough/ - the most common production usage
exitcode/ - the contract with orchestrators
gittree/ and repocfg/ - the repo-verb pattern
egress/ - the network-layer gate (advanced)

Directories ¶

Path	Synopsis
audit Command demo is a tiny urfave/cli v3 application that exercises the cli-guard framework primitives.	Command demo is a tiny urfave/cli v3 application that exercises the cli-guard framework primitives.
dispatch Command dispatch demonstrates wiring the cli-guard dispatch subsystem into a host CLI.	Command dispatch demonstrates wiring the cli-guard dispatch subsystem into a host CLI.
egress Command egress demonstrates the per-invocation CONNECT proxy with a pinned allowlist.	Command egress demonstrates the per-invocation CONNECT proxy with a pinned allowlist.
exitcode Command exitcode demonstrates the public exit-code taxonomy.	Command exitcode demonstrates the public exit-code taxonomy.
gittree Command gittree demonstrates the clean+synced gate.	Command gittree demonstrates the clean+synced gate.
passthrough Command passthrough demonstrates wrapping an existing binary as an audited urfave/cli subcommand.	Command passthrough demonstrates wrapping an existing binary as an audited urfave/cli subcommand.
policy Command policy demonstrates argv-validation rejection.	Command policy demonstrates argv-validation rejection.
repocfg Command repocfg demonstrates loading a per-repo command allowlist.	Command repocfg demonstrates loading a per-repo command allowlist.
scope Command scope demonstrates --commit-scope resolution.	Command scope demonstrates --commit-scope resolution.
treebuilders Package treebuilders exports each examples/<name>/main.go's *cli.Command tree so scripts/gen-webdocs can render it, and so each example main	Package treebuilders exports each examples/<name>/main.go's *cli.Command tree so scripts/gen-webdocs can render it, and so each example main

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL