Skip to main content

Creed Space CLI — validate creeds, constitutions, and VCP tokens

Reason this release was yanked:

Security: contains a symlink secret-exfiltration and a cwd module-shadowing code-execution vulnerability. Fixed in 0.1.2 — please upgrade.

Project description

creed-space-cli

creed is a command-line validator for Creed Space artifacts: creeds, constitutions, and VCP tokens. It runs locally and in CI, needs no authentication, and speaks JSON for machine consumption. Think terraform validate or gh, but for values declarations.

Install

pip install creed-space-cli

# With the optional guardian passthrough (pulls in the creed-guardian runtime):
pip install creed-space-cli[guardian]

Requires Python 3.10+. Inside the Creed Space monorepo it is available as python -m creed_cli (or poetry run creed) without a separate install; from a source checkout, pip install ./vcp-sdk-python ./creed_cli.

Command surface

creed --version
creed --help
creed validate <path|dir|string>...  [--type auto|creed|constitution|vcp-lite|vcp-token|csm1]
                                      [--format text|json] [--strict] [--quiet]
creed score <creed-file>...          [--min-score N] [--format text|json]
creed vcp validate <token-or-file>   # VCP token / CSM1 code / VCP-Lite JSON (auto-detected)
creed vcp parse <token-or-csm1>      # pretty-print the parsed structure
creed constitution lint <path|dir>... [--format text|json]
creed guardian <argv...>             # passthrough to the creed-guardian runtime

validate is the umbrella command. It auto-detects artifact type:

  • *.creed.md / *.creedcreed
  • .json / .yaml matching the constitution shape, or files under a constitutions/ directory → constitution
  • vcp:-prefixed or CSM1-patterned strings, and .vcp files → VCP

Directories recurse over known extensions. Unknown inputs are reported as skipped (and become findings under --strict). Pass --type to override detection.

Exit codes

Every command uses the same convention (also printed in creed --help):

Code Meaning
0 all inputs valid
1 validation findings (at least one artifact failed)
2 usage error / missing input
3 internal error

creed guardian preserves the exit code of the underlying creed-guardian process, so guardian's own status codes propagate unchanged.

JSON output contract

--format json emits a stable, versioned document (schema version "1"):

{
  "schema_version": "1",
  "results": [
    {
      "path": "data/constitutions/_source/example.yaml",
      "artifact_type": "constitution",
      "status": "failed",
      "findings": [
        {"severity": "error", "code": "SCHEMA",
         "message": "...", "location": "$.rules[3]"}
      ]
    }
  ],
  "summary": {"checked": 12, "passed": 11, "failed": 1, "skipped": 0}
}
  • status is one of passed, failed, skipped.
  • severity is error or warning; code is a stable machine token.
  • Parse the top-level summary for a quick pass/fail count; drive gating logic off the process exit code.

Guardian passthrough

creed guardian <argv...> forwards every argument verbatim to the creed-guardian runtime:

creed guardian --help          # prints creed-guardian's help
creed guardian proxy --port 9090
creed guardian serve
creed guardian mcp

If creed-guardian is not installed, creed guardian prints an install hint (pip install creed-space-cli[guardian]) and exits 2 rather than crashing.

CI recipes

GitHub Actions

# .github/workflows/creed-validate.yml
name: creed validate
on: [push, pull_request]

jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.12"
      - run: pip install creed-space-cli
      - name: Validate constitutions
        run: creed constitution lint data/constitutions/_source --format json
      - name: Gate creed quality
        run: creed score creeds/*.creed.md --min-score 70

The step fails the job automatically when creed exits non-zero.

pre-commit

# .pre-commit-config.yaml
repos:
  - repo: local
    hooks:
      - id: creed-validate
        name: creed validate
        entry: creed validate
        language: python
        additional_dependencies: ["creed-space-cli"]
        files: '\.(creed\.md|creed)$|constitutions/.*\.(json|ya?ml)$'
        pass_filenames: true

pass_filenames: true hands the staged, matching files to creed validate; the commit is blocked when validation reports findings.

Related

  • docs/CREED_CLI.md — architecture and design overview.
  • Creed Guardian Quick Start — the local safety runtime behind creed guardian.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

creed_space_cli-0.1.0.tar.gz (50.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

creed_space_cli-0.1.0-py3-none-any.whl (54.7 kB view details)

Uploaded Python 3

File details

Details for the file creed_space_cli-0.1.0.tar.gz.

File metadata

  • Download URL: creed_space_cli-0.1.0.tar.gz
  • Upload date:
  • Size: 50.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.14

File hashes

Hashes for creed_space_cli-0.1.0.tar.gz
Algorithm Hash digest
SHA256 f9501acc5e0fbc1e388ec0b2bf332229337b10d68ce023e6017cc5c1282e6c06
MD5 eb063fc3dc663383660ea15b5bb44d81
BLAKE2b-256 06641bee644ea26929a1bcb7c31df0fd446dc2a71dddeb164032e0aec7235bd6

See more details on using hashes here.

File details

Details for the file creed_space_cli-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for creed_space_cli-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a8e30a311317e469ed335317696af97e835b330486b70ed081563347c22f640e
MD5 655d0c5b128385484802a9d24361c177
BLAKE2b-256 b13a2aa2a22492ce897cdfbdbb8d6e07d57b992507c3bc4ee67f32470f0a4fcb

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page