CLI Reference

Command-line interface for local development and deployment operations.

Installation

$ pip install -e .

Sign the security policy manifest with Ed25519 private key.

$ python -m aletheia_cyber_core sign-manifest

Reads: manifest/security_policy.json
Private key: manifest/security_policy.ed25519.key
Output: manifest/security_policy.json.sig (detached)
Use case: After modifying the policy manifest in production, run this command to generate a fresh cryptographic signature. Deployed instances verify the signature at startup and reject mismatches (fail-closed policy enforcement).

Run a test audit locally (no command specified). Demonstrates the tri-agent pipeline (Scout → Nitpicker → Judge).

$ python main.py

Output shows:

ENVIRONMENT

Set to production to enforce strict validation. Requires ACTIVE_MODE=true and 32+ character SIGNING_SECRET. Recommended for production deployments.

SIGNING_SECRET

(Production only) Random string ≥32 characters for HMAC operations. Generate with: openssl rand -hex 16

ACTIVE_MODE

Set to true when ENVIRONMENT=production. Confirmation flag to prevent accidental enforcement bypass.

Generate Ed25519 keypair (one-time):
ssh-keygen -t ed25519 -N "" -f manifest/security_policy.ed25519.key -m pem
Extract public key:
ssh-keygen -y -f manifest/security_policy.ed25519.key > manifest/security_policy.ed25519.pub
Edit manifest/security_policy.json with your policy thresholds.
Sign the manifest:
python -m aletheia_cyber_core sign-manifest
Commit manifest/security_policy.json.sig to version control. Keep private key secure and injected via env vars at deploy time.

Signature verification failed. Ensure the private key matches the public key in the manifest, and re-run sign-manifest.

Set ACTIVE_MODE=true in your deployment environment when ENVIRONMENT=production.

In production, set SIGNING_SECRET to a random string ≥32 characters.