Commands Reference
witboost— CLI entrypoint commandwitboost governance— Witboost Computational Governance (WCG) allows for the creation, evolution, and enforcement of Governance Entities (policies or metrics) within development processes, ensuring governance is automated and not bypassable. This CLI allows interaction with WCG by evaluating a resource against Governance Entities.witboost utils— Utility commands
witboost
Command-line interface to interact with the Witboost platform. This CLI provides commands for Witboost Computational Governance and utility operations.
Usage
witboost [options] [command]
Options
| Flag | Required | Default | Description |
|---|---|---|---|
-V, --version | - | output the version number | |
-l, --log-level <level> | info | Set log level | |
-v, --verbose | - | Enable verbose output (same as --log-level debug) |
Additional help notes
Run "witboost [command] --help" for details about a specific command.
For more details, see the official documentation: https://docs.witboost.com/p3_tech/p15_cli
witboost governance
Witboost Computational Governance (WCG) allows for the creation, evolution, and enforcement of Governance Entities (policies or metrics) within development processes, ensuring governance is automated and not bypassable. This CLI allows interaction with WCG by evaluating a resource against Governance Entities.
Usage
witboost governance [options] [command]
Additional help notes
Witboost Computational Governance (WCG) allows for the creation, evolution, and enforcement of Governance Entities (policies or metrics) within development
processes, ensuring governance is automated and not bypassable.
This CLI allows interaction with WCG by evaluating a resource against Governance Entities.
Prerequisites:
- A resource type must be defined in Witboost.
- At least one Governance Entity must be registered in the Witboost Computational Governance.
For more details, see the official documentation: https://docs.witboost.com/docs/p3_tech/p11_managing_policies/p11_1_overview
witboost governance evaluate
Evaluate resource descriptors against registered Governance Entities.
Usage
witboost governance evaluate --base-url <BASE_URL> --auth-base-url <AUTH_BASE_URL> --token <TOKEN> --env <ENV> --resource-type <RESOURCE_TYPE> --resource-id <RESOURCE_ID> --descriptor-file <INPUT_FILE> [options]
Options
| Flag | Required | Default | Description |
|---|---|---|---|
--base-url <BASE_URL> | ✅ | env/config | Base URL of the Witboost Computational Governance Platform. Must be provided via either CLI, environment variable (WCG_BASE_URL), or config file (key: "WCG_BASE_URL") |
--auth-base-url <AUTH_BASE_URL> | ✅ | env/config | Base URL used to authenticate the Service Account. It is the URL you use to access Witboost, followed by /api/auth e.g. https://witboost.my-example-company.com/api/auth . Must be provided via either CLI, environment variable (WITBOOST_AUTH_BASE_URL), or config file (key: "WITBOOST_AUTH_BASE_URL") |
--token <TOKEN> | ✅ | env/config | Service Account Access Token to authenticate with the Witboost API. Must be provided via either CLI, environment variable (WCG_SERVICE_ACCOUNT_ACCESS_TOKEN), or config file (key: "WCG_SERVICE_ACCOUNT_ACCESS_TOKEN") |
--jwt-duration <JWT_DURATION> | - | (Optional) Service account JWT duration in seconds | |
--env <ENV> | ✅ | - | Witboost environment in which the resource is evaluated |
--resource-type <RESOURCE_TYPE> | ✅ | - | Resource type of the resource to be evaluated |
--resource-id <RESOURCE_ID> | ✅ | - | Assign an identifier to the resource being evaluated |
--resource-name <RESOURCE_NAME> | - | (Optional) Assign a display name to the resource being evaluated. If not provided, the resource ID will be used as the name | |
--resource-version <RESOURCE_VERSION> | - | (Optional) Assign a version to the resource being evaluated | |
--descriptor-file <INPUT_FILE> | ✅ | - | Path to a YAML file containing the resource descriptor. JSON descriptors can be converted to YAML using the 'utils json-to-yaml' command |
--exit-on-failure | - | (Optional) Exit with non-zero code if evaluation completes with policy errors | |
--output <OUTPUT> | none | (Optional) Format of the evaluation report given at the end of the evaluation process | |
--output-file <OUTPUT_FILE> | - | (Optional) Path where to write the evaluation report either as a table or formatted as JSON (depending on the --output option). Note that --output-file report.json --output json is equivalent to piping stdout to a file named report.json e.g. witboost governance evaluate ... --output json > report.json | |
--compact-summary | false | (Optional) Print a compact summary table to stdout (recommended for narrow or CI environments) | |
--poll-interval <POLL_INTERVAL> | 3 | (Optional) Polling interval in seconds | |
--timeout <TIMEOUT> | 300 | (Optional) Maximum evaluation timeout in seconds |
Additional help notes
This command evaluates a resource descriptor against the Governance Entities (policies and metrics) registered in the Witboost platform.
During evaluation, a resource is evaluated against a Governance Entity only if it falls within its perimeter. The perimeter is defined by:
• Resource Type: the type of resources the Governance Entity applies to
• Environment: the environment the Governance Entity applies to
• Selectors: a set of key-value pairs that further filter the resources the Governance Entity applies to
• Infrastructure Template ID and Use Case Template ID: further filters that can be used to restrict the resources the Governance Entity applies to
Notes:
- Only --auth-base-url and --token can come from environment variables or config file (.witboost-cli/config.yaml). All other options must be provided via CLI.
- Authentication options are resolved with the following precedence: CLI arguments > environment variables > configuration file.
- Make sure that the relevant resource types, policies, and metrics are already registered in the Witboost platform.
- For more details about the evaluation, see: https://docs.witboost.com/docs/p3_tech/p11_managing_policies/p11_6_evaluation_and_testing
Examples:
# 1. Evaluate a resource using options via CLI
witboost governance evaluate \
--base-url https://governance.example.com \
--auth-base-url https://auth.example.com/api/auth \
--token $WCG_SERVICE_ACCOUNT_ACCESS_TOKEN \
--env dev \
--resource-type dataproduct \
--resource-id my-dp \
--descriptor-file ./dp.yaml
# 2. Use environment variables (token, auth-base-url and wcg-base-url)
export WCG_SERVICE_ACCOUNT_ACCESS_TOKEN=xxx
export WITBOOST_AUTH_BASE_URL=https://auth.example.com/api/auth
export WCG_BASE_URL=https://governance.example.com
witboost governance evaluate \
--env dev \
--resource-type dataproduct \
--resource-id my-dp \
--descriptor-file ./dp.yaml
# 3. Generate JSON evaluation report to a custom file
witboost governance evaluate \
--base-url https://governance.example.com \
--auth-base-url https://auth.example.com/api/auth \
--token $WCG_SERVICE_ACCOUNT_ACCESS_TOKEN \
--env prod \
--resource-type myrestype \
--resource-id myres-42 \
--descriptor-file ./myres.yaml \
--output json \
--output-file ./myres_report.json
# 4. Exit with non-zero code on policy failures
witboost governance evaluate \
--base-url https://governance.example.com \
--auth-base-url https://auth.example.com/api/auth \
--token $WCG_SERVICE_ACCOUNT_ACCESS_TOKEN \
--env dev \
--resource-type dataproduct \
--resource-id my-dp \
--descriptor-file ./dp.yaml \
--exit-on-failure
witboost utils
Utility commands
Usage
witboost utils [options] [command]
witboost utils json-to-yaml
Convert a JSON file to a YAML file
Usage
witboost utils json-to-yaml [options]
Options
| Flag | Required | Default | Description |
|---|---|---|---|
-i, --input <filePath> | ✅ | - | Path to the input JSON file |
-o, --output <filePath> | - | Path to the output YAML file. Defaults to input file path with '.json' replaced with '.yaml' |