NAME

demo - tiny cli-guard demo app

SYNOPSIS

demo

[--commit-scope]=[value]

DESCRIPTION

demo is the smallest end-to-end exercise of the cli-guard pipeline:

1. --commit-scope resolves to a real git toplevel (default "auto"
   = git toplevel of cwd; explicit path also accepted).
2. The wrapped Action runs through policy.ValidateArg over every
   user-supplied string before execve.
3. An append-only JSONL row lands in $TMPDIR/cli-guard-demo.jsonl
   with timestamp, argv, cwd, exit code, and resolved scope.

Why an append-only audit log: it is the forensic trail if an agent (or a confused human) invokes something destructive. The log lives outside the working tree, is written 0600 in a 0700 dir, and rotates via lumberjack when the active file hits the size cap. Old backups past the retention horizon are pruned. There is no "skip audit" knob; a verb that genuinely should not be tied to a repo sets SkipScope at the definition site so the decision is visible in source.

Operating model for an agent calling these commands:

- Failure to preflight the audit dir is a hard fail at startup,
  not per call. If you see "audit preflight: ..." on stderr, do
  not retry; the host is broken (disk full, perms wrong, dir not
  writable). Surface to the operator.
- --commit-scope=auto fails outside a git repo. Either cd into a
  checkout or pass --commit-scope=<repo-path> explicitly. There
  is no "scope: none" sentinel.
- Inspect the audit row after the call to reconstruct what
  happened: `tail -1 "$TMPDIR/cli-guard-demo.jsonl" | jq`.

Usage:

demo [GLOBAL OPTIONS] [command [COMMAND OPTIONS]] [ARGUMENTS...]

GLOBAL OPTIONS

--commit-scope="": bind audit rows to a commit scope (default: "auto")

COMMANDS

hello

print a greeting