Commands Reference
witboost— CLI entrypoint commandwitboost governance— Witboost Computational Governance (WCG) allows for the creation, evolution, and enforcement of Governance Entities (policies or metrics) within development processes, ensuring governance is automated and not bypassable. This CLI allows interaction with WCG by evaluating a resource against Governance Entities.witboost build— Generate Witboost descriptors (descriptor.yaml) from local entity or data product files using the Builder service.witboost utils— Utility commands
witboost
Command-line interface to interact with the Witboost platform. This CLI provides commands for Witboost Computational Governance and utility operations.
Usage
witboost [options] [command]
Options
| Flag | Required | Default | Description |
|---|---|---|---|
-V, --version | - | output the version number | |
-l, --log-level <level> | info | Set log level | |
-v, --verbose | - | Enable verbose output (same as --log-level debug) |
Additional help notes
Run "witboost [command] --help" for details about a specific command.
For more details, see the official documentation: https://docs.witboost.com/p3_tech/p15_cli
witboost governance
Witboost Computational Governance (WCG) allows for the creation, evolution, and enforcement of Governance Entities (policies or metrics) within development processes, ensuring governance is automated and not bypassable. This CLI allows interaction with WCG by evaluating a resource against Governance Entities.
Usage
witboost governance [options] [command]
Additional help notes
Witboost Computational Governance (WCG) allows for the creation, evolution, and enforcement of Governance Entities (policies or metrics) within development
processes, ensuring governance is automated and not bypassable.
This CLI allows interaction with WCG by evaluating a resource against Governance Entities.
Prerequisites:
- A resource type must be defined in Witboost.
- At least one Governance Entity must be registered in the Witboost Computational Governance.
For more details, see the official documentation: https://docs.witboost.com/docs/p3_tech/p11_managing_policies/p11_1_overview
witboost governance evaluate
Evaluate resource descriptors against registered Governance Entities.
Usage
witboost governance evaluate --base-url <BASE_URL> --witboost-base-url <WITBOOST_BASE_URL> --token <TOKEN> --env <ENV> --resource-type <RESOURCE_TYPE> --resource-id <RESOURCE_ID> --descriptor-file <INPUT_FILE> [options]
Options
| Flag | Required | Default | Description |
|---|---|---|---|
--base-url <BASE_URL> | ✅ | env/config | Base URL of the Witboost Computational Governance Platform. Must be provided via either CLI, environment variable (WCG_BASE_URL), or config file (key: "WCG_BASE_URL") |
--witboost-base-url <WITBOOST_BASE_URL> | ✅ | env/config | It is the URL you use to access Witboost e.g. https://witboost.my-example-company.com . Must be provided via either CLI, environment variable (WITBOOST_BASE_URL), or config file (key: "WITBOOST_BASE_URL") |
--token <TOKEN> | ✅ | env/config | User/Service Account Access Token to authenticate with the Witboost API. Must be provided via either CLI, environment variable (ACCOUNT_ACCESS_TOKEN), or config file (key: "ACCOUNT_ACCESS_TOKEN") |
--jwt-duration <JWT_DURATION> | - | (Optional) User/Service account JWT duration in seconds | |
--env <ENV> | ✅ | - | Witboost environment in which the resource is evaluated |
--resource-type <RESOURCE_TYPE> | ✅ | - | Resource type of the resource to be evaluated |
--resource-id <RESOURCE_ID> | ✅ | - | Assign an identifier to the resource being evaluated |
--resource-name <RESOURCE_NAME> | - | (Optional) Assign a display name to the resource being evaluated. If not provided, the resource ID will be used as the name | |
--resource-version <RESOURCE_VERSION> | - | (Optional) Assign a version to the resource being evaluated | |
--descriptor-file <INPUT_FILE> | ✅ | - | Path to a YAML file containing the resource descriptor. JSON descriptors can be converted to YAML using the 'utils json-to-yaml' command |
--exit-on-failure | - | (Optional) Exit with non-zero code if evaluation completes with policy errors | |
--output <OUTPUT> | none | (Optional) Format of the evaluation report given at the end of the evaluation process | |
--output-file <OUTPUT_FILE> | - | (Optional) Path where to write the evaluation report either as a table or formatted as JSON (depending on the --output option). Note that --output-file report.json --output json is equivalent to piping stdout to a file named report.json e.g. witboost governance evaluate ... --output json > report.json | |
--compact-summary | false | (Optional) Print a compact summary table to stdout (recommended for narrow or CI environments) | |
--poll-interval <POLL_INTERVAL> | 3 | (Optional) Polling interval in seconds | |
--timeout <TIMEOUT> | 300 | (Optional) Maximum evaluation timeout in seconds |
Additional help notes
This command evaluates a resource descriptor against the Governance Entities (policies and metrics) registered in the Witboost platform.
During evaluation, a resource is evaluated against a Governance Entity only if it falls within its perimeter. The perimeter is defined by:
• Resource Type: the type of resources the Governance Entity applies to
• Environment: the environment the Governance Entity applies to
• Selectors: a set of key-value pairs that further filter the resources the Governance Entity applies to
• Infrastructure Template ID and Use Case Template ID: further filters that can be used to restrict the resources the Governance Entity applies to
Notes:
- Only --witboost-base-url and --token can come from environment variables or config file (.witboost-cli/config.yaml). All other options must be provided via CLI.
- Authentication options are resolved with the following precedence: CLI arguments > environment variables > configuration file.
- Make sure that the relevant resource types, policies, and metrics are already registered in the Witboost platform.
- For more details about the evaluation, see: https://docs.witboost.com/docs/p3_tech/p11_managing_policies/p11_6_evaluation_and_testing
Examples:
# 1. Evaluate a resource using options via CLI
witboost governance evaluate \
--base-url https://governance.example.com \
--witboost-base-url https://witboost.example.com \
--token $ACCOUNT_ACCESS_TOKEN \
--env dev \
--resource-type dataproduct \
--resource-id my-dp \
--descriptor-file ./dp.yaml
# 2. Use environment variables (token, auth-base-url and wcg-base-url)
export ACCOUNT_ACCESS_TOKEN=xxx
export WITBOOST_BASE_URL=https://auth.example.com
export WCG_BASE_URL=https://governance.example.com
witboost governance evaluate \
--env dev \
--resource-type dataproduct \
--resource-id my-dp \
--descriptor-file ./dp.yaml
# 3. Generate JSON evaluation report to a custom file
witboost governance evaluate \
--base-url https://governance.example.com \
--witboost-base-url https://witboost.example.com \
--token $ACCOUNT_ACCESS_TOKEN \
--env prod \
--resource-type myrestype \
--resource-id myres-42 \
--descriptor-file ./myres.yaml \
--output json \
--output-file ./myres_report.json
# 4. Exit with non-zero code on policy failures
witboost governance evaluate \
--base-url https://governance.example.com \
--witboost-base-url https://witboost.example.com \
--token $ACCOUNT_ACCESS_TOKEN \
--env dev \
--resource-type dataproduct \
--resource-id my-dp \
--descriptor-file ./dp.yaml \
--exit-on-failure
witboost builder
This CLI set provides the commands to manage the Witboost Builder service, which builds resource descriptors.
Usage
witboost builder [options] [command]
Additional help notes
This CLI set provides the commands to manage the Witboost Builder service, which builds resource descriptors.
witboost builder build-descriptor
This command generates a resource descriptor (YAML) from local files, either for a single entity or for a full project (system + components).
Usage
For a single entity descriptor:
witboost builder build-descriptor --base-url <BASE_URL> --witboost-base-url <WITBOOST_BASE_URL> --token <TOKEN> --entity-path <ENTITY_PATH> --environment <ENVIRONMENT>
For a full project descriptor:
witboost builder build-descriptor --base-url <BASE_URL> --witboost-base-url <WITBOOST_BASE_URL> --token <TOKEN> --full --system-path <SYSTEM_PATH> --components-path <COMPONENTS_PATH> --environment <ENVIRONMENT>
Options
| Flag | Required | Default | Description |
|---|---|---|---|
--witboost-base-url <WITBOOST_BASE_URL> | ✅ | env/config | It is the URL you use to access Witboost e.g. https://witboost.my-example-company.com . Must be provided via either CLI, environment variable (WITBOOST_BASE_URL), or config file (key: "WITBOOST_BASE_URL") |
--token <TOKEN> | ✅ | env/config | User/Service Account Access Token to authenticate with the Witboost API. Must be provided via either CLI, environment variable (ACCOUNT_ACCESS_TOKEN), or config file (key: "ACCOUNT_ACCESS_TOKEN") |
--full | - | (Optional) If specified, build full descriptors including all details | |
--entity-path <ENTITY_PATH> | - | (Optional) Path to the Entity for which to build the descriptor (if --full is not used) | |
--system-path <SYSTEM_PATH> | - | (Optional) Path to the System for which to build the descriptor (if --full is used) | |
--components-path <COMPONENTS_PATH> | - | (Optional) Path to the Components for which to build the descriptor (if --full is used) | |
--environment <ENVIRONMENT> | ✅ | - | Witboost environment in which the resource is evaluated |
Additional help notes
This command builds a resource descriptor in a yaml given the resource files.
During the build process, must be given the following inputs:
• base URL of the Builder service
• full flag to indicate whether to build a full descriptor (with system and components) or only entity descriptor
• Entity file path (if --full is not used)
• System file path (if --full is used)
• Components file path (if --full is used)
• Target environment of the descriptor that will be built
Notes:
- Only --witbbost-base-url and --token can come from environment variables or config file (CONFIG_FILE_PATH). All other options must be provided via CLI.
- Authentication options are resolved with the following precedence: CLI arguments > environment variables > configuration file.
Examples:
# 1. Build a single entity resource using options via CLI
witboost builder build-descriptor \
--base-url https://builder.example.com \
--witboost-base-url https://witboost.example.com \
--token $ACCOUNT_ACCESS_TOKEN \
--entity-path ./entity \
--environment production \
# 2. Build a full resource using options via CLI
witboost builder build-descriptor \
--base-url https://builder.example.com \
--witboost-base-url https://witboost.example.com \
--token $ACCOUNT_ACCESS_TOKEN \
--full \
--system-path ./system \
--components-path ./components \
--environment production \
# 3. Use environment variables (token, witboost-base-url and base-url)
export ACCOUNT_ACCESS_TOKEN=xxx
export WITBOOST_BASE_URL=https://witboost.example.com
witboost builder build-descriptor \
--entity-path ./entity \
--environment production \
witboost utils
Utility commands
Usage
witboost utils [options] [command]
witboost utils json-to-yaml
Convert a JSON file to a YAML file
Usage
witboost utils json-to-yaml [options]
Options
| Flag | Required | Default | Description |
|---|---|---|---|
-i, --input <filePath> | ✅ | - | Path to the input JSON file |
-o, --output <filePath> | - | Path to the output YAML file. Defaults to input file path with '.json' replaced with '.yaml' |