Package Exports
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@driftgard/cli) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
@driftgard/cli
Governance-as-code CLI for Driftgard — manage control packs from your terminal and CI pipelines.
Install
npm install -g @driftgard/cliOr run directly with npx:
npx @driftgard/cli helpConfigure
export DRIFTGARD_API_KEY=dg_your_api_key
export DRIFTGARD_PROJECT_ID=proj_xxxCommands
pull
Download the active control pack as YAML or JSON.
driftgard pull --format yaml
driftgard pull --pack ./control-packs/prod.json --format jsonpush
Upload a local control pack as a new version. Auto-increments the version number.
driftgard push --pack ./control-packs/prod.yamlactivate
Set a specific version as the active control pack.
driftgard activate --pack-id my_control_pack --version 3validate
Check a control pack file for structural errors. Works offline.
driftgard validate --pack ./control-packs/prod.yamllint
Check for logical issues — contradictions, unreachable thresholds, dead patterns, and more. Works offline.
driftgard lint --pack ./control-packs/prod.yamlChecks for:
- Duplicate clause IDs
- Unreachable block threshold (no single violation can trigger a block)
- Guaranteed block on any violation (threshold too low)
- Dead patterns (rules with no pattern_rules — judge-only)
- Duplicate patterns across rules
- Auto-block category with low severity (misleading label)
- Category multipliers on unused categories
- Auto-block categories with no matching rules
Exits with code 1 if errors are found. Warnings and info do not fail.
diff
Show a colored diff between the latest two control pack versions.
driftgard diffbenchmark
Run the benchmark suite and fail if thresholds are exceeded. CI-friendly — exits with code 1 on failure.
driftgard benchmark --max-violation-rate 0.05 --max-blocked 10CI/CD example
# GitHub Actions
name: Governance Check
on: [push]
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Validate
run: npx @driftgard/cli validate --pack ./control-packs/prod.yaml
- name: Lint
run: npx @driftgard/cli lint --pack ./control-packs/prod.yaml
- name: Push
run: npx @driftgard/cli push --pack ./control-packs/prod.yaml
env:
DRIFTGARD_API_KEY: ${{ secrets.DRIFTGARD_API_KEY }}
DRIFTGARD_PROJECT_ID: ${{ secrets.DRIFTGARD_PROJECT_ID }}
- name: Benchmark
run: npx @driftgard/cli benchmark --max-violation-rate 0.05
env:
DRIFTGARD_API_KEY: ${{ secrets.DRIFTGARD_API_KEY }}
DRIFTGARD_PROJECT_ID: ${{ secrets.DRIFTGARD_PROJECT_ID }}Options
| Flag | Description |
|---|---|
--project-id <id> |
Project ID (or set DRIFTGARD_PROJECT_ID) |
--pack <file> |
Path to control pack file (.json or .yaml) |
--format <fmt> |
Output format: json or yaml (default: yaml) |
--version <n> |
Version number for activate |
--pack-id <id> |
Control pack ID for activate |
Environment variables
| Variable | Description |
|---|---|
DRIFTGARD_API_KEY |
API key (required for remote commands) |
DRIFTGARD_BASE_URL |
API base URL (default: https://api.driftgard.com) |
DRIFTGARD_PROJECT_ID |
Default project ID |
License
MIT