CLI Reference

The PhronEdge CLI gives you governance controls directly from your terminal. Scan code, verify connections, export policies.

Install

Shell
pip install phronedge

The CLI installs automatically with the SDK. No separate package.

Commands

phronedge scan

Scan a Python file for tool functions and identify which ones are governed. Use this as a CI/CD gate to block deploys with ungoverned tools.

Shell
phronedge scan agent.py

Output:

PhronEdge Scan: agent.py
==================================================

  [+] lookup_patient (as "lookup_patient")      line   12  governed
  [+] search_claims (as "search_claims")        line   24  governed
  [+] approve_payout (as "approve_payout")      line   36  governed
  [x] delete_record                             line   48  NOT governed
  [x] send_raw_email                            line   55  NOT governed

Total: 5 tools
  Governed:   3
  Ungoverned: 2

Ungoverned tools execute without governance.
Add @pe.govern("tool_name") to each one.

What it detects

The scanner uses static analysis to find tool functions:

  • Functions with @pe.govern("name") decorators (governed)
  • Functions with docstrings (likely tools)
  • Functions with @tool or similar framework decorators (likely tools)
  • Private functions (starting with _) are skipped

Strict mode

Use --strict to exit with code 1 when ungoverned tools are found. Add this to your CI pipeline to block deploys:

Shell
phronedge scan agent.py --strict

CI/CD integration

GitHub Actions:

YAML
- name: Governance scan
  run: |
    pip install phronedge
    phronedge scan src/agents/*.py --strict

GitLab CI:

YAML
governance-scan:
  script:
    - pip install phronedge
    - phronedge scan src/agents/*.py --strict

Pre-commit hook:

Shell
#!/bin/bash
# .git/hooks/pre-commit
phronedge scan $(git diff --cached --name-only -- '*.py') --strict

Multi-file scan

Scan all agent files:

Shell
phronedge scan agents/claims_agent.py
phronedge scan agents/medical_agent.py
phronedge scan agents/fraud_agent.py

Or with a glob:

Shell
for f in agents/*.py; do phronedge scan "$f" --strict; done

phronedge verify

Verify your API key, gateway connection, and credential in one command. Run this after setup to confirm everything works.

Shell
export PHRONEDGE_API_KEY=pe_live_your_key
phronedge verify

Output:

PhronEdge Verify
==================================================

[+] API key: pe_live_41******************81f9
[+] Gateway: https://api.phronedge.com/api/v1

Testing gateway connection...
[+] Gateway reachable. 4 plans available.

Fetching credential...
[+] Credential valid
    Agent:        claims-investigator
    Jurisdiction: DE
    Tools:        lookup_patient, search_claims, approve_payout

Ready. Your agent is governed.

What it checks

  1. 1.PHRONEDGE_API_KEY is set
  2. 2.Gateway is reachable (hits the public /plans endpoint)
  3. 3.Credential can be fetched with your API key
  4. 4.Credential is valid and contains agent info

Failure cases

[x] PHRONEDGE_API_KEY not set
    Run: export PHRONEDGE_API_KEY=pe_live_your_key
[x] Gateway unreachable: Connection refused
[x] Credential fetch failed: 401
    Invalid API key

phronedge export

Export your signed policy as OPA Rego, YAML, or JSON. Use this to deploy governance rules to external systems.

Shell
phronedge export rego
phronedge export yaml
phronedge export json

Save to file

Shell
phronedge export rego -o policy.rego
phronedge export yaml -o governance.yaml
phronedge export json -o policy.json

Output:

Exporting policy as rego...
Exported to policy.rego
Policy hash: c691ac83ca908b7d...

OPA integration

Export and deploy directly to your OPA runtime:

Shell
phronedge export rego -o /etc/opa/policies/phronedge.rego
opa run --server --bundle /etc/opa/policies/

Every rule in the exported Rego traces to a specific regulation from your signed credential. Nothing is hardcoded. The Rego file includes:

  • Agent authorization (from credential.agent_id)
  • Tool permissions (from credential.permitted_tools)
  • Model permissions (from credential.permitted_models)
  • Data classification enforcement (from credential.data_classifications)
  • Jurisdiction validation (from credential.jurisdiction)
  • PII detection patterns
  • Cross-border transfer rules
  • Behavioral baseline limits
  • Delegation permissions
  • Denial reasons with regulation citations

YAML export

Use YAML for GitOps workflows. Store your governance policy alongside your infrastructure:

Shell
phronedge export yaml -o governance/phronedge-policy.yaml
git add governance/phronedge-policy.yaml
git commit -m "Update governance policy"
git push

JSON export

Use JSON for programmatic access or integration with custom policy engines:

Shell
phronedge export json -o policy.json
python3 -c "
import json
with open('policy.json') as f:
    policy = json.load(f)
print('Agent:', policy['policy']['agent_id'])
print('Tools:', policy['policy']['permitted_tools'])
"

Environment Variables

VariableRequiredDescription
PHRONEDGE_API_KEYYes (for verify, export)Your API key from the console
PHRONEDGE_GATEWAY_URLNoOverride gateway URL. Default: https://api.phronedge.com/api/v1

Exit Codes

CodeMeaning
0Success
1Failure (ungoverned tools in strict mode, connection failed, export failed)

Examples

Complete setup and verification

Shell
pip install phronedge
export PHRONEDGE_API_KEY=pe_live_your_key

phronedge verify
phronedge scan my_agent.py
phronedge export rego -o policy.rego

CI/CD pipeline with scan gate

Shell
pip install phronedge
phronedge scan src/agents/ --strict || exit 1
echo "All tools governed. Deploying..."

Export policy for compliance audit

Shell
phronedge export json -o audit/governance-policy-$(date +%Y%m%d).json
phronedge export rego -o audit/opa-policy-$(date +%Y%m%d).rego

Next steps

Previous
Multi-Agent
Next
REST API Reference