CLI Reference

Complete reference for the chio command-line interface. Every subcommand, flag, type, and default value documented from the canonical source.

Global flags

The following flags are available on every subcommand. They appear before the subcommand name or after it with the -- separator.

Flag	Type	Default	Description
`--format`	enum	`human`	Output format: `json` or `human`
`--json`	bool	`false`	Legacy alias, equivalent to `--format json`
`--receipt-db`	path	none	SQLite database path for durable receipt persistence
`--revocation-db`	path	none	SQLite database path for durable capability revocation persistence
`--authority-seed-file`	path	none	File path for a persistent capability-authority seed
`--authority-db`	path	none	SQLite database path for shared capability-authority state
`--budget-db`	path	none	SQLite database path for durable shared capability budget state
`--session-db`	path	none	SQLite database path for durable remote MCP session tombstones
`--control-url`	string	none	Shared trust-control service base URL
`--control-token`	string	none	Bearer token for authenticating to the trust-control service

chio check

Evaluate a single tool call against a policy without spawning a subprocess. Useful for dry-running policy changes or testing guard behavior.

bash

chio check --policy <PATH> --tool <NAME> [--params <JSON>] [--server <ID>]

Flag	Type	Default	Description
`--policy`	path	required	Path to the policy YAML file
`--tool`	string	required	Tool name to evaluate
`--params`	JSON string	`{}`	Tool parameters as a JSON string
`--server`	string	`*`	Server ID to use for the evaluation

example

$ chio check --policy ./policy.yaml \
    --tool read_file \
    --params '{"path": "./workspace/README.md"}'

verdict:  ALLOW
tool:     read_file
server:   *
guards:   8/8 passed

chio run

Spawn an agent subprocess and enforce policy via the kernel. The kernel mediates every tool call the agent makes, applying guard rules and signing receipts.

bash

chio run --policy <PATH> -- <COMMAND> [ARGS...]

Flag	Type	Default	Description
`--policy`	path	required	Path to the policy YAML file
`<COMMAND>`	trailing args	required	The agent command and its arguments (after `--`)

example

$ chio run --policy ./policy.yaml -- node agent.js
INFO  kernel ready, spawning agent subprocess
INFO  agent exited with code 0
INFO  session complete: 47 receipts (45 allow, 2 deny)

chio init

Scaffold a runnable Chio example project with a governed demo flow.

bash

chio init <PATH>

Argument	Type	Description
`<PATH>`	path	Directory to create for the scaffolded project

example

$ chio init my-governed-agent
Created project at ./my-governed-agent
  policy.yaml   · starter HushSpec policy
  agent.js      · demo agent script
  README.md     · getting started guide

chio mcp serve

Wrap an MCP server subprocess and expose a secured MCP edge over stdio. The Chio kernel intercepts every tool call, applies policy, and signs receipts before forwarding to the wrapped server.

bash

chio mcp serve --policy <PATH> --server-id <ID> [OPTIONS] -- <COMMAND> [ARGS...]

Flag	Type	Default	Description
`--policy`	path	required	Path to the policy YAML file
`--server-id`	string	required	Server ID to assign to the wrapped MCP server inside Chio
`--server-name`	string	none	Human-readable name for the wrapped MCP server
`--server-version`	string	none	Version string for the wrapped MCP server
`--manifest-public-key`	string	none	Override the public key embedded in the synthetic manifest
`--page-size`	integer	`50`	Page size for paginated `tools/list` responses
`--tools-list-changed`	bool	`false`	Advertise `notifications/tools/list_changed`
`--preset`	enum	none	Bundled policy preset. `code-agent` applies deny-by-default guards tuned for coding agents (path allowlist, shell blocklist, secret scan, patch integrity)

example

$ chio mcp serve --policy ./policy.yaml --server-id srv-files \
    -- npx -y @modelcontextprotocol/server-filesystem ./workspace

# Or use the bundled code-agent preset instead of a policy file:
$ chio mcp serve --preset code-agent --server-id srv-files \
    -- npx -y @modelcontextprotocol/server-filesystem ./workspace

chio mcp serve-http

Wrap an MCP server subprocess and expose a secured MCP edge over Streamable HTTP. Supports multiple concurrent remote sessions, OAuth2 and JWT authentication, and optional shared subprocess mode.

bash

chio mcp serve-http --policy <PATH> --server-id <ID> [OPTIONS] -- <COMMAND> [ARGS...]

Flag	Type	Default	Description
`--policy`	path	required	Path to the policy YAML file
`--server-id`	string	required	Server ID to assign to the wrapped MCP server
`--server-name`	string	none	Human-readable name for the wrapped MCP server
`--server-version`	string	none	Version string for the wrapped MCP server
`--manifest-public-key`	string	none	Override the public key embedded in the synthetic manifest
`--page-size`	integer	`50`	Page size for paginated `tools/list` responses
`--tools-list-changed`	bool	`false`	Advertise `notifications/tools/list_changed`
`--shared-hosted-owner`	bool	`false`	Use one shared wrapped MCP subprocess for all remote sessions
`--listen`	socket addr	`127.0.0.1:8931`	Socket address to bind the remote MCP edge to
`--auth-token`	string	none	Static bearer token required for remote session admission
`--auth-jwt-public-key`	string	none	Public key used to verify externally issued JWT bearer tokens
`--auth-jwt-discovery-url`	string	none	OIDC discovery URL for issuer metadata and JWKS resolution
`--auth-introspection-url`	string	none	OAuth2 token introspection endpoint for opaque bearer tokens
`--auth-introspection-client-id`	string	none	Client ID when calling the introspection endpoint
`--auth-introspection-client-secret`	string	none	Client secret when calling the introspection endpoint
`--auth-jwt-provider-profile`	enum	none	Provider profile for principal mapping and OIDC discovery
`--auth-server-seed-file`	path	none	Local auth-server signing seed file for self-issued JWTs
`--identity-federation-seed-file`	path	none	Seed file for deriving stable Chio subjects from OAuth principals
`--enterprise-providers-file`	path	none	File-backed enterprise provider registry shared with trust-control
`--auth-jwt-issuer`	string	none	Expected bearer-token issuer for remote session admission
`--auth-jwt-audience`	string	none	Expected bearer-token audience for remote session admission
`--admin-token`	string	none	Static bearer token for remote admin APIs
`--public-base-url`	string	none	Public base URL for protected-resource metadata URLs
`--auth-server`	string (repeatable)	none	Authorization server URL advertised via protected-resource metadata
`--auth-authorization-endpoint`	string	none	OAuth authorization endpoint in colocated auth-server metadata
`--auth-token-endpoint`	string	none	OAuth token endpoint in colocated auth-server metadata
`--auth-registration-endpoint`	string	none	Dynamic client registration endpoint in auth-server metadata
`--auth-jwks-uri`	string	none	JWKS URI advertised in auth-server metadata
`--auth-scope`	string (repeatable)	none	Scope hint advertised in protected-resource challenges
`--auth-subject`	string	`operator`	Subject to embed in locally issued auth-server access tokens
`--auth-code-ttl-secs`	integer	`300`	Authorization-code lifetime for the hosted auth server
`--auth-access-token-ttl-secs`	integer	`600`	Access-token lifetime for the hosted auth server

example

$ chio mcp serve-http \
    --policy ./policy.yaml \
    --server-id srv-files \
    --listen 0.0.0.0:8931 \
    --auth-token my-secret-token \
    -- npx -y @modelcontextprotocol/server-filesystem ./workspace

INFO  remote MCP edge listening on 0.0.0.0:8931
INFO  authentication: static bearer token

chio trust serve

Serve the shared trust-control plane over HTTP. The trust-control service provides centralized revocation, reputation scoring, federation policy, passport lifecycle management, and certification registry.

bash

chio trust serve --service-token <TOKEN> [OPTIONS]

Flag	Type	Default	Description
`--listen`	socket addr	`127.0.0.1:8940`	Socket address to bind the trust-control service
`--service-token`	string	required	Bearer token required for trust-control service requests
`--advertise-url`	string	none	Public base URL this node advertises to peers and clients
`--peer-url`	string (repeatable)	none	Peer trust-control base URL (repeat for multiple peers)
`--cluster-sync-interval-ms`	integer	`500`	Background cluster sync interval in milliseconds
`--policy`	path	none	Policy file whose reputation issuance extension is enforced
`--enterprise-providers-file`	path	none	File-backed enterprise provider registry
`--federation-policies-file`	path	none	File-backed permissionless federation policy registry
`--scim-lifecycle-file`	path	none	File-backed SCIM lifecycle registry for external IdP provisioning
`--verifier-policies-file`	path	none	File-backed signed verifier policy registry
`--verifier-challenge-db`	path	none	SQLite verifier challenge-state database for replay-safe flows
`--passport-statuses-file`	path	none	File-backed passport lifecycle registry
`--passport-issuance-offers-file`	path	none	File-backed passport issuance registry for OID4VCI offers
`--certification-registry-file`	path	none	File-backed certification registry
`--certification-discovery-file`	path	none	Multi-operator certification discovery network file
`--certification-public-metadata-ttl-seconds`	integer	`3600`	Public certification metadata TTL in seconds

example

$ chio trust serve \
    --service-token my-control-token \
    --listen 0.0.0.0:8940 \
    --passport-statuses-file ./data/passports.json \
    --certification-registry-file ./data/certs.json

INFO  trust-control service listening on 0.0.0.0:8940

chio trust revoke

Persist a capability revocation into the configured revocation database.

bash

chio trust revoke --capability-id <ID>

chio trust status

Query whether a capability ID is currently revoked.

bash

chio trust status --capability-id <ID>

chio receipt list

List receipts from the receipt store with optional filters. Output is one JSON receipt per line (JSON Lines format).

bash

chio receipt list [OPTIONS]

Flag	Type	Default	Description
`--capability`	string	none	Filter by capability ID
`--tool-server`	string	none	Filter by tool server ID
`--tool-name`	string	none	Filter by tool name
`--outcome`	string	none	Filter by decision outcome: `allow`, `deny`, `cancelled`, `incomplete`
`--since`	integer (Unix seconds)	none	Receipts with timestamp >= this value
`--until`	integer (Unix seconds)	none	Receipts with timestamp <= this value
`--min-cost`	integer	none	Minimum cost in minor currency units (financial receipts only)
`--max-cost`	integer	none	Maximum cost in minor currency units (financial receipts only)
`--limit`	integer	`50`	Maximum number of receipts per page
`--cursor`	integer	none	Cursor for pagination (seq value to start after)

example

# List recent denials
$ chio receipt list --outcome deny --limit 10

# List receipts for a specific tool in a time window
$ chio receipt list --tool-name read_file --since 1713000000 --until 1713100000

chio evidence

Export, verify, and import offline evidence packages from the local receipt database for cross-organizational sharing and federation.

evidence export

bash

chio evidence export --output <DIR> [OPTIONS]

Flag	Type	Default	Description
`--output`	path	required	Output directory for the evidence package
`--capability`	string	none	Filter receipts by capability ID
`--agent-subject`	string	none	Filter receipts by agent subject public key
`--since`	integer (Unix seconds)	none	Include receipts with timestamp >= this value
`--until`	integer (Unix seconds)	none	Include receipts with timestamp <= this value
`--policy-file`	path	none	Policy file to attach to the export package
`--federation-policy`	path	none	Signed bilateral federation policy constraining the export scope
`--require-proofs`	bool	`false`	Fail if any selected receipt lacks checkpoint coverage

evidence verify

Verify every receipt signature, parameter hash, and checkpoint inclusion proof in an evidence package without importing it.

bash

chio evidence verify --input <DIR>

Essential flag: --input <DIR> (required). Path to the evidence package directory.

evidence import

Import a verified evidence package into the local receipt database, merging receipts and checkpoints.

bash

chio evidence import --input <DIR>

Essential flag: --input <DIR> (required). Path to the evidence package directory.

chio passport

Create, verify, evaluate, and present Agent Passport bundles. Passports are portable, signed bundles of reputation credentials that agents carry across trust boundaries.

passport create

bash

chio passport create --subject-public-key <HEX> --output <PATH> --signing-seed-file <PATH> [OPTIONS]

Flag	Type	Default	Description
`--subject-public-key`	hex string	required	Subject Ed25519 public key in hex
`--output`	path	required	Output path for the passport JSON
`--signing-seed-file`	path	required	Persistent seed file for signing the reputation credential
`--validity-days`	integer	`30`	Passport validity period in days
`--since`	integer (Unix seconds)	none	Lower bound for the attested receipt window
`--until`	integer (Unix seconds)	none	Upper bound for the attested receipt window
`--receipt-log-url`	string (repeatable)	none	Receipt log service endpoint(s) to embed
`--require-checkpoints`	bool	`false`	Fail if any selected receipt lacks checkpoint coverage
`--enterprise-identity`	path	none	Enterprise identity context JSON for portable provenance

passport verify

Verify the signatures, validity window, and (optionally) lifecycle status of a passport bundle.

bash

chio passport verify --input <PATH> [--at <UNIX_SECONDS>] [--passport-statuses-file <PATH>]

Essential flags: --input (required, passport JSON path), --at (evaluate validity at this Unix seconds timestamp), --passport-statuses-file (local lifecycle registry for revocation checks).

passport evaluate

Evaluate a passport against a policy's reputation and acceptance rules, producing a tier assignment and accept/reject verdict.

bash

chio passport evaluate --input <PATH> --policy <PATH> [--at <UNIX_SECONDS>]

Essential flags: --input (required, passport JSON path), --policy (required, policy YAML with reputation rules), --at (evaluate at this Unix seconds timestamp).

passport present

Produce a minimal presentation from a passport, filtering credentials by accepted issuer list and a maximum count.

bash

chio passport present --input <PATH> --output <PATH> [--issuer <DID>...] [--max-credentials <N>]

Essential flags: --input (required, passport JSON path), --output (required, output path for the presentation), --issuer (repeatable, restrict to these issuer DIDs), --max-credentials (integer cap on included credentials).

chio did resolve

Resolve a did:chio identifier or Ed25519 public key into a DID Document.

bash

chio did resolve [--did <DID> | --public-key <HEX>] [OPTIONS]

Flag	Type	Default	Description
`--did`	string	none	Fully-qualified `did:chio` identifier (conflicts with `--public-key`)
`--public-key`	hex string	none	Hex-encoded Ed25519 public key to resolve as `did:chio` (conflicts with `--did`)
`--receipt-log-url`	string (repeatable)	none	Receipt log service endpoint to include in the resolved document
`--passport-status-url`	string (repeatable)	none	Passport lifecycle endpoint to include in the resolved document

example

$ chio did resolve --public-key 9c7b3f...a1b2c3

chio certify

Evaluate conformance evidence and emit a signed certification artifact. Certify manages the full lifecycle: check, verify, and registry operations.

certify check

bash

chio certify check \
    --scenarios-dir <DIR> \
    --results-dir <DIR> \
    --output <PATH> \
    --tool-server-id <ID> \
    --signing-seed-file <PATH> \
    [OPTIONS]

Flag	Type	Default	Description
`--scenarios-dir`	path	required	Directory containing conformance scenario descriptor JSON files
`--results-dir`	path	required	Directory containing conformance result JSON files
`--output`	path	required	Output path for the signed certification artifact JSON
`--tool-server-id`	string	required	Stable identifier for the tool server being checked
`--tool-server-name`	string	none	Human-readable name for the tool server
`--report-output`	path	none	Path to write a generated markdown report
`--criteria-profile`	string	`conformance-all-pass-v1`	Certification criteria profile to apply
`--signing-seed-file`	path	required	Persistent seed file for signing certification artifacts

certify verify

Verify the signature and criteria-profile evaluation of a certification artifact.

bash

chio certify verify --input <PATH>

Essential flag: --input <PATH> (required). Path to the signed certification artifact JSON.

certify registry

Manage the certification registry served by chio trust serve: publish a new certification, list existing entries, fetch one by ID, or resolve the current certification for a tool server.

bash

chio certify registry publish   --input <PATH>      # publish signed artifact to registry
chio certify registry list                          # list certifications in the registry
chio certify registry get       --id <CERT_ID>      # fetch a certification by ID
chio certify registry resolve   --tool-server <ID>  # resolve current certification for a tool server

All registry subcommands honor the global --control-url and --control-token flags to target a running trust-control service.

chio reputation

Inspect local reputation scorecards from persisted receipts and lineage state.

reputation local

bash

chio reputation local --subject-public-key <HEX> [OPTIONS]

Flag	Type	Default	Description
`--subject-public-key`	hex string	required	Subject Ed25519 public key in hex
`--since`	integer (Unix seconds)	none	Lower bound for the evaluated receipt window
`--until`	integer (Unix seconds)	none	Upper bound for the evaluated receipt window
`--policy`	path	none	Policy file whose reputation scoring config applies

reputation compare

Compare the live local reputation corpus against a portable passport artifact.

bash

chio reputation compare --subject-public-key <HEX> --passport <PATH> [OPTIONS]

PreviousCompliance Frameworks NextPolicy Schema