Cupcake CLI
Cupcake provides a powerful command-line interface for managing AI agent governance policies. This guide walks through the core commands with visual demonstrations.
New to Cupcake? See the Installation Guide to get started.
Quick Start
Initialize a Project
Set up Cupcake in your project with a single command:
cupcake init --harness claude
This creates the .cupcake/ directory with:
rulebook.yml- Configuration filepolicies/- Rego policy filessignals/- External data providersactions/- Automated response scripts
Core Commands
cupcake --help
View all available commands and options:
cupcake --help
cupcake inspect
Inspect loaded policies and their routing metadata:
cupcake inspect
cupcake inspect --table # Compact table view
This shows:
- Policy packages and their event/tool routing
- Enabled builtins
- Signal configurations
cupcake verify
Verify your configuration and policies are valid:
cupcake verify --harness claude
Use this to:
- Validate policy syntax
- Check rulebook configuration
- Ensure OPA compilation succeeds
cupcake trust
Manage script trust and integrity verification:
cupcake trust init # Initialize trust manifest
cupcake trust list # List trusted scripts
cupcake trust verify # Verify against manifest
The trust system ensures:
- Signal scripts haven't been tampered with
- Action scripts are verified before execution
- Policy files maintain integrity
Supported Harnesses
Cupcake integrates with multiple AI coding agents via the --harness flag:
| Harness | Description |
|---|---|
claude |
Claude Code (claude.ai/code) |
cursor |
Cursor (cursor.com) |
factory |
Factory AI Droid (factory.ai) |
opencode |
OpenCode (opencode.ai) |
Next Steps
- Writing Policies - Create custom Rego policies
- Builtin Policies - Configure built-in protections