Skip to content

Command Reference

Mohit Suman edited this page Jul 13, 2026 · 4 revisions

Harness CLI — Command Reference

Complete list of every command supported by the Harness CLI, grouped by module. 231 commands across 71 nouns × 10 public modules.

The grammar is harness <verb> <noun> [identifier] [flags] — the verb always comes first. A small set of self-management commands (auth, install, version, debug) sit outside the verb/noun grammar because they operate on the tool itself rather than a Harness resource.

If you are an AI agent reading this file: every row below is a valid invocation. Placeholders in angle brackets (<id>, <repo>/<pr_number>) are the only free variables. Prefer harness list noun --matrix and harness <verb> <noun> --help for the live source of truth — this document mirrors the spec files under pkg/spec/ but is regenerated by hand and may lag by a release.

Module Commands Notes
core 19 Auth (PAT + SSO), install/upgrade, version, discovery (list/get module, list/get noun), debug helpers
platform 48 Orgs, projects, users, roles, connectors, secrets, settings, delegates, delegate tokens, Harness Worker Agents, entity usage
pipeline 37 Pipelines (incl. dynamic execution), executions + abort, logs (live viewer), triggers CRUD, input sets CRUD, templates, approvals (approve/reject), freeze windows
cd 20 Services, environments, infrastructure definitions, service overrides
iacm 13 IaCM workspaces (Terraform/OpenTofu) plus Ansible hosts/inventories/playbooks and the module/provider registries
har 37 Artifact Registry — push (14 formats), pull, registries, artifact/version metadata, firewall scans, migrate
code 29 Harness Code — repos, PRs (incl. cross-repo pr:mine), branches, commits, tags, PR comments, PR/commit checks
fme 15 Feature Management & Experimentation — feature flags CRUD, archive/unarchive, per-environment definitions, kill/restore/reallocate
governance 11 OPA policies, policy sets, policy evaluations
audit 2 Read-only audit trail across every Harness resource

Internal-only modules (gated to harness.io users): kg — Knowledge Graph schema browser and HQL engine (9 commands, 2 nouns). aievals — AI evaluations (31 commands, 8 nouns). Both ship in the binary but are hidden from list module / list noun unless the active profile is on a harness.io account.

Use harness list noun --matrix for the live noun × verb matrix. Use harness <verb> <noun> --help for full flag details on any command.


Contents


Global conventions

These apply to every command and are not repeated in each module.

  • <id> — the resource identifier (e.g. pipeline ID, project ID, secret ID).
  • Compound IDs — code, pipeline-execution, and PR-comment resources use <parent>/<child> forms (e.g. <repo>/<pr_number>, <pipeline>/<execution_id>, <repo>/<pr_number>/<comment_id>). The CLI accepts the same form everywhere a parent is required.
  • Qualified nounsnoun:variant distinguishes sub-operations on the same resource (execute pr:merge, list pr:mine, get pipeline:summary, list kg:type, execute execution:abort).
  • --set / --delcreate and update commands accept --set key=value (repeatable) and, on update, --del key to clear a field. Nested paths use dots: --set variables.region=us-east-1.
  • YAML I/O (-f)create and update on most resources accept -f file.yaml (or -f - for stdin) to send the body from a file instead of using --set. get prints YAML by default; add --yaml to force YAML on commands where another format is the default.
  • Output format--format json|jsonl|table|text|csv|tsv|markdown|yaml; the default is table for list, text/yaml for get, and structured for everything else. -o is an accepted alias.
  • Paging — every list supports --limit, --offset (or --page), --all, and --count where the underlying API supports it.
  • Scope--account, --org, --project override profile scope per-invocation. Multi-level nouns also accept --level account|org|project to switch scope.
  • --ui — many list and select commands support an interactive TUI (see Interactive TUI). Requires a TTY.
  • --profile — pick a non-default auth profile for one invocation. Equivalent to setting HARNESS_PROFILE.

Core (management & discovery)

Source: pkg/spec/core.spec.yaml.

Authentication

Command One-line description
harness auth login Save credentials (PAT) to a named profile via an interactive flow.
harness auth loginsso Authenticate via browser SSO (OAuth2) — no PAT required. Tokens are stored in the OS keychain where available.
harness auth sso_refresh Refresh the SSO access token using the stored refresh token.
harness auth setscope Set the default org and/or project on a profile.
harness auth logout Remove a profile and its stored credentials.
harness auth profiles List all configured authentication profiles.
harness auth status Show the current auth profile and validate credentials.
harness auth env Print env vars for the current auth context (use with --export for eval-friendly output).
harness auth token Print the active API token to stdout (useful for piping into other tooling).

Version & install

Command One-line description
harness version Print the Harness CLI version.
harness install cli Install or upgrade the harness binary and any installed modules in one shot (--version, --install-dir, --force, --check, --core-only). Errors if --install-dir does not match the current executable path.
harness install module <name> Install or upgrade a single CLI module binary (e.g. har).

Discovery

Command One-line description
harness list module List all loaded CLI modules (builtin + external).
harness get module <name> Show the domain model and nouns for a module (--matrix for noun × verb table).
harness list noun List all registered nouns with their module and supported verbs (--matrix).
harness get noun <noun> Show fields and supported commands for a specific noun.

Debug

Command One-line description
harness debug miscfg Trigger a misconfigured command (dev-only registry self-test).
harness debug update_check Probe the release manifest and report what an in-place upgrade would do.

Platform

Source: pkg/spec/platform.spec.yaml.

Account, Organizations & Projects

Command One-line description
harness get account Get details for the current account.
harness list organization List organizations in the account.
harness get organization <id> Get an organization by identifier.
harness create organization Create a new organization (--set fields or -f org.yaml).
harness update organization Update an organization (get-then-put via --set/--del, or -f).
harness delete organization Delete an organization by identifier.
harness list project List projects in an organization.
harness get project <id> Get a project by identifier.
harness create project Create a new project (--set fields or -f project.yaml).
harness update project Update a project (--set/--del, or -f).
harness delete project Delete a project by identifier.

Users, Groups & Service Accounts

Command One-line description
harness list user List users in the account.
harness get user <id> Get a user by identifier.
harness list user_group List user groups in the account.
harness get user_group <id> Get a user group by identifier.
harness list service_account List service accounts in the account.
harness get service_account <id> Get a service account by identifier.

Roles, Permissions & Resource Groups

Command One-line description
harness list role List roles in scope.
harness get role <id> Get a role by identifier.
harness list role_assignment List role assignments in scope.
harness get role_assignment <id> Get a role assignment by identifier.
harness list resource_group List resource groups in scope.
harness get resource_group <id> Get a resource group by identifier.
harness list permission List all available permissions.
harness get permission <id> Get a permission by identifier.

Settings

Command One-line description
harness list setting List platform settings.
harness get setting <id> Get a setting value by identifier.

Connectors & Secrets

Command One-line description
harness list connector List connectors (multi-level via --level).
harness get connector <id> Get a connector by identifier.
harness create connector <id> Create a connector (--set fields or -f connector.yaml).
harness update connector <id> Update a connector (--set/--del, or -f).
harness delete connector <id> Delete a connector by identifier.
harness execute connector:test <id> Run a connectivity test against a connector and return the structured result.
harness list secret List secrets (metadata only — values are never returned).
harness get secret <id> Get a secret by identifier (metadata only).
harness create secret <id> Create a secret (--set fields or -f secret.yaml; secret values are redacted in echo).
harness update secret <id> Update a secret (--set/--del, or -f).
harness delete secret <id> Delete a secret by identifier.

Delegates & Delegate Tokens

Command One-line description
harness list delegate List delegates in scope (multi-level).
harness get delegate <id> Get a delegate by identifier.
harness list delegate_token List delegate tokens.
harness create delegate_token <id> Create a delegate token (token value is returned once at creation time).
harness delete delegate_token <id> Revoke (delete) a delegate token.

Entity Usage

Command One-line description
harness list entity_usage connector/<id> List every place a given entity is referenced. Pass the target as <entity_type>/<id> (e.g. connector/git-hub).

Pipelines / CI-CD

Source: pkg/spec/pipeline.spec.yaml.

Pipelines

Command One-line description
harness list pipeline List pipelines in a project.
harness get pipeline <id> Get a pipeline's YAML definition (--format json to convert; --raw for the full envelope).
harness create pipeline Create a pipeline — inline (-f pipeline.yaml) or Git-backed (--connector/--repo/--file-path).
harness update pipeline Update a pipeline's YAML definition (-f file.yaml or -f - for stdin).
harness delete pipeline <id> Delete a pipeline by identifier.
harness get pipeline:summary <id> Get a lightweight pipeline summary (without full YAML).
harness get runtime_input_template <id> Get the runtime input template for a pipeline (shows every <+input> placeholder).
harness list pipeline_v1 List v1-schema pipelines in a project (legacy API compatibility).
harness get pipeline_v1 <id> Get a v1-schema pipeline by identifier.

Executions

Command One-line description
harness execute pipeline <id> Trigger a pipeline execution (--input key=val repeatable, --input-set, --input-file, --branch, --follow).
harness execute pipeline:dynamic <id> Execute a pipeline whose YAML is validated dynamically (uses the validators endpoint before running).
harness execute pipeline:input_set <id> Execute using the inputSetList endpoint (input sets are merged server-side).
harness execute execution:abort <[pipeline/]id> Abort a running pipeline execution (--interrupt-type AbortAll|Abort|Pause|Resume|StageRollback|ExpireAll|Retry).
harness list execution List pipeline executions in a project (--status, --branch, --module; optional pipeline scope).
harness get execution <[pipeline/]id> Get a pipeline execution by ID (--no-graph to skip the stage/step graph).
harness list execution_step <[pipeline/]id> List expanded execution steps (including loop/matrix iterations) for an execution.
harness list execution_log <[pipeline/]id> List all log keys for a pipeline execution.
harness get execution_log <key> Fetch logs for a log key. Passing <[pipeline/]execId> returns every log stream for the execution. --follow streams live, --ui launches the interactive log viewer, --save writes the log to a file.

Triggers, Input Sets & Templates

Command One-line description
harness list trigger List triggers for a pipeline (--search for a name filter).
harness get trigger <pipeline/id> Get a trigger by identifier.
harness create trigger <pipeline_id> Create a trigger from a YAML body (-f trigger.yaml; the file carries the full trigger definition).
harness update trigger <[pipeline/]id> Update a trigger's YAML definition (-f trigger.yaml or -f -).
harness delete trigger <[pipeline/]id> Delete a trigger by identifier (interactive confirm; use -y to skip).
harness list input_set List input sets for a pipeline.
harness get input_set <pipeline/id> Get an input set by identifier.
harness create input_set <pipeline_id> Create an input set from a YAML body (-f input-set.yaml).
harness update input_set <pipeline/id> Update an input set's YAML definition (-f input-set.yaml or -f -).
harness delete input_set <pipeline/id> Delete an input set by identifier (interactive confirm; use -y to skip).
harness list template List templates in a project.
harness get template <id> Get a template by identifier.

Approvals & Freezes

Command One-line description
harness list approval_instance List approval instances for a pipeline execution.
harness get approval_instance <id> Get an approval instance by identifier.
harness execute approval_instance:approve <id> Approve a waiting Harness approval instance (--comment, --approver-input key=value repeatable).
harness execute approval_instance:reject <id> Reject a waiting Harness approval instance (--comment).
harness list freeze_window List deployment freeze windows (multi-level via --level).
harness get freeze_window <id> Get a deployment freeze window by identifier.
harness get global_freeze Get the global deployment freeze status.

CD (Continuous Delivery)

Source: pkg/spec/cd.spec.yaml.

The CD module covers the four primary deployment resources: services (what you deploy), environments (where you deploy), infrastructure definitions (how you deploy), and service overrides (per-environment service config).

Services

Command One-line description
harness list service List services in a project.
harness get service <id> Get a service by identifier.
harness create service <id> Create a service (--set name=<name> [description=…] or -f service.yaml).
harness update service <id> Update a service's name, description, or tags.
harness delete service <id> Delete a service by identifier.

Environments

Command One-line description
harness list environment List environments in a project.
harness get environment <id> Get an environment by identifier.
harness create environment <id> Create an environment (--set name=<name> type=Production|PreProduction or -f env.yaml).
harness update environment <id> Update an environment's name, type, description, or tags.
harness delete environment <id> Delete an environment by identifier.

Infrastructure

Command One-line description
harness list infrastructure --env <e> List infrastructure definitions inside an environment.
harness get infrastructure <id> Get an infrastructure definition (--env <environment_id> required).
harness create infrastructure <id> Create an infrastructure definition (--set name=<name> environmentRef=<env> or -f infra.yaml).
harness update infrastructure <id> Update an infrastructure definition.
harness delete infrastructure <id> Delete an infrastructure definition (--env <environment_id> required).

Service Overrides

Command One-line description
harness list service_override --env <e> List service overrides for an environment.
harness get service_override <id> Get a service override by identifier.
harness create service_override <id> Create a service override (--set environmentRef=<env> type=ENV_GLOBAL_OVERRIDE|ENV_SERVICE_OVERRIDE).
harness update service_override <id> Update a service override.
harness delete service_override <id> Delete a service override.

IaCM (Infrastructure as Code & Ansible)

Source: pkg/spec/iacm.spec.yaml.

IaCM manages Terraform/OpenTofu workspaces, tracks Ansible inventories and playbooks, and provides a private Terraform module and provider registry. Workspace create/update/delete land in v3.1; today, workspaces are provisioned via the UI or REST and are fully driveable from the CLI thereafter.

Terraform Workspaces

Command One-line description
harness list workspace List IaCM workspaces in a project.
harness get workspace <id> Get an IaCM workspace by identifier.
harness execute workspace <id> Execute a remote Terraform plan. The workspace ID may be omitted if .harness/workspace.yaml is present (--target, --replace, --force).

Ansible — Hosts, Inventories, Playbooks

Command One-line description
harness list host List Ansible hosts (--search, --inventory, --status).
harness get host <id> Get an Ansible host by identifier.
harness list inventory List Ansible inventories in a project.
harness get inventory <id> Get an Ansible inventory by identifier.
harness list playbook List Ansible playbooks in a project.
harness get playbook <id> Get an Ansible playbook by identifier.

Module & Provider Registries

Command One-line description
harness list registry_module List Terraform/OpenTofu modules published to the IaCM registry.
harness get registry_module <id> Get a registry module by identifier.
harness list provider List Terraform providers registered with IaCM.
harness get provider <id> Get a provider by identifier.

Artifact Registry (HAR)

Source: pkg/spec/har.spec.yaml. Ships as a separate harness-har binary and is dispatched transparently from harness.

Registries

Command One-line description
harness list registry List artifact registries in a project.
harness get registry <id> Get an artifact registry by identifier.
harness create registry Create a new artifact registry.
harness delete registry <id> Delete an artifact registry by identifier.
harness configure registry <id> Configure a local package-manager client (e.g. .npmrc, pip.conf) to use a Harness registry.

Registry metadata

Command One-line description
harness get registry_metadata <id> Get metadata for an artifact registry.
harness update registry_metadata Update metadata on an artifact registry (--set key=value, --del key).

Artifacts — push (per-format)

Command One-line description
harness push artifact:maven Push a Maven artifact (.jar/.war) to a Harness registry.
harness push artifact:npm Push an npm package (.tgz) to a Harness registry.
harness push artifact:python Push a Python package (.whl) to a Harness registry.
harness push artifact:nuget Push a NuGet package (.nupkg) to a Harness registry.
harness push artifact:rpm Push an RPM package to a Harness registry.
harness push artifact:cargo Push a Cargo crate (.crate) to a Harness registry.
harness push artifact:go Push a Go module to a Harness registry.
harness push artifact:conda Push a Conda package to a Harness registry.
harness push artifact:dart Push a Dart package to a Harness registry.
harness push artifact:composer Push a Composer package (.zip) to a Harness registry.
harness push artifact:swift Push a Swift package to a Harness registry.
harness push artifact:puppet Push a Puppet module (.tar.gz) to a Harness registry.
harness push artifact:helm Push a Helm chart to a Harness registry.
harness push artifact:docker Push a Docker image to a Harness registry.

Artifacts — pull / list / get / delete

Command One-line description
harness pull artifact <registry> Pull a generic artifact from a Harness registry.
harness list artifact <registry> List artifacts in a registry.
harness get artifact <id> Get artifact metadata by registry and name.
harness delete artifact <id> Delete an artifact and all its versions.

Artifact versions

Command One-line description
harness list artifact_version List versions of an artifact.
harness get artifact_version <id> Get artifact-version metadata.
harness delete artifact_version <id> Delete a specific artifact version.
harness list artifact_file List files inside a specific artifact version.
harness execute artifact_version:copy <id> Copy a specific artifact version to another registry.
harness execute artifact_version:firewall_scan <id> Evaluate firewall policy for a specific artifact version.

Artifact / version metadata

Command One-line description
harness get artifact_metadata <id> Get metadata for an artifact.
harness update artifact_metadata Update metadata on an artifact (--set key=value, --del key).
harness get artifact_version_metadata <id> Get metadata for an artifact version.
harness update artifact_version_metadata Update metadata on an artifact version (--set key=value, --del key).

Registry-level execute verbs

Command One-line description
harness execute registry:firewall_scan Audit lock-file dependencies against firewall policies for a registry.
harness execute registry:migrate Migrate artifacts from a source registry into Harness using a config file (-f).

Code (Harness Code)

Source: pkg/spec/code.spec.yaml.

Built-in git hosting. Repositories are top-level. PRs, branches, commits, and tags live inside a repo. Compound IDs are <repo>/<pr-number>, <repo>/<branch>, <repo>/<sha>, and <repo>/<pr_number>/<comment_id> for PR comments.

Repositories

Command One-line description
harness list repository List code repositories (multi-level — supports account/org/project scope).
harness get repository <id> Get a repository by identifier.
harness create repository <id> Create a new repository (--set identifier=<name> [default_branch=main] [description=…] [is_public=true]).
harness update repository <id> Update a repository (description, default_branch, is_public).
harness delete repository <id> Delete a repository by identifier.

Pull Requests

Command One-line description
harness list pr <repo> List pull requests for a repository (--state open|closed|merged|all, --author <email|id>, --created-after, --search).
harness list pr:mine List pull requests you authored across every repo in scope (--state, --created-after, --created-before).
harness get pr <repo>/<pr_number> Get pull request details.
harness create pr <repo> Create a pull request (--set title=… source_branch=… target_branch=…; -f desc.md for the description body).
harness update pr <repo>/<pr_number> Update a pull request (--set title=…).
harness execute pr:merge <repo>/<pr_number> Merge a pull request (--method merge|squash|rebase|fast-forward).
harness execute pr:close <repo>/<pr_number> Close a pull request without merging.
harness list pr_activity <repo> --pr <n> List PR activity (comments, reviews, state changes).

Branches, Commits & Tags

Command One-line description
harness list branch <repo> List branches in a repository.
harness get branch <repo>/<branch> Get branch details.
harness create branch <repo> Create a branch (--set name=<branch> target=<sha_or_branch>).
harness delete branch <repo>/<branch> Delete a branch by name.
harness list commit <repo> List commits (--branch <ref> to scope).
harness list pr_commit <repo> --pr <n> List commits associated with a pull request.
harness get commit <repo>/<sha> Get commit details.
harness list tag <repo> List tags in a repository.
harness create tag <repo> Create a tag (--set name=<tag> target=<sha>).
harness delete tag <repo>/<tag> Delete a tag by name.

PR Comments & Checks

Command One-line description
harness list pr_comment <repo> --pr <n> List comments on a pull request.
harness create pr_comment <repo>/<pr_number> Create a PR comment (--set text=… [line=…] [path=…] for inline review comments).
harness update pr_comment <repo>/<pr_number>/<id> Edit an existing PR comment's text.
harness delete pr_comment <repo>/<pr_number>/<id> Delete a PR comment by identifier.
harness list pr_check <repo> --pr <n> List status checks reported against a pull request (CI, scans, policy evaluations).
harness list commit_check <repo> --sha <sha> List status checks reported against a specific commit SHA.

FME (Feature Management & Experimentation)

Source: pkg/spec/fme.spec.yaml.

Manage Harness feature flags and their environment-specific targeting definitions. The feature_flag noun aliases to feature_flags and ff — every command below can be written with any of the three forms (e.g. harness list ff).

Feature Flags

Command One-line description
harness list feature_flag List feature flags in the current project (--search <partial>, --status ACTIVE|ARCHIVED).
harness get feature_flag <name> Get a feature flag's details.
harness create feature_flag <name> Create a feature flag (--traffic-type user|account required; --set key=value for extra fields).
harness update feature_flag <name> Update a feature flag (--set key=value, --del key). Uses get-then-patch semantics.
harness delete feature_flag <name> Delete a feature flag (must have no active definitions; interactive confirm).
harness execute feature_flag:archive <name> Archive a feature flag; cascades to all definitions (--comment for audit trail).
harness execute feature_flag:unarchive <name> Unarchive a previously archived feature flag (--comment for audit trail).

Flag Definitions (per environment)

Command One-line description
harness list feature_flag:definition <flag-name> List a flag's definitions across every environment.
harness get feature_flag:definition <flag-name> --env <env-id> Get a flag's targeting definition in a specific environment.
harness create feature_flag:definition <flag-name> --env <env-id> -f def.json Create a definition for a flag in an environment from a JSON body.
harness update feature_flag:definition <flag-name> --env <env-id> Update a flag definition (--set trafficAllocation=80, --del key; get-then-patch semantics).
harness delete feature_flag:definition <flag-name> --env <env-id> Delete a flag definition from an environment (interactive confirm).
harness execute feature_flag:kill <flag-name> --env <env-id> Kill a flag in an environment — routes all traffic to defaultTreatment (--comment for audit trail).
harness execute feature_flag:restore <flag-name> --env <env-id> Restore a killed flag definition (--comment for audit trail).
harness execute feature_flag:reallocate <flag-name> --env <env-id> Re-hash traffic distribution for a flag definition (--comment for audit trail).

Harness Worker Agents

Source: pkg/spec/platform.spec.yaml — noun agent.

Harness Worker Agents are Harness-managed automation workers, defined by a wrapper YAML whose spec key carries the agent pipeline definition. The commands live under the platform module.

Command One-line description
harness list agent List Harness Worker Agents.
harness get agent <id> Get a Harness Worker Agent's definition (-o yaml produces a valid wrapper for editing).
harness create agent <id> Create a Harness Worker Agent from a wrapper YAML (-f agent.yaml). The wrapper carries name, description, and the agent spec string.
harness update agent <id> Update a Harness Worker Agent from a wrapper YAML.

Governance

Source: pkg/spec/governance.spec.yaml.

OPA (Open Policy Agent) policies authored in Rego, grouped into policy sets that are evaluated on pipeline runs and resource changes.

Policies

Command One-line description
harness list policy List governance policies.
harness get policy <id> Get a policy's details (including its Rego source).
harness create policy <id> Create a policy (--set name=<name> rego='package main…' or -f policy.yaml).
harness update policy <id> Update a policy's name or Rego source.
harness delete policy <id> Delete a policy by identifier.

Policy Sets

Command One-line description
harness list policy_set List policy sets.
harness get policy_set <id> Get a policy set's details.
harness create policy_set <id> Create a policy set (--set name=<name> type=pipeline action=onrun enabled=true).
harness update policy_set <id> Update a policy set (name, enabled, member policies).
harness delete policy_set <id> Delete a policy set by identifier.

Policy Evaluations

Command One-line description
harness list policy_evaluation List recorded policy-set evaluations against resources.

Audit

Source: pkg/spec/audit.spec.yaml.

Read-only access to the audit trail across every Harness module. Every create/update/delete produces an audit_event.

Command One-line description
harness list audit_event List audit-trail events (defaults to the last 7 days; filter with --from, --to, --resource-type, --action, --principal).
harness get audit_event <id> Get a single audit event with the YAML diff of the change.

Interactive TUI (--ui)

Many commands support a --ui flag that launches an interactive terminal UI (Bubble Tea). It requires a TTY on both stdin and stdout — running under a pipe, in CI, or with output redirected fails with --ui requires an interactive terminal (TTY).

Three flavors:

  • Paged list browser — auto-enabled on every list command whose API supports paging. Scroll, search, and drill into rows. Wired in pkg/registry/registry.go at the list+paging branch.
  • Resource picker / detail view — opt-in on selected get commands via ui: true in the spec. Used to interactively pick or inspect a single resource.
  • Live log viewerharness get execution_log <[pipeline/]execId> --ui streams logs step-by-step in real time, shows the graph on the left, and offers Details/Inputs/Outputs tabs. Left/right scrolling, spinner, and save-to-file are built in.

list commands with --ui

Module Commands
core auth profiles, list module, list noun
platform list organization, list project, list user, list user_group, list service_account, list role, list role_assignment, list resource_group, list permission, list setting, list connector, list secret, list delegate, list delegate_token, list agent, list entity_usage
pipeline list pipeline, list pipeline_v1, list execution, list execution_step, list execution_log, list trigger, list input_set, list template, list approval_instance, list freeze_window
cd list service, list environment, list infrastructure, list service_override
iacm list workspace, list host, list inventory, list playbook, list registry_module, list provider
har list registry, list artifact, list artifact_version, list artifact_file
code list repository, list pr, list pr:mine, list branch, list commit, list pr_commit, list tag, list pr_activity, list pr_comment, list pr_check, list commit_check
fme list feature_flag, list feature_flag:definition
governance list policy, list policy_set, list policy_evaluation
audit list audit_event

get commands with --ui

Command What --ui does
harness get project --ui Interactive project picker (org-aware).
harness get workspace --ui Interactive IaCM workspace picker.
harness get artifact_version --ui Interactive artifact + version picker.
harness get execution_log --ui Live log viewer for a pipeline execution — tails steps in real time, supports navigation, tab views, and save. Use the <[pipeline/]execId> form (not a full log key) and don't pair with --stage or --step.

Notes

  • --ui is mutually exclusive with --format, --out, and stream redirection — pick one.
  • For list commands with --ui, paging flags (--limit, --offset, --all, --count) are ignored; the TUI handles paging itself.
  • When a new noun is added to a spec with a paged list endpoint, --ui is wired automatically — no extra spec changes needed.

What's new in 3.0 Beta

Tracking commands added, renamed, or clarified since the last snapshot (2026-07-06). All are visible in the current specs and can be verified with harness list noun --matrix.

New module: fme — Feature Management & Experimentation.

  • Full CRUD on feature_flag (aliases feature_flags, ff).
  • execute feature_flag:archive / feature_flag:unarchive for flag lifecycle.
  • Per-environment feature_flag:definitionlist, get, create, update, delete, plus execute feature_flag:kill (traffic → defaultTreatment), feature_flag:restore, and feature_flag:reallocate (re-hash traffic).

New in pipeline:

  • harness create / update / delete trigger — full write-side lifecycle for triggers (YAML body via -f trigger.yaml; update/delete accept the <pipeline/id> compound form).
  • harness create / update / delete input_set — write-side lifecycle for input sets (YAML body via -f input-set.yaml).
  • harness get / execute approval_instance:approve / execute approval_instance:reject — act on Harness-managed approval steps directly from the CLI (--comment, repeatable --approver-input key=value).
  • harness execute pipeline:dynamic <id> — execute a pipeline whose YAML is validated dynamically against the validators endpoint before running.

New in core:

  • harness install cli now upgrades installed CLI modules alongside the core binary (--core-only to opt out; the command errors if --install-dir doesn't match the executable path). Module-update failures print a warning without failing the command.
  • harness auth status now shows token expiration times, and harness auth profiles includes an auth-type column (PAT vs SSO).

Better UX (no new commands, worth noting for AI agents):

  • Telemetry: the CLI now emits telemetry directly (no batching) via Segment. Events include AI_TOOL markers when running under Claude Code / Cursor / other coding agents, plus machine metadata.
  • CSV output uses encoding/csv (RFC 4180) instead of ad-hoc formatting — safe to pipe into standard CSV readers.

Access changes:

  • kg (Knowledge Graph) is now Harness-internal. The module still ships in the binary but is gated to harness.io profiles — external users won't see kg:* nouns in list module / list noun. Same rule already applies to aievals.

Recently added (still current):

  • platformlist/get/create/update agent (Harness Worker Agents CRUD, wrapper YAML via -f).
  • pipelineexecute execution:abort, get execution_log --ui live log viewer.
  • iacm — Ansible (list/get host|inventory|playbook), Terraform module & provider registries (list/get registry_module|provider).
  • code — cross-repo list pr:mine, list pr --author <email|UUID>, account/org-scope list repository.
  • harexecute artifact_version:copy and execute registry:migrate for cross-registry moves.

Coming in v3.1:

  • harness create / update / delete workspace (IaCM Terraform).
  • harness push artifact:generic for legacy hc parity.
  • Native MCP server (harness mcp serve).
  • Windows native binary and MSI installer.

Cheat sheet for AI agents

Rules the CLI is guaranteed to follow — safe to build on top of without extra probing.

  1. Grammar is strict: every non-management command is harness <verb> <noun> [id] [flags]. Never harness <noun> <verb>. When in doubt, run harness list noun --matrix.
  2. Every list accepts --limit, --offset (or --page), --all, and --count. For unbounded pulls prefer --all; for size probes use --count.
  3. Every command supports --format json|jsonl|yaml|table|csv|tsv|markdown|text. For automation, use --format json (single object) or --format jsonl (one row per line). -o json also works.
  4. IDs vs compound IDs. Any command whose ID label reads <parent>/<child> (e.g. <repo>/<pr_number>, <[pipeline/]exec_id>) accepts that exact form as its positional argument. Slashes are meaningful and are NOT URL-encoded.
  5. --set key=value on create/update is repeatable and supports dot paths (--set variables.region=us-east-1). --del key clears fields on update.
  6. -f file.yaml reads the body from a file on create/update (or -f - for stdin). It is mutually compatible with --set--set overrides matching keys from the file.
  7. --ui needs a TTY. In non-interactive contexts (CI, headless agents) never pass --ui; use --follow for streaming and --format jsonl for iteration instead.
  8. Auth is per-profile. Default profile is used unless --profile or HARNESS_PROFILE is set. harness auth env --export prints the env vars needed to talk to the same account outside the CLI.
  9. Discovery, not memorization. If you don't know a flag or a field name, harness <verb> <noun> --help and harness get noun <noun> are always available.
  10. Idempotency signals. create is not idempotent — it errors if the resource exists. update uses get-then-put semantics (safe to re-run with the same --set). delete is idempotent-safe with --ignore-not-found.

Live source of truth for anything below (never trust a stale doc when the CLI can answer):

harness list noun --matrix        # every noun × verb combo
harness get noun pipeline         # fields and supported verbs for one noun
harness get module code           # domain model, nouns, and commands for a module
harness <verb> <noun> --help      # full flag list for any command