-
Notifications
You must be signed in to change notification settings - Fork 3
Command Reference
The grammar is harness <verb> <noun> [identifier] [flags] — the verb always comes first. A small set of self-management commands (auth, install, version, debug) sit outside the verb/noun grammar because they operate on the tool itself rather than a Harness resource.
If you are an AI agent reading this file: every row below is a valid invocation. Placeholders in angle brackets (<id>, <repo>/<pr_number>) are the only free variables. Prefer harness list noun --matrix and harness <verb> <noun> --help for the live source of truth — this document mirrors the spec files under pkg/spec/ but is regenerated by hand and may lag by a release.
| Module | Commands | Notes |
|---|---|---|
core |
19 | Auth (PAT + SSO), install/upgrade, version, discovery (list/get module, list/get noun), debug helpers |
platform |
48 | Orgs, projects, users, roles, connectors, secrets, settings, delegates, delegate tokens, AI agents, entity usage |
pipeline |
28 | Pipelines, executions, execution abort, logs (live viewer), triggers, input sets, templates, freeze windows |
cd |
20 | Services, environments, infrastructure definitions, service overrides |
iacm |
13 | IaCM workspaces (Terraform/OpenTofu) plus Ansible hosts/inventories/playbooks and the module/provider registries |
har |
37 | Artifact Registry — push (14 formats), pull, registries, artifact/version metadata, firewall scans, migrate |
code |
29 | Harness Code — repos, PRs (incl. cross-repo pr:mine), branches, commits, tags, PR comments, PR/commit checks |
governance |
11 | OPA policies, policy sets, policy evaluations |
audit |
2 | Read-only audit trail across every Harness resource |
kg |
9 | Knowledge Graph schema browser and HQL (Harness Query Language) engine |
The
aievalsmodule (AI evaluations — 31 commands) ships in the CLI but is currently gated to internal preview and is intentionally not surfaced in the public command list.
Use harness list noun --matrix for the live noun × verb matrix. Use harness <verb> <noun> --help for full flag details on any command.
- Global conventions
- Core (management & discovery)
- Platform
- Pipelines / CI-CD
- CD (Continuous Delivery)
- IaCM (Infrastructure as Code & Ansible)
- Artifact Registry (HAR)
- Code (Harness Code)
- Governance
- Audit
- Knowledge Graph (
kg) - Interactive TUI (
--ui) - Cheat sheet for AI agents
These apply to every command and are not repeated in each module.
-
<id>— the resource identifier (e.g. pipeline ID, project ID, secret ID). -
Compound IDs — code, pipeline-execution, and PR-comment resources use
<parent>/<child>forms (e.g.<repo>/<pr_number>,<pipeline>/<execution_id>,<repo>/<pr_number>/<comment_id>). The CLI accepts the same form everywhere a parent is required. -
Qualified nouns —
noun:variantdistinguishes sub-operations on the same resource (execute pr:merge,list pr:mine,get pipeline:summary,list kg:type,execute execution:abort). -
--set/--del—createandupdatecommands accept--set key=value(repeatable) and, on update,--del keyto clear a field. Nested paths use dots:--set variables.region=us-east-1. -
YAML I/O (
-f) —createandupdateon most resources accept-f file.yaml(or-f -for stdin) to send the body from a file instead of using--set.getprints YAML by default; add--yamlto force YAML on commands where another format is the default. -
Output format —
--format json|jsonl|table|text|csv|tsv|markdown|yaml; the default istableforlist,text/yamlforget, and structured for everything else.-ois an accepted alias. -
Paging — every
listsupports--limit,--offset(or--page),--all, and--countwhere the underlying API supports it. -
Scope —
--account,--org,--projectoverride profile scope per-invocation. Multi-level nouns also accept--level account|org|projectto switch scope. -
--ui— many list and select commands support an interactive TUI (see Interactive TUI). Requires a TTY. -
--profile— pick a non-default auth profile for one invocation. Equivalent to settingHARNESS_PROFILE.
Source: pkg/spec/core.spec.yaml.
| Command | One-line description |
|---|---|
harness auth login |
Save credentials (PAT) to a named profile via an interactive flow. |
harness auth loginsso |
Authenticate via browser SSO (OAuth2) — no PAT required. Tokens are stored in the OS keychain where available. |
harness auth sso_refresh |
Refresh the SSO access token using the stored refresh token. |
harness auth setscope |
Set the default org and/or project on a profile. |
harness auth logout |
Remove a profile and its stored credentials. |
harness auth profiles |
List all configured authentication profiles. |
harness auth status |
Show the current auth profile and validate credentials. |
harness auth env |
Print env vars for the current auth context (use with --export for eval-friendly output). |
harness auth token |
Print the active API token to stdout (useful for piping into other tooling). |
| Command | One-line description |
|---|---|
harness version |
Print the Harness CLI version. |
harness install cli |
Install or upgrade the harness binary itself (--version, --install-dir, --force). |
harness install module <name> |
Install or upgrade a CLI module binary (e.g. har). |
| Command | One-line description |
|---|---|
harness list module |
List all loaded CLI modules (builtin + external). |
harness get module <name> |
Show the domain model and nouns for a module (--matrix for noun × verb table). |
harness list noun |
List all registered nouns with their module and supported verbs (--matrix). |
harness get noun <noun> |
Show fields and supported commands for a specific noun. |
| Command | One-line description |
|---|---|
harness debug miscfg |
Trigger a misconfigured command (dev-only registry self-test). |
harness debug update_check |
Probe the release manifest and report what an in-place upgrade would do. |
Source: pkg/spec/platform.spec.yaml.
| Command | One-line description |
|---|---|
harness get account |
Get details for the current account. |
harness list organization |
List organizations in the account. |
harness get organization <id> |
Get an organization by identifier. |
harness create organization |
Create a new organization (--set fields or -f org.yaml). |
harness update organization |
Update an organization (get-then-put via --set/--del, or -f). |
harness delete organization |
Delete an organization by identifier. |
harness list project |
List projects in an organization. |
harness get project <id> |
Get a project by identifier. |
harness create project |
Create a new project (--set fields or -f project.yaml). |
harness update project |
Update a project (--set/--del, or -f). |
harness delete project |
Delete a project by identifier. |
| Command | One-line description |
|---|---|
harness list user |
List users in the account. |
harness get user <id> |
Get a user by identifier. |
harness list user_group |
List user groups in the account. |
harness get user_group <id> |
Get a user group by identifier. |
harness list service_account |
List service accounts in the account. |
harness get service_account <id> |
Get a service account by identifier. |
| Command | One-line description |
|---|---|
harness list role |
List roles in scope. |
harness get role <id> |
Get a role by identifier. |
harness list role_assignment |
List role assignments in scope. |
harness get role_assignment <id> |
Get a role assignment by identifier. |
harness list resource_group |
List resource groups in scope. |
harness get resource_group <id> |
Get a resource group by identifier. |
harness list permission |
List all available permissions. |
harness get permission <id> |
Get a permission by identifier. |
| Command | One-line description |
|---|---|
harness list setting |
List platform settings. |
harness get setting <id> |
Get a setting value by identifier. |
| Command | One-line description |
|---|---|
harness list connector |
List connectors (multi-level via --level). |
harness get connector <id> |
Get a connector by identifier. |
harness create connector <id> |
Create a connector (--set fields or -f connector.yaml). |
harness update connector <id> |
Update a connector (--set/--del, or -f). |
harness delete connector <id> |
Delete a connector by identifier. |
harness execute connector:test <id> |
Run a connectivity test against a connector and return the structured result. |
harness list secret |
List secrets (metadata only — values are never returned). |
harness get secret <id> |
Get a secret by identifier (metadata only). |
harness create secret <id> |
Create a secret (--set fields or -f secret.yaml; secret values are redacted in echo). |
harness update secret <id> |
Update a secret (--set/--del, or -f). |
harness delete secret <id> |
Delete a secret by identifier. |
| Command | One-line description |
|---|---|
harness list delegate |
List delegates in scope (multi-level). |
harness get delegate <id> |
Get a delegate by identifier. |
harness list delegate_token |
List delegate tokens. |
harness create delegate_token <id> |
Create a delegate token (token value is returned once at creation time). |
harness delete delegate_token <id> |
Revoke (delete) a delegate token. |
| Command | One-line description |
|---|---|
harness list agent |
List Harness Worker agents. |
harness get agent <id> |
Get an Worker agent's definition (-o yaml produces a valid wrapper for editing). |
harness create agent <id> |
Create a Worker agent from a wrapper YAML (-f agent.yaml). The wrapper carries name, description, and the agent spec string. |
harness update agent <id> |
Update Worker agent from a wrapper YAML. |
| Command | One-line description |
|---|---|
harness list entity_usage connector/<id> |
List every place a given entity is referenced. Pass the target as <entity_type>/<id> (e.g. connector/git-hub). |
Source: pkg/spec/pipeline.spec.yaml.
| Command | One-line description |
|---|---|
harness list pipeline |
List pipelines in a project. |
harness get pipeline <id> |
Get a pipeline's YAML definition (--format json to convert; --raw for the full envelope). |
harness create pipeline |
Create a pipeline — inline (-f pipeline.yaml) or Git-backed (--connector/--repo/--file-path). |
harness update pipeline |
Update a pipeline's YAML definition (-f file.yaml or -f - for stdin). |
harness delete pipeline <id> |
Delete a pipeline by identifier. |
harness get pipeline:summary <id> |
Get a lightweight pipeline summary (without full YAML). |
harness get runtime_input_template <id> |
Get the runtime input template for a pipeline (shows every <+input> placeholder). |
harness list pipeline_v1 |
List v1-schema pipelines in a project (legacy API compatibility). |
harness get pipeline_v1 <id> |
Get a v1-schema pipeline by identifier. |
| Command | One-line description |
|---|---|
harness execute pipeline <id> |
Trigger a pipeline execution (--input key=val repeatable, --input-set, --input-file, --branch, --follow). |
harness execute pipeline:input_set <id> |
Execute using the inputSetList endpoint (input sets are merged server-side). |
harness execute execution:abort <[pipeline/]id> |
Abort a running pipeline execution (--interrupt-type AbortAll|Abort|Pause|Resume|StageRollback|ExpireAll|Retry). |
harness list execution |
List pipeline executions in a project (--status, --branch, --module; optional pipeline scope). |
harness get execution <[pipeline/]id> |
Get a pipeline execution by ID (--no-graph to skip the stage/step graph). |
harness list execution_step <[pipeline/]id> |
List expanded execution steps (including loop/matrix iterations) for an execution. |
harness list execution_log <[pipeline/]id> |
List all log keys for a pipeline execution. |
harness get execution_log <key> |
Fetch logs for a log key. Passing <[pipeline/]execId> returns every log stream for the execution. --follow streams live, --ui launches the interactive log viewer, --save writes the log to a file. |
| Command | One-line description |
|---|---|
harness list trigger |
List triggers for a pipeline. |
harness get trigger <id> |
Get a trigger by identifier. |
harness list input_set |
List input sets for a pipeline. |
harness get input_set <id> |
Get an input set by identifier. |
harness list template |
List templates in a project. |
harness get template <id> |
Get a template by identifier. |
| Command | One-line description |
|---|---|
harness list approval_instance |
List approval instances for a pipeline execution. |
harness list freeze_window |
List deployment freeze windows (multi-level via --level). |
harness get freeze_window <id> |
Get a deployment freeze window by identifier. |
harness get global_freeze |
Get the global deployment freeze status. |
Source: pkg/spec/cd.spec.yaml.
The CD module covers the four primary deployment resources: services (what you deploy), environments (where you deploy), infrastructure definitions (how you deploy), and service overrides (per-environment service config).
| Command | One-line description |
|---|---|
harness list service |
List services in a project. |
harness get service <id> |
Get a service by identifier. |
harness create service <id> |
Create a service (--set name=<name> [description=…] or -f service.yaml). |
harness update service <id> |
Update a service's name, description, or tags. |
harness delete service <id> |
Delete a service by identifier. |
| Command | One-line description |
|---|---|
harness list environment |
List environments in a project. |
harness get environment <id> |
Get an environment by identifier. |
harness create environment <id> |
Create an environment (--set name=<name> type=Production|PreProduction or -f env.yaml). |
harness update environment <id> |
Update an environment's name, type, description, or tags. |
harness delete environment <id> |
Delete an environment by identifier. |
| Command | One-line description |
|---|---|
harness list infrastructure --env <e> |
List infrastructure definitions inside an environment. |
harness get infrastructure <id> |
Get an infrastructure definition (--env <environment_id> required). |
harness create infrastructure <id> |
Create an infrastructure definition (--set name=<name> environmentRef=<env> or -f infra.yaml). |
harness update infrastructure <id> |
Update an infrastructure definition. |
harness delete infrastructure <id> |
Delete an infrastructure definition (--env <environment_id> required). |
| Command | One-line description |
|---|---|
harness list service_override --env <e> |
List service overrides for an environment. |
harness get service_override <id> |
Get a service override by identifier. |
harness create service_override <id> |
Create a service override (--set environmentRef=<env> type=ENV_GLOBAL_OVERRIDE|ENV_SERVICE_OVERRIDE). |
harness update service_override <id> |
Update a service override. |
harness delete service_override <id> |
Delete a service override. |
Source: pkg/spec/iacm.spec.yaml.
IaCM manages Terraform/OpenTofu workspaces, tracks Ansible inventories and playbooks, and provides a private Terraform module and provider registry. Workspace create/update/delete land in v3.1; today, workspaces are provisioned via the UI or REST and are fully driveable from the CLI thereafter.
| Command | One-line description |
|---|---|
harness list workspace |
List IaCM workspaces in a project. |
harness get workspace <id> |
Get an IaCM workspace by identifier. |
harness execute workspace <id> |
Execute a remote Terraform plan. The workspace ID may be omitted if .harness/workspace.yaml is present (--target, --replace, --force). |
| Command | One-line description |
|---|---|
harness list host |
List Ansible hosts (--search, --inventory, --status). |
harness get host <id> |
Get an Ansible host by identifier. |
harness list inventory |
List Ansible inventories in a project. |
harness get inventory <id> |
Get an Ansible inventory by identifier. |
harness list playbook |
List Ansible playbooks in a project. |
harness get playbook <id> |
Get an Ansible playbook by identifier. |
| Command | One-line description |
|---|---|
harness list registry_module |
List Terraform/OpenTofu modules published to the IaCM registry. |
harness get registry_module <id> |
Get a registry module by identifier. |
harness list provider |
List Terraform providers registered with IaCM. |
harness get provider <id> |
Get a provider by identifier. |
Source: pkg/spec/har.spec.yaml. Ships as a separate harness-har binary and is dispatched transparently from harness.
| Command | One-line description |
|---|---|
harness list registry |
List artifact registries in a project. |
harness get registry <id> |
Get an artifact registry by identifier. |
harness create registry |
Create a new artifact registry. |
harness delete registry <id> |
Delete an artifact registry by identifier. |
harness configure registry <id> |
Configure a local package-manager client (e.g. .npmrc, pip.conf) to use a Harness registry. |
| Command | One-line description |
|---|---|
harness get registry_metadata <id> |
Get metadata for an artifact registry. |
harness update registry_metadata |
Update metadata on an artifact registry (--set key=value, --del key). |
| Command | One-line description |
|---|---|
harness push artifact:maven |
Push a Maven artifact (.jar/.war) to a Harness registry. |
harness push artifact:npm |
Push an npm package (.tgz) to a Harness registry. |
harness push artifact:python |
Push a Python package (.whl) to a Harness registry. |
harness push artifact:nuget |
Push a NuGet package (.nupkg) to a Harness registry. |
harness push artifact:rpm |
Push an RPM package to a Harness registry. |
harness push artifact:cargo |
Push a Cargo crate (.crate) to a Harness registry. |
harness push artifact:go |
Push a Go module to a Harness registry. |
harness push artifact:conda |
Push a Conda package to a Harness registry. |
harness push artifact:dart |
Push a Dart package to a Harness registry. |
harness push artifact:composer |
Push a Composer package (.zip) to a Harness registry. |
harness push artifact:swift |
Push a Swift package to a Harness registry. |
harness push artifact:puppet |
Push a Puppet module (.tar.gz) to a Harness registry. |
harness push artifact:helm |
Push a Helm chart to a Harness registry. |
harness push artifact:docker |
Push a Docker image to a Harness registry. |
| Command | One-line description |
|---|---|
harness pull artifact <registry> |
Pull a generic artifact from a Harness registry. |
harness list artifact <registry> |
List artifacts in a registry. |
harness get artifact <id> |
Get artifact metadata by registry and name. |
harness delete artifact <id> |
Delete an artifact and all its versions. |
| Command | One-line description |
|---|---|
harness list artifact_version |
List versions of an artifact. |
harness get artifact_version <id> |
Get artifact-version metadata. |
harness delete artifact_version <id> |
Delete a specific artifact version. |
harness list artifact_file |
List files inside a specific artifact version. |
harness execute artifact_version:copy <id> |
Copy a specific artifact version to another registry. |
harness execute artifact_version:firewall_scan <id> |
Evaluate firewall policy for a specific artifact version. |
| Command | One-line description |
|---|---|
harness get artifact_metadata <id> |
Get metadata for an artifact. |
harness update artifact_metadata |
Update metadata on an artifact (--set key=value, --del key). |
harness get artifact_version_metadata <id> |
Get metadata for an artifact version. |
harness update artifact_version_metadata |
Update metadata on an artifact version (--set key=value, --del key). |
| Command | One-line description |
|---|---|
harness execute registry:firewall_scan |
Audit lock-file dependencies against firewall policies for a registry. |
harness execute registry:migrate |
Migrate artifacts from a source registry into Harness using a config file (-f). |
Source: pkg/spec/code.spec.yaml.
Built-in git hosting. Repositories are top-level. PRs, branches, commits, and tags live inside a repo. Compound IDs are <repo>/<pr-number>, <repo>/<branch>, <repo>/<sha>, and <repo>/<pr_number>/<comment_id> for PR comments.
| Command | One-line description |
|---|---|
harness list repository |
List code repositories (multi-level — supports account/org/project scope). |
harness get repository <id> |
Get a repository by identifier. |
harness create repository <id> |
Create a new repository (--set identifier=<name> [default_branch=main] [description=…] [is_public=true]). |
harness update repository <id> |
Update a repository (description, default_branch, is_public). |
harness delete repository <id> |
Delete a repository by identifier. |
| Command | One-line description |
|---|---|
harness list pr <repo> |
List pull requests for a repository (--state open|closed|merged|all, --author <email|id>, --created-after, --search). |
harness list pr:mine |
List pull requests you authored across every repo in scope (--state, --created-after, --created-before). |
harness get pr <repo>/<pr_number> |
Get pull request details. |
harness create pr <repo> |
Create a pull request (--set title=… source_branch=… target_branch=…; -f desc.md for the description body). |
harness update pr <repo>/<pr_number> |
Update a pull request (--set title=…). |
harness execute pr:merge <repo>/<pr_number> |
Merge a pull request (--method merge|squash|rebase|fast-forward). |
harness execute pr:close <repo>/<pr_number> |
Close a pull request without merging. |
harness list pr_activity <repo> --pr <n> |
List PR activity (comments, reviews, state changes). |
| Command | One-line description |
|---|---|
harness list branch <repo> |
List branches in a repository. |
harness get branch <repo>/<branch> |
Get branch details. |
harness create branch <repo> |
Create a branch (--set name=<branch> target=<sha_or_branch>). |
harness delete branch <repo>/<branch> |
Delete a branch by name. |
harness list commit <repo> |
List commits (--branch <ref> to scope). |
harness list pr_commit <repo> --pr <n> |
List commits associated with a pull request. |
harness get commit <repo>/<sha> |
Get commit details. |
harness list tag <repo> |
List tags in a repository. |
harness create tag <repo> |
Create a tag (--set name=<tag> target=<sha>). |
harness delete tag <repo>/<tag> |
Delete a tag by name. |
| Command | One-line description |
|---|---|
harness list pr_comment <repo> --pr <n> |
List comments on a pull request. |
harness create pr_comment <repo>/<pr_number> |
Create a PR comment (--set text=… [line=…] [path=…] for inline review comments). |
harness update pr_comment <repo>/<pr_number>/<id> |
Edit an existing PR comment's text. |
harness delete pr_comment <repo>/<pr_number>/<id> |
Delete a PR comment by identifier. |
harness list pr_check <repo> --pr <n> |
List status checks reported against a pull request (CI, scans, policy evaluations). |
harness list commit_check <repo> --sha <sha> |
List status checks reported against a specific commit SHA. |
Source: pkg/spec/governance.spec.yaml.
OPA (Open Policy Agent) policies authored in Rego, grouped into policy sets that are evaluated on pipeline runs and resource changes.
| Command | One-line description |
|---|---|
harness list policy |
List governance policies. |
harness get policy <id> |
Get a policy's details (including its Rego source). |
harness create policy <id> |
Create a policy (--set name=<name> rego='package main…' or -f policy.yaml). |
harness update policy <id> |
Update a policy's name or Rego source. |
harness delete policy <id> |
Delete a policy by identifier. |
| Command | One-line description |
|---|---|
harness list policy_set |
List policy sets. |
harness get policy_set <id> |
Get a policy set's details. |
harness create policy_set <id> |
Create a policy set (--set name=<name> type=pipeline action=onrun enabled=true). |
harness update policy_set <id> |
Update a policy set (name, enabled, member policies). |
harness delete policy_set <id> |
Delete a policy set by identifier. |
| Command | One-line description |
|---|---|
harness list policy_evaluation |
List recorded policy-set evaluations against resources. |
Source: pkg/spec/audit.spec.yaml.
Read-only access to the audit trail across every Harness module. Every create/update/delete produces an audit_event.
| Command | One-line description |
|---|---|
harness list audit_event |
List audit-trail events (defaults to the last 7 days; filter with --from, --to, --resource-type, --action, --principal). |
harness get audit_event <id> |
Get a single audit event with the YAML diff of the change. |
Source: pkg/spec/kg.spec.yaml.
Schema browser plus the HQL (Harness Query Language) execution engine. Schema types are entities, events, metrics, views, relationships, and configs that map every resource in Harness into a unified, typed graph.
| Command | One-line description |
|---|---|
harness list kg:type |
List schema types (--kind OBJECT_KIND_ENTITY|EVENT|METRIC|VIEW|RELATIONSHIP|CONFIG to filter). |
harness get kg:type <type_id> |
Get a schema type with full field metadata. |
harness list kg:queryable_type |
List types that are reachable via HQL. |
harness list kg:related_type <type_id> |
List types related to a source type via relationship edges (--kind to filter). |
harness list kg:connection |
List active data-source connections backing the query engine (valid: false ⇒ stale data). |
| Command | One-line description |
|---|---|
harness execute hql:run |
Execute an HQL query (--query 'find entity "platform:project" | select { * } | limit 10'). |
harness execute hql:validate |
Parse-check an HQL query without running it. |
harness execute hql:explain |
Show the execution plan for an HQL query. |
harness execute hql:grammar |
Fetch the HQL ANTLR4 grammar (useful for editor tooling). |
Many commands support a --ui flag that launches an interactive terminal UI (Bubble Tea). It requires a TTY on both stdin and stdout — running under a pipe, in CI, or with output redirected fails with --ui requires an interactive terminal (TTY).
Three flavors:
-
Paged list browser — auto-enabled on every
listcommand whose API supports paging. Scroll, search, and drill into rows. Wired inpkg/registry/registry.goat thelist+paging branch. -
Resource picker / detail view — opt-in on selected
getcommands viaui: truein the spec. Used to interactively pick or inspect a single resource. -
Live log viewer —
harness get execution_log <[pipeline/]execId> --uistreams logs step-by-step in real time, shows the graph on the left, and offers Details/Inputs/Outputs tabs. Left/right scrolling, spinner, and save-to-file are built in.
| Module | Commands |
|---|---|
core |
auth profiles, list module, list noun
|
platform |
list organization, list project, list user, list user_group, list service_account, list role, list role_assignment, list resource_group, list permission, list setting, list connector, list secret, list delegate, list delegate_token, list agent, list entity_usage
|
pipeline |
list pipeline, list pipeline_v1, list execution, list execution_step, list execution_log, list trigger, list input_set, list template, list approval_instance, list freeze_window
|
cd |
list service, list environment, list infrastructure, list service_override
|
iacm |
list workspace, list host, list inventory, list playbook, list registry_module, list provider
|
har |
list registry, list artifact, list artifact_version, list artifact_file
|
code |
list repository, list pr, list pr:mine, list branch, list commit, list pr_commit, list tag, list pr_activity, list pr_comment, list pr_check, list commit_check
|
governance |
list policy, list policy_set, list policy_evaluation
|
audit |
list audit_event |
kg |
list kg:type, list kg:queryable_type, list kg:connection
|
| Command | What --ui does |
|---|---|
harness get project --ui |
Interactive project picker (org-aware). |
harness get workspace --ui |
Interactive IaCM workspace picker. |
harness get artifact_version --ui |
Interactive artifact + version picker. |
harness get execution_log --ui |
Live log viewer for a pipeline execution — tails steps in real time, supports navigation, tab views, and save. Use the <[pipeline/]execId> form (not a full log key) and don't pair with --stage or --step. |
-
--uiis mutually exclusive with--format,--out, and stream redirection — pick one. - For
listcommands with--ui, paging flags (--limit,--offset,--all,--count) are ignored; the TUI handles paging itself. - When a new noun is added to a spec with a paged list endpoint,
--uiis wired automatically — no extra spec changes needed.
Rules the CLI is guaranteed to follow — safe to build on top of without extra probing.
-
Grammar is strict: every non-management command is
harness <verb> <noun> [id] [flags]. Neverharness <noun> <verb>. When in doubt, runharness list noun --matrix. -
Every
listaccepts--limit,--offset(or--page),--all, and--count. For unbounded pulls prefer--all; for size probes use--count. -
Every command supports
--format json|jsonl|yaml|table|csv|tsv|markdown|text. For automation, use--format json(single object) or--format jsonl(one row per line).-o jsonalso works. -
IDs vs compound IDs. Any command whose ID label reads
<parent>/<child>(e.g.<repo>/<pr_number>,<[pipeline/]exec_id>) accepts that exact form as its positional argument. Slashes are meaningful and are NOT URL-encoded. -
--set key=valueoncreate/updateis repeatable and supports dot paths (--set variables.region=us-east-1).--del keyclears fields onupdate. -
-f file.yamlreads the body from a file on create/update (or-f -for stdin). It is mutually compatible with--set—--setoverrides matching keys from the file. -
--uineeds a TTY. In non-interactive contexts (CI, headless agents) never pass--ui; use--followfor streaming and--format jsonlfor iteration instead. -
Auth is per-profile. Default profile is used unless
--profileorHARNESS_PROFILEis set.harness auth env --exportprints the env vars needed to talk to the same account outside the CLI. -
Discovery, not memorization. If you don't know a flag or a field name,
harness <verb> <noun> --helpandharness get noun <noun>are always available. -
Idempotency signals.
createis not idempotent — it errors if the resource exists.updateuses get-then-put semantics (safe to re-run with the same--set).deleteis idempotent-safe with--ignore-not-found.
Live source of truth for any CLI command:
harness list noun --matrix # every noun × verb combo
harness get noun pipeline # fields and supported verbs for one noun
harness get module code # domain model, nouns, and commands for a module
harness <verb> <noun> --help # full flag list for any command