walwarden
Reference

Agent integration recipes

Generated rules for safe agent use of the SDK and CLI alpha surface.

Agents may use the SDK or public CLI for read-only database/destination inspection, ad hoc backup trigger, backup status polling, restore session creation, explicit CLI-local restore execution, restore status reads, and evidence metadata reads when provided with an appropriately scoped API key.

Safe CLI Pattern

walwarden --json profile validate
walwarden --json database list
walwarden --json destination list
walwarden --json backup trigger --database "$WALWARDEN_DATABASE_ID" --wait
walwarden --json evidence list --database "$WALWARDEN_DATABASE_ID"

Evidence-Before-Success Rule

An agent must not mark a backup, migration, or restore drill successful until it has checked the relevant command result and evidence metadata. Backup completion alone proves only that a job completed; it is not the same as proven recoverability.

Forbidden Claims

  • Do not claim the alpha public CLI can wait for or complete restore jobs through restore create; that command only opens a CLI-local session. Use restore execute for the proven end-to-end local execution bridge (live disposable-target E2E run e2e-20260607T1941-8beaa08, evidence in #320).
  • Do not claim destination write, verify, attach, detach, or delete commands exist in the public CLI.
  • Do not claim login or whoami commands exist.
  • Do not claim PITR support.
  • Do not claim offline evidence bundle verification through the public CLI/SDK alpha surface.
  • Do not claim recoverability unless restore or evidence semantics support that exact claim.

Capability Status From Source Registry

CapabilityStatusRequired scopes
Manage protected databases (databases.manage)planneddatabases:read, databases:write
Run and inspect backup jobs (backups.run)availabledatabases:read, backups:trigger
Inspect backup destinations (destinations.inspect)availabledestinations:read
Run CLI-local restore jobs (restores.run)availablerestores:write, restores:read, evidence:read
Read and verify evidence bundles (evidence.verify)availableevidence:read, audit:read
Preflight logical recovery eligibility (recovery.preflight)plannedrecovery:read
Enable logical recovery window (recovery.enable)plannedrecovery:read, recovery:write
Disable logical recovery window (recovery.disable)plannedrecovery:read, recovery:write
Read logical recovery status (recovery.status)plannedrecovery:read
Restore from logical recovery window (recovery.restore)plannedrecovery:read, recovery:write

Unsupported or planned capabilities stay out of agent success claims until their status changes in packages/core/src/developerSurface.ts.