Skip to content

cli

cli

CLI entry point for terok-sandbox.

Built from the COMMANDS forest in terok_sandbox.commands. The tree itself encodes the subparser nesting (vault passphrase seal is a leaf inside the passphrase group inside the vault group), so this module is just a wrapper around CommandTree.wire and CommandTree.dispatch.

__version__ = _meta_version('terok-sandbox') module-attribute

main(argv=None)

Entry point for the terok-sandbox command.

Source code in src/terok_sandbox/cli.py 
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
def main(argv: list[str] | None = None) -> None:
    """Entry point for the ``terok-sandbox`` command."""
    import sys

    if argv is None:
        argv = sys.argv[1:]

    # The ``run`` subcommand uses ``--`` to separate sandbox args from
    # the trailing podman invocation.  Split before argparse to avoid
    # ``REMAINDER`` quirks with optional flags after the separator —
    # same pattern terok-shield uses.
    saw_separator = "--" in argv
    run_trailing: list[str] = []
    if saw_separator:
        sep = argv.index("--")
        run_trailing = argv[sep + 1 :]
        argv = argv[:sep]

    parser = argparse.ArgumentParser(
        prog="terok-sandbox",
        description="Hardened Podman container runtime with shield firewall and git gate",
    )
    parser.add_argument("--version", action="version", version=f"terok-sandbox {__version__}")
    COMMANDS.wire(parser)

    args = parser.parse_args(argv)

    cmd_name = getattr(getattr(args, "_cmd", None), "name", None)
    if saw_separator and cmd_name != "run":
        parser.error("'--' separator is only supported by the 'run' subcommand")
    if cmd_name == "run":
        args.podman_args = run_trailing

    if hasattr(args, "_cmd"):
        CommandTree.dispatch(args)
    elif hasattr(args, "_group_help"):
        args._group_help.print_help()
    else:
        parser.print_help()
        raise SystemExit(1)