CLI reference
The cc binary is the reference CLI for CrowdControl. Use it to evaluate, validate, and test policies from the command line or CI.
Commands
| Command | Purpose |
|---|---|
cc evaluate | Run policies against an input document |
cc validate | Syntax-check .cc files; optional schema validation |
cc test | Run JSON test suites against policies |
cc parse | Print the rule summary for one or more .cc files |
cc serve | Run as an HTTP policy decision point (PDP) with audit logs — see cc serve |
cc version | Print the cc version |
cc evaluate
Evaluates one or more policy files against a JSON input document.
cc evaluate --policy ./policies --input ./input.jsonFlags:
--policy <path>— policy file or directory (repeatable)--input <file>— input JSON (use-for stdin)--explain— print per-condition trace--default-deny— deny unless a permit fires--format <text|json>— output format
Exit codes:
0— no forbid rules fired (document allowed)1— at least one forbid rule fired (document denied)2— syntax or usage error
cc validate
cc validate ./policies
cc validate --schema ./schema.json ./policiesWith a schema, validate catches unknown fields, type mismatches, and bad operator usage before runtime.
cc test
cc test --policy ./policies ./tests/Runs JSON test cases against policies. Each test is a file with an input document and a list of expected rules that should fire.
cc parse
cc parse ./policies/rules.ccPrints a summary of the rules in a policy file without evaluating anything. Useful for quick spot checks.
cc serve
cc serve --policy ./policies --addr :8080 --audit-log /var/log/cc.jsonlRuns CrowdControl as an HTTP policy decision point. Exposes POST /v1/evaluate, GET /v1/policies, GET /healthz, GET /readyz, and GET /metrics. Supports atomic SIGHUP reload, shadow mode, bearer-token auth, CORS, and structured JSON audit logs.
See the cc serve page for the full API, flag reference, and deployment patterns.