https://github.com/openapi/htrust
https://github.com/openapi/htrust
Last synced: 25 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/openapi/htrust
- Owner: openapi
- License: mit
- Created: 2026-06-17T09:46:05.000Z (30 days ago)
- Default Branch: main
- Last Pushed: 2026-06-17T10:19:54.000Z (30 days ago)
- Last Synced: 2026-06-17T12:06:45.741Z (30 days ago)
- Language: Rust
- Size: 22.5 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# htrust
Open Source Trust for Humans.
`htrust` is a Rust CLI for Linux sysadmins, shell scripts, and agentic tooling that need to check whether real-world information can be trusted before acting on it.
The interface is intentionally flat: one command per claim type, one positional value to check, a short status on stdout and a meaningful exit code.
---
## Table of contents
- [Installation](#installation)
- [Configuration](#configuration)
- [Static validation first](#static-validation-first)
- [Commands](#commands)
- [`htrust info`](#htrust-info)
- [`htrust mobile`](#htrust-mobile)
- [`htrust email`](#htrust-email)
- [`htrust ip`](#htrust-ip)
- [`htrust url`](#htrust-url)
- [Global flags](#global-flags)
- [Endpoint mapping](#endpoint-mapping)
- [Exit codes](#exit-codes)
- [Output format](#output-format)
- [Development](#development)
- [Testing](#testing)
- [Makefile targets](#makefile-targets)
- [Project layout](#project-layout)
---
## Installation
### Build from source
You need a working Rust toolchain (edition 2021 or newer) and `cargo`.
```bash
git clone https://github.com/openapi/htrust.git
cd htrust
cargo build --release
```
The binary is produced at:
```text
target/release/htrust
```
### Local install with Make
```bash
make install
```
This builds the release binary and copies it to `~/.local/bin/htrust`. Make sure `~/.local/bin` is in your `PATH`.
To install to a custom prefix:
```bash
make install PREFIX=/usr/local
```
The binary will be copied to `$PREFIX/bin/htrust`.
---
## Configuration
`htrust` reads API tokens from the environment.
| Variable | Required by | Description |
|----------|-------------|-------------|
| `OPENAPI_TOKEN` | production commands | Production token for `trust.openapi.com` |
| `OPENAPI_SANDBOX_TOKEN` | `--sandbox` commands | Sandbox token for `test.trust.openapi.com` |
Set them in your shell or in a `.env` file:
```bash
export OPENAPI_TOKEN=your-production-token
export OPENAPI_SANDBOX_TOKEN=your-sandbox-token
```
A ready-to-edit example is provided in `.env.example`.
---
## Static validation first
`htrust` never calls the remote trust API unless the input passes a local stack of static validators. Every command runs format, checksum and sanity checks before any network request is made.
Why? Because trust decisions should be cheap, fast and privacy-friendly. If an email is syntactically broken, a phone number is not E.164, an IP is not parseable or a URL has no valid scheme, the tool rejects it immediately without leaking the value to a third party and without consuming API quota.
```bash
htrust email not-an-email
# error: invalid email format: not-an-email
```
Local validators currently cover:
| Kind | Static checks |
|------|---------------|
| `mobile` | E.164 format (`+` followed by 2-15 digits) |
| `email` | Basic RFC-like structure (`local@domain.tld`) |
| `ip` | Valid IPv4 or IPv6 address |
| `url` | Valid URL with `http` or `https` scheme |
This "validate before you trust" principle is a core design goal of htrust.
---
## Commands
### `htrust info`
Prints runtime configuration: sandbox mode, token status, and CLI version.
```bash
htrust info
```
Example output:
```text
htrust runtime
sandbox: false
token env: OPENAPI_TOKEN (set)
```
`info` does **not** perform any API call.
---
### `htrust mobile`
Verifies a mobile phone number.
```bash
# basic check — prints a short status and sets the exit code
htrust mobile +393331234567
# advanced / detailed endpoint
htrust mobile +393331234567 --detail
# full JSON response
htrust mobile +393331234567 --json
htrust mobile +393331234567 --full
```
| Argument | Description |
|----------|-------------|
| `VALUE` | Phone number with international prefix (e.g. `+393331234567`) |
`--detail` selects the richer endpoint when the API exposes both a base and an advanced check. `--json` / `--full` print the full API response instead of the short status.
---
### `htrust email`
Verifies an email address.
```bash
htrust email info@example.com
htrust email info@example.com --detail
htrust email info@example.com --json
```
| Argument | Description |
|----------|-------------|
| `VALUE` | Email address to verify |
---
### `htrust ip`
Verifies an IP address.
```bash
htrust ip 8.8.8.8
htrust ip 8.8.8.8 --json
```
| Argument | Description |
|----------|-------------|
| `VALUE` | IPv4 or IPv6 address |
`--detail` is accepted for interface consistency but the underlying endpoint is always the advanced one.
---
### `htrust url`
Verifies a URL.
```bash
htrust url https://example.com
htrust url https://example.com --json
```
| Argument | Description |
|----------|-------------|
| `VALUE` | Absolute URL to verify |
Like `ip`, `--detail` is accepted but maps to the advanced endpoint.
---
### Global flags
| Flag | Description |
|------|-------------|
| `--sandbox` | Use the sandbox environment (`test.trust.openapi.com`) and `OPENAPI_SANDBOX_TOKEN` |
| `--detail` / `--details` | Use the richer endpoint where available (synonyms) |
| `--json`, `--full` | Print the full API response as JSON |
| `-h`, `--help` | Print help |
| `-V`, `--version` | Print version |
Examples:
```bash
htrust --sandbox info
htrust --sandbox mobile +393331234567 --detail
htrust email info@example.com --json
```
---
## Endpoint mapping
| Command | Default endpoint | `--detail` endpoint |
|---------|------------------|---------------------|
| `mobile` | `mobile-start` | `mobile-advanced` |
| `email` | `email-start` | `email-advanced` |
| `ip` | `ip-advanced` | `ip-advanced` |
| `url` | `url-advanced` | `url-advanced` |
Base URL:
- production: `https://trust.openapi.com`
- sandbox: `https://test.trust.openapi.com`
The final URL is built as:
```text
{base_url}/{endpoint}/{value}
```
For example:
```text
https://trust.openapi.com/mobile-start/+393331234567
```
---
## Exit codes
| Code | Meaning |
|------|---------|
| `0` | Trusted result (`valid` / `verified`) or neutral/no-op |
| `1` | Distrusted result (`risky` / `invalid`), API error, or CLI usage error |
| `2` | Missing required environment variable or empty token |
This makes htrust composable in shell scripts:
```bash
if htrust email info@example.com >/dev/null; then
echo "Email looks trustworthy"
else
echo "Email is risky or invalid"
fi
```
---
## Output format
By default trust commands print a short status string to stdout:
```bash
$ htrust email info@example.com
valid
```
The status mirrors the API's own assessment (e.g. `valid`, `risky`, `invalid`). Use `--json` or `--full` to see the complete API response:
```bash
$ htrust email info@example.com --json
{
"data": { ... },
"error": null,
"message": "",
"success": true
}
```
Errors are printed to stderr.
---
## Development
Build the debug binary:
```bash
cargo build
```
Run the CLI from the build directory:
```bash
./target/debug/htrust info
```
Run clippy and formatting checks:
```bash
cargo clippy --all-targets
cargo fmt --check
```
---
## Testing
### Rust unit tests
Unit tests live inside the source files under `src/` in `#[cfg(test)]` modules.
```bash
cargo test
```
### Bash smoke tests (`tests/`)
The `tests/` directory contains simple, practical smoke tests. Each command has its own file that shows the real command being executed:
```text
tests/
├── run.sh # runs all smoke tests
├── test_info.sh # htrust info in action
├── test_mobile.sh # htrust mobile in action
├── test_email.sh # htrust email in action
├── test_ip.sh # htrust ip in action
└── test_url.sh # htrust url in action
```
Run smoke tests:
```bash
make test-smoke
```
or directly:
```bash
./tests/run.sh
./tests/test_mobile.sh
```
### Negative / side-case asserts (`tests/asserts/`)
The `tests/asserts/` directory contains more formal assertions for error handling and edge cases:
```text
tests/asserts/
├── run.sh # runs all assert tests
├── lib.sh # tiny assert helpers
├── test_info_asserts.sh # info edge cases
├── test_mobile_asserts.sh # mobile error cases
├── test_email_asserts.sh # email error cases
├── test_ip_asserts.sh # ip error cases
└── test_url_asserts.sh # url error cases
```
Run assert tests:
```bash
make test-asserts
```
or directly:
```bash
./tests/asserts/run.sh
./tests/asserts/test_mobile_asserts.sh
```
### Run everything
```bash
make test
```
This runs `cargo test`, the smoke suite and the assert suite.
To run live tests against the sandbox:
```bash
export OPENAPI_SANDBOX_TOKEN=your-sandbox-token
make test
```
---
## Makefile targets
| Target | Description |
|--------|-------------|
| `make` or `make build` | Build the release binary |
| `make install` | Build and install to `~/.local/bin` (or `$PREFIX/bin`) |
| `make test` | Run Rust unit tests, smoke tests and assert tests |
| `make test-smoke` | Run only the practical smoke tests |
| `make test-asserts` | Run only the negative/side-case assert tests |
| `make clean` | Remove build artifacts |
---
## Project layout
```text
.
├── Cargo.toml
├── Makefile
├── README.md
├── .env.example
├── src/
│ ├── main.rs # CLI entrypoint
│ ├── cli.rs # clap argument definitions
│ ├── client.rs # HTTP client and auth
│ ├── config.rs # Token loading
│ └── commands/
│ ├── info.rs # htrust info
│ ├── mod.rs # command module exports
│ └── trust.rs # mobile/email/ip/url implementation
└── tests/
├── run.sh # smoke-test runner
├── test_info.sh # info command smoke test
├── test_mobile.sh # mobile command smoke test
├── test_email.sh # email command smoke test
├── test_ip.sh # ip command smoke test
├── test_url.sh # url command smoke test
└── asserts/
├── run.sh # assert-test runner
├── lib.sh # tiny assert helpers
├── test_info_asserts.sh
├── test_mobile_asserts.sh
├── test_email_asserts.sh
├── test_ip_asserts.sh
└── test_url_asserts.sh
```
---
## Scope
This first cut wraps the current `trust.openapi.com` subset:
- `mobile-start`
- `mobile-advanced`
- `email-start`
- `email-advanced`
- `ip-advanced`
- `url-advanced`
The long-term shape can expand to commands like `htrust iban ...` or `htrust vat ...`, but those endpoints are not wired in this first baseline yet.