# atuin

Magical shell history

**Score:** 69% pass rate
**Principles:** 2/8 met

## Embed the badge

The [badge floor](https://anc.dev/badge) is 70%; this scorecard is at 69% (1 point below). Once the score clears the floor, the embed snippet will appear here.

| Status | Audit | Principle | Evidence |
|--------|-------|-----------|----------|
| PASS | Help flag produces useful output | [P3](https://anc.dev/p3) |  |
| PASS | Version flag works (`--version` plus short alias) | [P3](https://anc.dev/p3) |  |
| PASS | Version flag works (`--version` plus short alias) | [P3](https://anc.dev/p3) |  |
| WARN | Structured output support | [P2](https://anc.dev/p2) | --output/--format flag detected but could not validate JSON via safe probes (--help/--version override output flags in most CLIs) |
| PASS | Rejects invalid arguments | [P4](https://anc.dev/p4) |  |
| WARN | Quiet mode available | [P7](https://anc.dev/p7) | no --quiet/-q flag detected in --help output |
| SKIP | Handles SIGPIPE gracefully | [P6](https://anc.dev/p6) | suppressed by audit_profile: human-tui |
| SKIP | Non-interactive by default | [P1](https://anc.dev/p1) | suppressed by audit_profile: human-tui |
| SKIP | Non-interactive gate flag advertised in --help | [P1](https://anc.dev/p1) | suppressed by audit_profile: human-tui |
| WARN | Flags advertise env-var bindings in --help | [P1](https://anc.dev/p1) | 2 flag(s) found in --help but no `[env: NAME]` bindings advertised |
| SKIP | Pager-using CLI ships --no-pager escape hatch | [P6](https://anc.dev/p6) | no pager signal (less/more/$PAGER/--pager) in --help |
| PASS | Respects NO_COLOR | [P6](https://anc.dev/p6) |  |
| PASS | Secret-bearing flags expose stdin or *-file companion | [P1](https://anc.dev/p1) |  |
| SKIP | Structured-output CLI exposes its schema at runtime | [P2](https://anc.dev/p2) | no structured-output indicator (--output / --format / json / jsonl) in --help |
| WARN | --json / --jsonl short aliases for --output | [P2](https://anc.dev/p2) | no --json or --jsonl short alias found. Agents and pipelines benefit from short forms alongside the canonical `--output` enum. |
| WARN | Subcommand verbs follow community-standard names | [P6](https://anc.dev/p6) | 11/30 subcommand(s) follow standard verb names. Non-standard: setup, hook, import, stats, register, key, account, kv, store, dotfiles, scripts, wrapped, daemon, default-config, ai, pty-proxy, uuid, contributors, gen-completions. MAY-tier — community-standard verbs (get/list/create/update/delete) help agents predict subcommand behavior across CLIs. |
| PASS | Skill bundle has install path (`tool skill install [<host>]`) | [P8](https://anc.dev/p8) |  |
| PASS | `skill install --all` for multi-runtime install | [P8](https://anc.dev/p8) |  |
| PASS | `skill update` / `skill upgrade` for bundle refresh | [P8](https://anc.dev/p8) |  |
| WARN | `--raw` flag for pipe-safe unformatted output | [P2](https://anc.dev/p2) | no `--raw` flag advertised. MAY-tier — useful for pipelines that want to strip formatting before piping to other tools. |
| SKIP | `--output` advertises additional formats beyond text/json | [P2](https://anc.dev/p2) | no `--output` or `--format` flag advertised; vacuous skip for MAY-tier extra formats. |
| WARN | `examples` subcommand or `--examples` flag for curated usage patterns | [P3](https://anc.dev/p3) | no `examples` subcommand or `--examples` flag found. MAY-tier — a curated usage block keeps agents from hunting through long help text. |
| WARN | `--color` flag for explicit color control | [P6](https://anc.dev/p6) | no `--color` flag advertised. MAY-tier — `auto\|always\|never` lets agents and pipelines override the TTY-based default. |
| WARN | `--verbose` flag for diagnostic escalation | [P7](https://anc.dev/p7) | no `--verbose` / `-v` flag advertised. SHOULD-tier — agents debugging failures need a way to escalate diagnostic detail. |
| WARN | `--limit` / `--max-results` flag for list operations | [P7](https://anc.dev/p7) | list-style subcommand present but no limit flag advertised (looked for --limit, --max-results, --max, --top, -n). SHOULD-tier — callers should be able to bound response size directly rather than scrape-then-truncate. |
| WARN | Cursor-based pagination flags for list traversal | [P7](https://anc.dev/p7) | list-style subcommand present but no cursor/page flag advertised (looked for --after, --before, --cursor, --page, --offset). MAY-tier — cursor pagination lets agents traverse large result sets without re-scanning earlier pages. |
| WARN | `--help` advertises default values for flags | [P1](https://anc.dev/p1) | no default-value annotations found in --help. SHOULD-tier — agents reading help text need to see what value a flag falls back to when omitted (`[default: <value>]` per clap convention). |
| PASS | Rich-TUI affordance for TTY contexts | [P1](https://anc.dev/p1) |  |
| WARN | Short `-h` summary differs from `--help` long form | [P3](https://anc.dev/p3) | `-h` and `--help` produce byte-identical output. SHOULD-tier — clap renders the short summary on `-h` and the full description on `--help` when `long_about` is set; collapsing them gives agents no concise list-level grep target. |
| SKIP | Input-accepting commands read from stdin when no file is given | [P6](https://anc.dev/p6) | no input-accepting subcommand detected (process/parse/convert/transform/analyze/validate/format/lint/audit); vacuous skip for the conditional SHOULD. |
| WARN | Subcommand naming follows a consistent verb/noun convention | [P6](https://anc.dev/p6) | subcommand naming is inconsistent: 7 non-verb subcommand(s) (history, account, kv, store, daemon, config, ai) mix verb and non-verb children at the second level, so an agent cannot predict where the action lives. SHOULD-tier: pick a consistent shape (all verb-first, all noun-verb hierarchy, or any combination where each non-verb group's children are uniformly verbs). The verb list is a heuristic; inspect `--help` to confirm. |
| WARN | `--timeout` flag for long-running operations | [P7](https://anc.dev/p7) | long-running subcommand present but no timeout flag advertised (looked for --timeout, --deadline, --max-time). SHOULD-tier — without a bound, agents that hit a hung operation have to enforce timeouts externally. |
| PASS | Bad invocation exits with structured usage-error code (2) | [P2](https://anc.dev/p2) |  |
| PASS | Error messages include a hint or remediation phrase | [P4](https://anc.dev/p4) |  |
| SKIP | Errors emit JSON envelope with `error`/`kind`/`message` under `--output json` | [P2](https://anc.dev/p2) | binary does not advertise `--output json` in --help; MUST applies only to CLIs that opt into the JSON contract. |
| SKIP | `--output json` produces JSON-formatted errors | [P4](https://anc.dev/p4) | binary does not advertise `--output json` in --help; SHOULD applies only to CLIs that opt into the JSON contract. |
| SKIP | JSON success and error envelopes share their non-payload key set | [P2](https://anc.dev/p2) | binary does not advertise `--output json` in --help; envelope-consistency only applies to CLIs that opt into the JSON contract. |
| FAIL | Each subcommand's `--help` ships at least one invocation example | [P3](https://anc.dev/p3) | subcommands missing example invocations in their `--help`: setup, history, import, stats, search, sync, login, logout, register, key, status, account, kv, store, dotfiles, scripts, init, info, doctor, wrapped, daemon, default-config, config, ai, pty-proxy, uuid, contributors, gen-completions. Examples teach agents the call shape faster than option tables; use clap's `after_help` or a dedicated `Examples:` block. |
| WARN | Help text pairs human and `--output json` example invocations | [P3](https://anc.dev/p3) | no paired text + `--output json` example found within 5 lines in top-level or any subcommand `--help`. Pairing keeps agents from reverse-engineering the JSON invocation from the text one. |
| PASS | Operations are subcommands, not verb-shaped flags | [P6](https://anc.dev/p6) |  |
| SKIP | Destructive subcommands require `--force` or `--yes` | [P5](https://anc.dev/p5) | no destructive subcommands detected; MUST applies conditionally to CLIs with destructive operations. |
| WARN | Read and write surfaces are both visible in subcommand list | [P5](https://anc.dev/p5) | read-pattern subcommand(s) present (search) but no write-pattern surface detected. If the CLI is read-only by design the MUST is satisfied vacuously; otherwise the write surface needs an agent-recognizable verb (create/add/update/set/delete/…). |
| WARN | Help text advertises TTY-aware verbosity behavior | [P7](https://anc.dev/p7) | no TTY-aware language found in `--help`. MAY-tier — automatic verbosity reduction when stdout is piped or redirected lets agents skip the explicit `--quiet` flag. Behavioral probes cannot simulate a real TTY without a pty crate, so this audit relies on documented intent. |

**Repo:** [atuinsh/atuin](https://github.com/atuinsh/atuin)
**Language:** Rust
**Version scored:** 18.16.1
**Audit date:** 2026-06-01 17:36:45 UTC
**Duration:** 460ms
**Platform:** `linux/x86_64`
**Mode:** command
**Anc build:** 0.5.0
**Install:** `brew install atuin`

## Reproduce locally

```bash
anc audit --command atuin --audit-profile human-tui --output json
```