Expose
cmd/crewship/cmd_expose.go is the human side of port exposures. Agents create exposures themselves by calling the sidecar’s /expose-port endpoint; this CLI is for the audit (list) and teardown (revoke) verbs. MVP doesn’t ship approve because the default policy is open — when a future policy introduces approval, the approve verb lands here next to the others.
All subcommands scope to one crew because the server enforces crew-level auth on the underlying routes.
crewship expose list
GET /api/v1/crews/{crewId}/port-expose.
| Flag | Type | Default | Effect |
|---|---|---|---|
--crew <slug-or-id> | string | (required) | Crew to list. Missing → --crew is required (crew slug or ID). |
--status <state> | string | active (server default) | active, revoked, expired, or all. Lowercased before send. |
ID (14-char trunc), AGENT, PORT, STATUS, EXPIRES, DESCRIPTION (40-char trunc).
crewship expose revoke <id>
POST /api/v1/crews/{crewId}/port-expose/{id}/revoke. Flips an active exposure to REVOKED. Requires MANAGER+ (same as escalation resolve).
| Flag | Type | Default | Effect |
|---|---|---|---|
--crew <slug-or-id> | string | (required) | Crew the exposure belongs to. |
--reason <text> | string | (unset) | Human-readable reason recorded in the audit row. |
Exposure <id> revoked.
See also
crewship credential— adjacent secrets surface (different access pattern).crewship audit— full audit trail including revoke reasons.crewship agent— the agent identity that initiated the exposure.