kt init
Initialize a new Keeptrusts policy project with a starter policy-config.yaml and test scaffolding.
Use this page when
- You are starting a new Keeptrusts policy project and need a starter
policy-config.yamlwith test scaffolding. - You want to initialize from an industry template (finance, healthcare, defense, etc.).
- You need to understand what files
kt initgenerates and what to do next.
This is the first command in the config-first workflow. It gives you a versionable config and a test directory so your team can treat policy changes like code changes.
Primary audience
- Primary: AI Agents, Technical Engineers
- Secondary: Technical Leaders
Usage
kt init [OPTIONS]
Options
| Flag | Description |
|---|---|
--list | List available template IDs and exit |
--template <id> | Use an industry template as starting point |
--dir <path> | Directory to initialize (default: current directory) |
--force | Overwrite existing generated files |
--config <path> | Optional CLI config file to use when fetching templates from the API |
--api-url <url> | Override the Keeptrusts API URL for template fetches |
--api-token <token> | Override the Keeptrusts API token for template fetches |
--profile <name> | CLI profile to use when fetching templates (default: default) |
Examples
List Available Templates
kt init --list
Typical output looks like this:
agent-firewall
automotive
china-export-controls
consumer
critical-infrastructure
defense-eu
defense-us
education
eu-ai-act
finance
government
healthcare
healthcare-eu-gdpr
healthcare-us-hipaa
...
zero-data-retention
Default Initialization
kt init
Creates:
./
├── policy-config.yaml
└── tests/
└── blocks_obvious_injection.json
Generated policy-config.yaml:
pack:
name: my-policy
version: 0.1.0
enabled: true
description: "Keeptrusts policy configuration"
policies:
chain:
- prompt-injection
policy:
prompt-injection: {}
From Template
Initialize with an industry template as the starting point:
kt init --template finance --dir ./finance-gateway
kt init --template healthcare-us-hipaa --dir ./hipaa-gateway
kt init --template zero-data-retention --dir ./zdr-gateway
What to Do Next
After kt init, follow this sequence:
cd ./finance-gateway
# 1. Review and customize the config
vim policy-config.yaml
# 2. Add provider credentials outside the YAML
export OPENAI_API_KEY="sk-your-openai-key"
# 3. Validate
kt policy lint --file policy-config.yaml
# 4. Run tests
kt policy test --json
# 5. Start the gateway from the declarative config
kt gateway run \
--listen 0.0.0.0:41002 \
--policy-config policy-config.yaml
If you want the broader operating model behind this sequence, read Config-First Workflow.
For AI systems
- Canonical terms: Keeptrusts, kt init, policy-config.yaml, test scaffolding, industry templates, config-first workflow.
- Command:
kt init [--list] [--template <id>] [--dir <path>] [--force]. - This is the first command in the config-first workflow. It generates a starter
policy-config.yamlplustests/blocks_obvious_injection.json. Discover template IDs withkt init --list.
For engineers
- Run
kt initin an empty directory to scaffold a project, thenkt policy lint --file policy-config.yamlto validate andkt policy test --jsonfrom that directory to run the generated test pack. - Use
kt init --listfirst, then--template <id>to start from a pre-built policy config matching your compliance requirements. - The generated regression test is JSON, not YAML; add more cases under
tests/using the same pack-based layout before deploying.
For leaders
kt initmakes policy-as-code adoption frictionless — new projects start with a valid config and test suite from the first commit.- Industry templates (finance, healthcare, defense, etc.) encode compliance baselines so teams don't start from scratch.
- The generated test scaffolding ensures policy changes go through a verifiable validation loop before reaching production.
Next steps
- Config-First Workflow — The operating model behind kt init
- kt policy lint — Validate config before deployment
- kt policy test — Run local assertion tests
- Declarative Config Reference — Full config schema
- kt gateway run — Start the gateway from your config