Skip to main content

Broadcast

2 min read

CLI — manual posts, backfills, dry-runs, verify

@sizl/broadcast-cli is the operator's keyboard surface — the path your hands take when something needs to ship now or something needs to stop now.

Install

pnpm add -g @sizl/broadcast-cli

The CLI ships as a single binary named broadcast. State lives in ~/.sizl/broadcast/state.sqlite. Secrets default to the OS keychain (macOS Keychain, Linux libsecret, Windows Credential Manager) — keytar is an optional peer-dep.

# Add a credential to the keychain
broadcast secret set BLUESKY_APP_PASSWORD

# OR fall back to env-vars (printed warning):
BLUESKY_APP_PASSWORD=... broadcast post --insecure-credentials ...

Subcommands

CommandWhat it does
broadcast postCompose and dispatch an AnnounceableEvent. Tier-routes through the shared workflow.
broadcast dry-runSame pipeline as post but skips the platform call. Receipt cassette still signed locally.
broadcast pendingList the Tier 2 queue. Each entry shows draftId, platform, status, queuedAt, queuedBy.
broadcast approve <draftId>Approve a queued draft. The orchestrator dispatches on the next tick.
broadcast kill <draftId> --reason "<why>"Kill a queued draft. Records the reason in the cassette.
broadcast verify <cassette-hash>Verify a cassette signature offline. Returns the signed payload + key id + Rekor URL.
broadcast panicTrip the kill-switch. Every subsequent dispatch refuses until the kill is cleared.
broadcast doctorWalk through the manual-action checklist: required operator secrets, configured platform credentials, Pluck Bureau key status, Twitter approval status, local state DB presence, and --insecure-credentials warnings. Exits 1 when any check is in error state, 0 otherwise.

Storage shape

The CLI uses the same StateStore / CounterStore / EngagementStore interfaces as the Worker template, backed by SQLite with WAL mode + per-write transactions. The CAS path for the cost-breaker is effective on a single host because SQLite transactions serialize the read-modify-write. Multi-host installs need to point at a shared Worker-hosted counter — out of scope for the CLI's local store.

Verify is offline

broadcast verify is the user-facing end of the kill-log promise. Hand someone a cassette hash and they can re-derive the signed payload, check the ed25519 signature against the embedded public key, and confirm the Sigstore Rekor entry — no Sizl-hosted endpoint required. The kill-log page at directive.run/broadcast is a convenience rendering, not the source of truth.

broadcast verify 1c3a...e9

Cassette: 1c3a...e9
Mode: PROD-BUREAU-KEY (operator-key-id: bluesky/sizls)
Posted: 2026-04-18T14:21:09Z
Platform: bluesky
Post URL: https://bsky.app/profile/sizls.directive.run/post/...
Rekor: https://rekor.sigstore.dev/api/v1/log/entries/...
Signature: VALID
Was this helpful? Star us on GitHub or support the project.
Previous
GitHub Action
Next
Cloudflare Worker

Stay in the loop. Sign up for our newsletter.

We care about your data. We'll never share your email.

Powered by Directive. This signup uses a Directive module with facts, derivations, constraints, and resolvers – zero useState, zero useEffect. Read how it works

Directive - Constraint-Driven Runtime for TypeScript | AI Guardrails & State Management