CLI Reference

The mima CLI is installed with the Python SDK:

$pip install mima-governance
$mima --version

Or run via Python:

$python -m mima_governance --version

Authentication

mima login

Store your API key and workspace credentials locally.

$mima login

Prompts for your API key, then resolves and stores your workspace ID. Credentials are written to ~/.mima/config.json with owner-only permissions (0600).

$mima login --api-key mima_ext_...

Evidence

mima push

Push a GRC evidence record from the command line. Pass the record type as the first positional argument, then supply fields as named flags.

$mima push change_event \
> --by ci-bot@company.com \
> --description "Deploy v1.2.3 to production" \
> --environment production \
> --system api-service
$mima push ai_risk_assessment \
> --system loan-scorer \
> --risk-tier limited \
> --use-case "Customer support routing" \
> --intended-purpose "Route queries to the correct team" \
> --impact-domains customer_service \
> --art5-self-assessment true \
> --assessor alice@example.com
$mima push model_evaluation \
> --model-id loan-scorer-v2 \
> --dataset holdout-q2-2026 \
> --accuracy 0.94 \
> --evaluated-by alice@example.com \
> --evaluation-type quarterly

Pipe JSON for scripted use:

$echo '{"by":"ci-bot@company.com","description":"Deploy","environment":"production","system":"api-service"}' \
> | mima push change_event --stdin

Add --dry-run to preview controls without writing:

$mima push model_evaluation \
> --model-id loan-scorer-v2 --dataset holdout --accuracy 0.94 \
> --evaluated-by alice@example.com --dry-run
$# Output: Would earn: EUAIA_ART9_4, ISO42001_9_1

Common flags

FlagDescription
--dry-runPreview controls without writing
--api-keyOverride stored API key
--workspace-idOverride stored workspace ID
--stdinRead fields from JSON on stdin

Environment variable: MIMA_BASE_URL

Used by mima push and mima gates. Set when pointing at a self-hosted deployment:

$export MIMA_BASE_URL=https://mima.internal.example.com/api
$mima push ...

Gates

mima gates

Check whether required evidence gates pass for a system.

$mima gates --system my-pipeline

Outputs a table of gate name, pass/fail status, and blocking status. Exits with code 0 if all gates pass, 1 if any soft gates fail, 2 if any hard gates fail.

Use in CI to block deploys when gates fail:

$mima gates --system my-pipeline || exit 1

Options

FlagDescription
--systemSystem to check (defaults to workspace-wide)
--api-keyOverride stored API key
--workspace-idOverride stored workspace ID
--formattable (default) | json

Controls

mima derive-controls

Get recommended evidence record types for a system description.

$mima derive-controls --description "A classification model that routes \
> customer support tickets to the correct team."

Returns a list of recommended record types and the controls they earn.

Recommended records for this system:
ai_risk_assessment → EUAIA_ART9, ISO42001_6_1
model_evaluation → EUAIA_ART9_4, ISO42001_9_1
human_oversight → EUAIA_ART14, ISO42001_6_1_2
training_data_governance → EUAIA_ART10

Options

FlagDescription
--descriptionSystem description (natural language)
--risk-tierhigh, limited, or minimal
--api-keyOverride stored API key

Environment variable: MIMA_API_URL

Used by mima derive-controls. Defaults to https://api.mima.ai/api.


Status

mima status

Show your current posture score and top open gaps.

$mima status
Posture score: 74/100
Open gaps (top 5):
[HIGH] model_drift_event not logged in 90 days (loan-scorer)
[MEDIUM] training_data_governance missing for 2 systems
[MEDIUM] quarterly model_evaluation overdue (customer-support-ai)
[LOW] vendor_risk not reviewed in 180 days (OpenAI)
[LOW] governance_review overdue
Gates: 3/5 passing

Configuration file

Stored at ~/.mima/config.json. Do not edit manually — use mima login.

1{
2 "api_key": "mima_ext_...",
3 "workspace_id": "ws_...",
4 "base_url": "https://api.mima.ai"
5}

Permissions are set to 0600 (owner read/write only). The API key is never written to .env files or environment exports by mima login.


Exit codes

CodeMeaning
0Success
1Soft gate failure or partial success
2Hard gate failure
3Authentication error
4Network or server error