Agent-Skills.md

Agent Skills: Agent-Friendly CLI Spec v0.1

Design spec with 98 rules for building CLI tools that AI agents can safely use. Covers structured JSON output, error handling, input contracts, safety guardrails, exit codes, and agent self-description.

UncategorizedID: sickn33/antigravity-awesome-skills/ai-native-cli

Repository

sickn33/antigravity-awesome-skills
sickn33License: MIT
27,0474,580

Install this agent skill to your local

pnpm dlx add-skill https://github.com/sickn33/antigravity-awesome-skills/tree/HEAD/skills/ai-native-cli

Skill Files

Browse the full folder contents for ai-native-cli.

Download Skill

Loading file tree…

skills/ai-native-cli/SKILL.md

Skill Metadata

Name
ai-native-cli
Description
"Design spec with 98 rules for building CLI tools that AI agents can safely use. Covers structured JSON output, error handling, input contracts, safety guardrails, exit codes, and agent self-description."

Agent-Friendly CLI Spec v0.1

When building or modifying CLI tools, follow these rules to make them safe and reliable for AI agents to use.

Overview

A comprehensive design specification for building AI-native CLI tools. It defines 98 rules across three certification levels (Agent-Friendly, Agent-Ready, Agent-Native) with prioritized requirements (P0/P1/P2). The spec covers structured JSON output, error handling, input contracts, safety guardrails, exit codes, self-description, and a feedback loop via a built-in issue system.

When to Use This Skill

  • Use when building a new CLI tool that AI agents will invoke
  • Use when retrofitting an existing CLI to be agent-friendly
  • Use when designing command-line interfaces for automation pipelines
  • Use when auditing a CLI tool's compliance with agent-safety standards

Core Philosophy

  1. Agent-first -- default output is JSON; human-friendly is opt-in via --human
  2. Agent is untrusted -- validate all input at the same level as a public API
  3. Fail-Closed -- when validation logic itself errors, deny by default
  4. Verifiable -- every rule is written so it can be automatically checked

Layer Model

This spec uses two orthogonal axes:

  • Layer answers rollout scope: core, recommended, ecosystem
  • Priority answers severity: P0, P1, P2

Use layers for migration and certification:

  • core -- execution contract: JSON, errors, exit codes, stdout/stderr, safety
  • recommended -- better machine UX: self-description, explicit modes, richer schemas
  • ecosystem -- agent-native integration: agent/, skills, issue, inline context

Certification maps to layers:

  • Agent-Friendly -- all core rules pass
  • Agent-Ready -- all core + recommended rules pass
  • Agent-Native -- all layers pass

How It Works

Step 1: Output Mode

Default is agent mode (JSON). Explicit flags to switch:

$ mycli list              # default = JSON output (agent mode)
$ mycli list --human      # human-friendly: colored, tables, formatted
$ mycli list --agent      # explicit agent mode (override config if needed)
  • Default (no flag) -- JSON to stdout. Agent never needs to add a flag.
  • --human -- human-friendly format (colors, tables, progress bars)
  • --agent -- explicit JSON mode (useful when env/config overrides default)

Step 2: agent/ Directory Convention

Every CLI tool MUST have an agent/ directory at its project root. This is the tool's identity and behavior contract for AI agents.

agent/
  brief.md          # One paragraph: who am I, what can I do
  rules/            # Behavior constraints (auto-registered)
    trigger.md      # When should an agent use this tool
    workflow.md     # Step-by-step usage flow
    writeback.md    # How to write feedback back
  skills/           # Extended capabilities (auto-registered)
    getting-started.md

Step 3: Four Levels of Self-Description

  1. --brief (business card, injected into agent config)
  2. Every Command Response (always-on context: data + rules + skills + issue)
  3. --help (full self-description: brief + commands + rules + skills + issue)
  4. skills <name> (on-demand deep dive into a specific skill)

Certification Requirements

Each level includes all rules from the previous level. Priority tag [P0]=agent breaks without it, [P1]=agent works but poorly, [P2]=nice to have.

Level 1: Agent-Friendly (core -- 20 rules)

Goal: CLI is a stable, callable API. Agent can invoke, parse, and handle errors.

Output -- default is JSON, stable schema

  • [P0] O1: Default output is JSON. No --json flag needed
  • [P0] O2: JSON MUST pass jq . validation
  • [P0] O3: JSON schema MUST NOT change within same version

Error -- structured, to stderr, never interactive

  • [P0] E1: Errors -> {"error":true, "code":"...", "message":"...", "suggestion":"..."} to stderr
  • [P0] E4: Error has machine-readable code (e.g. MISSING_REQUIRED)
  • [P0] E5: Error has human-readable message
  • [P0] E7: On error, NEVER enter interactive mode -- exit immediately
  • [P0] E8: Error codes are API contracts -- MUST NOT rename across versions

Exit Code -- predictable failure signals

  • [P0] X3: Parameter/usage errors MUST exit 2
  • [P0] X9: Failures MUST exit non-zero -- never exit 0 then report error in stdout

Composability -- clean pipe semantics

  • [P0] C1: stdout is for data ONLY
  • [P0] C2: logs, progress, warnings go to stderr ONLY

Input -- fail fast on bad input

  • [P1] I4: Missing required param -> structured error, never interactive prompt
  • [P1] I5: Type mismatch -> exit 2 + structured error

Safety -- protect against agent mistakes

  • [P1] S1: Destructive ops require --yes confirmation
  • [P1] S4: Reject ../../ path traversal, control chars

Guardrails -- runtime input protection

  • [P1] G1: Unknown flags rejected with exit 2
  • [P1] G2: Detect API key / token patterns in args, reject execution
  • [P1] G3: Reject sensitive file paths (*.env, *.key, *.pem)
  • [P1] G8: Reject shell metacharacters in arguments (; | && $())

Level 2: Agent-Ready (+ recommended -- 59 rules)

Goal: CLI is self-describing, well-named, and pipe-friendly. Agent discovers capabilities and chains commands without trial and error.

Self-Description -- agent discovers what CLI can do

  • [P1] D1: --help outputs structured JSON with commands[]
  • [P1] D3: Schema has required fields (help, commands)
  • [P1] D4: All parameters have type declarations
  • [P1] D7: Parameters annotated as required/optional
  • [P1] D9: Every command has a description
  • [P1] D11: --help outputs JSON with help, rules, skills, commands
  • [P1] D15: --brief outputs agent/brief.md content
  • [P1] D16: Default JSON (agent mode), --human for human-friendly
  • [P2] D2/D5/D6/D8/D10: per-command help, enums, defaults, output schema, version

Input -- unambiguous calling convention

  • [P1] I1: All flags use --long-name format
  • [P1] I2: No positional argument ambiguity
  • [P2] I3/I6/I7: --json-input, boolean --no-X, array params

Error

  • [P1] E6: Error includes suggestion field
  • [P2] E2/E3: errors to stderr, error JSON valid

Safety

  • [P1] S8: --sanitize flag for external input
  • [P2] S2/S3/S5/S6/S7: default deny, --dry-run, no auto-update, destructive marking

Exit Code

  • [P1] X1: 0 = success
  • [P2] X2/X4-X8: 1=general, 10=auth, 11=permission, 20=not-found, 30=conflict

Composability

  • [P1] C6: No interactive prompts in pipe mode
  • [P2] C3/C4/C5/C7: pipe-friendly, --quiet, pipe chain, idempotency

Naming -- predictable flag conventions

  • [P1] N4: Reserved flags (--agent, --human, --brief, --help, --version, --yes, --dry-run, --quiet, --fields)
  • [P2] N1/N2/N3/N5/N6: consistent naming, kebab-case, max 3 levels, --version semver

Guardrails

  • [P1] I8/I9: no implicit state, non-interactive auth
  • [P1] G6/G9: precondition checks, fail-closed
  • [P2] G4/G5/G7: permission levels, PII redaction, batch limits

Reserved Flags

| Flag | Semantics | Notes | |------|-----------|-------| | --agent | JSON output (default) | Explicit override | | --human | Human-friendly output | Colors, tables, formatted | | --brief | One-paragraph identity | For sync into agent config | | --help | Full self-description JSON | Brief + commands + rules + skills + issue | | --version | Semver version string | | | --yes | Confirm destructive ops | Required for delete/destroy | | --dry-run | Preview without executing | | | --quiet | Suppress stderr output | | | --fields | Filter output fields | Save tokens |

Level 3: Agent-Native (+ ecosystem -- 19 rules)

Goal: CLI has identity, behavior contract, skill system, and feedback loop. Agent can learn the tool, extend its use, and report problems -- full closed-loop collaboration.

Agent Directory -- tool identity and behavior contract

  • [P1] D12: agent/brief.md exists
  • [P1] D13: agent/rules/ has trigger.md, workflow.md, writeback.md
  • [P1] D17: agent/rules/*.md have YAML frontmatter (name, description)
  • [P1] D18: agent/skills/*.md have YAML frontmatter (name, description)
  • [P2] D14: agent/skills/ directory + skills subcommand

Response Structure -- inline context on every call

  • [P1] R1: Every response includes rules[] (full content from agent/rules/)
  • [P1] R2: Every response includes skills[] (name + description + command)
  • [P1] R3: Every response includes issue (feedback guide)

Meta -- project-level integration

  • [P2] M1: AGENTS.md at project root
  • [P2] M2: Optional MCP tool schema export
  • [P2] M3: CHANGELOG.md marks breaking changes

Feedback -- built-in issue system

  • [P2] F1: issue subcommand (create/list/show)
  • [P2] F2: Structured submission with version/context/exit_code
  • [P2] F3: Categories: bug / requirement / suggestion / bad-output
  • [P2] F4: Issues stored locally, no external service dependency
  • [P2] F5: issue list / issue show <id> queryable
  • [P2] F6: Issues have status tracking (open/in-progress/resolved/closed)
  • [P2] F7: Issue JSON has all required fields (id, type, status, message, created_at, updated_at)
  • [P2] F8: All issues have status field

Examples

Example 1: JSON Output (Agent Mode)

$ mycli list
{"result": [{"id": 1, "title": "Buy milk", "status": "todo"}], "rules": [...], "skills": [...], "issue": "..."}

Example 2: Structured Error

{
  "error": true,
  "code": "AUTH_EXPIRED",
  "message": "Access token expired 2 hours ago",
  "suggestion": "Run 'mycli auth refresh' to get a new token"
}

Example 3: Exit Code Table

0   success         10  auth failed       20  resource not found
1   general error   11  permission denied 30  conflict/precondition
2   param/usage error

Quick Implementation Checklist

Implement by layer -- each phase gets you the next certification level.

Phase 1: Agent-Friendly (core)

  1. Default output is JSON -- no --json flag needed
  2. Error handler: { error, code, message, suggestion } to stderr
  3. Exit codes: 0 success, 2 param error, 1 general
  4. stdout = data only, stderr = logs only
  5. Missing param -> structured error (never interactive)
  6. --yes guard on destructive operations
  7. Guardrails: reject secrets, path traversal, shell metacharacters

Phase 2: Agent-Ready (+ recommended) 8. --help returns structured JSON (help, commands[], rules[], skills[]) 9. --brief reads and outputs agent/brief.md content 10. --human flag switches to human-friendly format 11. Reserved flags: --agent, --version, --dry-run, --quiet, --fields 12. Exit codes: 20 not found, 30 conflict, 10 auth, 11 permission

Phase 3: Agent-Native (+ ecosystem) 13. Create agent/ directory: brief.md, rules/trigger.md, rules/workflow.md, rules/writeback.md 14. Every command response appends: rules[] + skills[] + issue 15. skills subcommand: list all / show one with full content 16. issue subcommand for feedback (create/list/show/close/transition) 17. AGENTS.md at project root

Best Practices

  • Do: Default to JSON output so agents never need to add flags
  • Do: Include suggestion field in every error response
  • Do: Use the three-level certification model for incremental adoption
  • Do: Keep agent/brief.md to one paragraph for token efficiency
  • Don't: Enter interactive mode on errors -- always exit immediately
  • Don't: Change JSON schema or error codes within the same version
  • Don't: Put logs or progress info on stdout -- use stderr only
  • Don't: Accept unknown flags silently -- reject with exit code 2

Common Pitfalls

  • Problem: CLI outputs human-readable text by default, breaking agent parsing Solution: Make JSON the default output format; add --human flag for human-friendly mode

  • Problem: Errors reported in stdout with exit code 0 Solution: Always exit non-zero on failure and write structured error JSON to stderr

  • Problem: CLI prompts for missing input interactively Solution: Return structured error with suggestion field and exit immediately

Related Skills

  • @cli-best-practices - General CLI design patterns (this skill focuses specifically on AI agent compatibility)

Additional Resources