Use when designing, reviewing, or refactoring a CLI that must serve AI agents alongside humans, or when converting an API or SDK into an agent-usable CLI int...
---
name: agent-native-design
description: Use when designing, reviewing, or refactoring a CLI that must serve AI agents alongside humans, or when converting an API or SDK into an agent-usable CLI interface.
license: CC-BY-NC-4.0
homepage: https://github.com/Agents365-ai/agent-native-design
compatibility: Includes sidecar metadata for OpenClaw, Hermes, pi-mono, and OpenAI Codex; the core SKILL.md is portable to any agent runtime that supports Agent Skills-style instructions.
platforms: [macos, linux, windows]
metadata: {"openclaw":{"requires":{},"emoji":"⌨️","os":["darwin","linux","win32"]},"hermes":{"tags":["cli","agent-native","interface-design","structured-output","schema-driven"],"category":"engineering","requires_tools":[],"related_skills":[]},"pimo":{"category":"engineering","tags":["cli","agent-native","interface-design","structured-output","schema-driven"]},"author":"Agents365-ai","version":"1.3.5"}
---
# agent-native-design
## Purpose
This skill helps analyze, design, and refactor command-line tools so they can reliably serve **humans**, **AI agents**, and **orchestration systems** at the same time.
It is not a skill for merely *using* a CLI. It is a skill for designing and reviewing a CLI as an **agent-native interface**.
The skill focuses on four goals:
1. Make CLI behavior predictable for AI agents.
2. Make CLI output readable and recoverable for humans.
3. Make CLI execution manageable for systems and orchestrators.
4. Define a complete interaction loop from authentication to error routing.
---
## When to use this skill
Use this skill when the user wants to:
* evaluate whether an existing CLI is agent-friendly
* redesign a CLI to better support AI agents
* convert an API or SDK into an agent-native CLI
* review help output, schema design, exit codes, or JSON contracts
* design dry-run, auth delegation, or safety boundaries
* generate CLI skills, docs, or interface conventions from schema
* refactor a human-oriented CLI into a machine-friendly one
* define how a CLI should interact with an agent runtime
Typical prompts include:
* "Review this CLI and tell me whether it is agent-native."
* "Design a CLI for this API that an AI agent can use reliably."
* "Refactor this tool so stdout is machine-readable and safer for agents."
* "Help me define schema introspection, dry-run, and exit code semantics."
## When not to use this skill
Do not use this skill when the user only wants:
* help running a specific command
* installation help for a CLI
* shell troubleshooting unrelated to interface design
* generic Linux or terminal tutorials
* agent planning or memory design unrelated to tools
* API business logic review without any CLI/tooling layer
---
## Core model
An agent-native CLI must simultaneously serve three audiences.
### 1. Human
Needs: readable output, friendly error messages, onboarding guidance.
Channels: `stderr`, optional `--format table`, interactive TUI when appropriate.
### 2. AI Agent
Needs: structured data, stable contracts, self-description.
Channels: `stdout` as JSON, stable exit codes, schema introspection, dry-run previews, generated skills/docs.
### 3. System / Orchestrator
Needs: delegated authentication, process management, deterministic error routing.
Channels: environment variables, exit codes, dry-run mode, stable command semantics.
### Foundational contract
| Channel | Primary audience |
|---------|-----------------|
| `stdout` | Machines and agents |
| `stderr` | Humans |
| `exit codes` | Systems and orchestrators |
This skill teaches how to make CLI a first-class interface for agents. Production agents (Claude Code, Cursor, Gemini CLI) often pair a CLI with an MCP server — CLI for state changes and local/scriptable work, MCP for multi-tenant SaaS and per-user auth. When a design needs the MCP side as well, see `references/hybrid-mcp-cli.md` for the decision matrix and the benchmark data behind the CLI/MCP tradeoff.
---
## The complete interaction loop
| Phase | Step | Description |
|-------|------|-------------|
| 0. Bootstrap | 1 | Human/system obtains auth token or credentials |
| 0. Bootstrap | 2 | Set trusted env vars: token, profile, safety mode |
| 1. Discovery | 3 | Agent loads skills or command summaries |
| 1. Discovery | 4 | Agent queries schema/help for parameters |
| 2. Planning | 5 | Agent uses `--dry-run` to preview request shape |
| 3. Execution | 6 | Agent executes with validated inputs |
| 4. Interpretation | 7 | Agent parses structured result |
| 5. Recovery | 8 | Agent uses exit code + error object to retry, re-auth, repair, or escalate |
A CLI that does not support every phase is incomplete from the agent's perspective.
---
## Seven principles
These are load-bearing. Each principle has at least one rubric criterion and at least one example backing it.
### Principle 0. One CLI, Three Audiences
The CLI must serve human, agent, and system simultaneously. A design that serves only one audience is incomplete.
### Principle 1. Structured Output Is the Interface
`stdout` should always be parseable and stable. Both success and failure are structured JSON. The CLI must decide for itself which audience is reading: detect at startup whether stdout is a TTY, default to JSON when it is not, default to human-readable when it is. `NO_COLOR` and an explicit `--format json|table` flag override the auto-detection. Agents should never have to remember to pass `--format json` — if they have to, they will forget, and the run will silently produce un-parseable prose. Envelope and error contract: `references/design-patterns.md#output-envelopes`.
### Principle 2. Trust Is Directional
CLI arguments are not inherently trusted — they may come from a hallucinating or prompt-injected agent. Environment-level configuration set by the human or system is more trusted. The agent chooses *what to do* within a bounded surface; the human defines *where and how it is allowed to operate*.
### Principle 3. The CLI Must Describe Itself
The CLI must be self-describing enough that an agent can use it without reading external README files. Self-description must be **progressive**, not eager: top-level `--help` lists resources; resource help lists actions; action help lists flags; a separate `schema <resource.action>` returns the full typed schema. A CLI with hundreds of commands that dumps everything into the first `--help` pays that token cost on every agent invocation. See `references/design-patterns.md#help-design` and `references/examples.md` Examples 2 and 5.
### Principle 4. Safety Through Graduated Visibility
Read commands are easy to discover; mutating commands carry explicit warnings; destructive commands are hidden from skills or gated separately. Tier table and rationale: `references/design-patterns.md#safety-design`. Tiers are necessary but not sufficient — they are a prompt-side defense and approval fatigue degrades them quickly. Assume the agent runtime will additionally sandbox the CLI at the OS level (filesystem, network, processes), and design destructive commands to fail closed inside that sandbox.
### Principle 5. Validate at the Boundary, Not in the Middle
Inputs are validated once at the CLI entry point. Internal code operates on validated, typed, trusted structures. Validation functions are centralized and tested for both pass and reject cases.
### Principle 6. The Schema Is the Source of Truth
If a schema exists, everything derives from it: CLI command structure, validation rules, help text, generated docs, generated skills, type definitions, dry-run contracts. The schema is never manually duplicated. The schema must also carry its own version and deprecation signals, surfaced in the `meta` block of every response, so agents that have cached an older view can detect drift and re-discover rather than silently calling a removed method. Full versioning contract and example: `references/design-patterns.md#schema-versioning`.
### Principle 7. Authentication Must Be Delegatable
Authentication is obtained and refreshed by human/system-managed flows. The agent uses credentials; it never owns the auth lifecycle. Preferred mechanisms: environment variables, config files, OS keychain integration, externally refreshed tokens. Canonical pattern: `references/examples.md` Example 3.
---
## Standard review workflow
### Step 1. Classify the input
Decide whether the user is providing: an existing CLI, an API to be wrapped, a conceptual design, a partial interface, or a failure case.
### Step 2. Map the three audiences
**Human:** Is there readable output? Are errors understandable? Is onboarding supported?
**Agent:** Is stdout stable JSON? Can the CLI describe itself? Is there schema introspection and dry-run?
**System:** Is auth delegatable? Are exit codes stable? Can failures be routed deterministically?
### Step 3. Review the interaction loop
Check whether the CLI supports: bootstrap, discovery, parameter understanding, preview, execution, parsing, recovery.
### Step 4. Score the CLI with the rubric, then map back to principles
Use the 14-criterion rubric to score the CLI. The full rubric lives in `references/rubric.md`. Every one of the seven principles has at least one rubric row backing it, so the score-to-principle mapping is total: P0 → Three-audience support, Non-interactive operation; P1 → Stdout contract, Stderr separation, Idempotent retries, Error recoverability; P2 → Trust boundary; P3 → Self-description (help), Dry-run; P4 → Safety tiers; P5 → Boundary validation; P6 → Schema introspection; P7 → Auth delegation. Then summarize per principle with evidence, risk, and recommendation. The full review checklists live in `references/checklists.md`.
### Step 5. Produce a refactor plan
- **P0** must fix
- **P1** should improve
- **P2** long-term enhancements
---
## Default output format
### 1. Overall verdict
State whether the CLI is **agent-native**, **partially agent-native**, or **not yet agent-native**.
### 2. Three-audience contract review
Assess support for human, agent, system.
### 3. Interaction loop coverage
Assess each phase: auth bootstrap → env setup → skill/help discovery → schema introspection → dry-run → execution → parsing and recovery.
### 4. Rubric score + seven-principle review
Report the 14-criterion rubric score first, then summarize the seven principles as: status · evidence · issue · recommendation.
### 5. Key risks
Summarize design failures: human-only output, unstable JSON, no schema introspection, destructive commands overexposed, auth coupled to agent, ambiguous exit codes.
### 6. Refactor plan
Prioritized recommendations with examples drawn from `references/examples.md`.
---
## Things this skill should avoid recommending
* Human-readable prose as the only output contract
* README required for basic command discovery
* Schema and validation that drift apart
* Auth supplied primarily via agent-generated arguments
* Destructive actions exposed by default
* CLI behavior that depends on undocumented conventions
* Errors that are only textual and not machine-routable
* Mutating commands that are not idempotent under retry
* Confirmation prompts with no `--yes` escape and no TTY-aware fallback
* Eager schema dumps in top-level `--help` — agents that call the CLI in loops pay this cost on every invocation; use progressive disclosure instead. The token-cost rationale lives in `references/hybrid-mcp-cli.md`.
---
## Reference files
Load on demand — these are not in the agent's context until needed:
| File | Read when |
|------|-----------|
| `references/examples.md` | Showing the user a good envelope, error, dry-run, batch response, or anti-pattern |
| `references/rubric.md` | Producing the score component of a CLI review |
| `references/checklists.md` | Walking through a CLI auditing list with the user, or sanity-checking a new design |
| `references/design-patterns.md` | Writing the contract for envelopes, exit codes, idempotency, non-interactive mode, long-running commands, schema versioning, locale/time |
| `references/hybrid-mcp-cli.md` | Deciding CLI vs. MCP vs. both, or citing benchmark numbers behind the CLI efficiency claim |
| `references/testing.md` | Showing the user how to verify their CLI actually upholds the contract (envelope shape, idempotency replay, TTY behavior, schema drift, dry-run safety, locale determinism) — load this when the design review converges on "how do we keep it agent-native over time?" |
| `references/citations.md` | Citing the primary sources behind a recommendation |
---
## One-sentence summary
This skill helps turn a CLI into a trustworthy execution interface for **humans, AI agents, and systems** through **structured output, self-description, delegated authentication, safety boundaries, and a complete interaction loop**.
don't have the plugin yet? install it then click "run inline in claude" again.
use this skill to analyze, design, and refactor command-line tools so they reliably serve humans, AI agents, and orchestration systems at the same time. this skill is for designing and reviewing a CLI as an agent-native interface, not for merely using one. it focuses on making CLI behavior predictable for agents, output readable for humans, execution manageable for systems, and the full interaction loop (auth to error recovery) well-defined. use it when evaluating whether an existing CLI is agent-friendly, redesigning a CLI to support agents, converting an API or SDK into an agent-native CLI, reviewing help output or JSON contracts, designing dry-run and safety boundaries, or refactoring a human-oriented tool into a machine-friendly one.
user-provided material:
external connections:
references/hybrid-mcp-cli.md) if deciding CLI vs. MCP tradeoffskill context:
references/examples.md, references/rubric.md, references/checklists.md, references/design-patterns.md, references/hybrid-mcp-cli.md, references/testing.md, references/citations.md<this-skill-dir>/.last_update exists and is less than 24 hours old. if so, skip to step 1.git -C <this-skill-dir> ls-remote --tags origin 'v*' 2>/dev/null | awk '{print $2}' | sed 's|refs/tags/||' | sort -V | tail -1. capture the result as latest_tag.latest_tag (semver) to this skill's frontmatter metadata.version. if latest_tag is strictly newer, output one line: "a newer version of this skill is available: vgit pull?" wait for user response.git -C <this-skill-dir> pull --ff-only and refresh .last_update to current timestamp. if user says no or gives no response, refresh .last_update silently.input: optional user approval to update.
output: skill is current or has been updated; .last_update file is refreshed.
input: user-provided CLI, API, design, or failure case. output: classification statement (e.g., "you've provided an existing CLI with help output. i'll review it against the seven principles").
review the user's material for signals of the three audiences:
a. human: readable output, friendly error messages, onboarding/tutorial, progress feedback, TUI or interactive mode, colored output or tables, documentation aimed at people.
b. agent: structured stdout (JSON, CSV, or other machine format), stable contracts, schema introspection, help text self-describing the CLI, dry-run or preview mode, generated skill definitions, deterministic exit codes.
c. system/orchestrator: delegated authentication (env vars, config files, keychain, externally refreshed tokens), process management signals (exit codes, signal handling), idempotent retries, non-interactive mode by default, deterministic error routing.
for each audience, note: is it present? is it strong or weak? what is missing?
input: classified CLI/API/design. output: three-audience assessment with evidence (sample output, config examples, etc.).
for each phase in the loop below, check whether the CLI supports it. if partial, note what is missing. if absent, flag as a gap.
| phase | step | signals |
|---|---|---|
| bootstrap | 1 | auth token, credentials, or cert obtained by human/system |
| bootstrap | 2 | trusted env vars set (token, profile, safety mode) |
| discovery | 3 | agent loads skills, command summaries, or help |
| discovery | 4 | agent queries schema/help for parameters and types |
| planning | 5 | agent uses --dry-run or --preview to see request shape |
| execution | 6 | agent executes with validated inputs, gets structured result |
| interpretation | 7 | agent parses structured result and updates its state |
| recovery | 8 | agent uses exit code + error object to retry, re-auth, repair, or escalate |
build a coverage map showing which phases are complete, which are partial, and which are missing.
input: CLI/API/design from step 1. output: interaction-loop coverage table with gaps and notes.
open or load the 14-criterion rubric from references/rubric.md. each criterion is binary (pass/fail) or graded (0-3). score the CLI or design on each criterion.
record the rubric score: (N passing / 14) or average of graded scores.
for each of the seven principles, identify which rubric rows back it:
for each principle, synthesize the rubric evidence into: status (strong/partial/weak/absent) · evidence (example from the CLI) · issue (what breaks) · recommendation (how to fix).
record the per-principle summary.
input: rubric from reference, scored CLI. output: rubric score + seven-principle review with evidence and recommendations.
review the seven-principle summaries and the interaction loop gaps.
prioritize fixes by impact:
a. P0 and P1 must fix: these are the load-bearing principles. a CLI that does not serve all three audiences or does not have a stable structured output contract is not agent-native.
b. P2-P7 should improve: these deepen agent trust, robustness, and self-service.
for each recommended change, provide:
a. principle(s) it addresses
b. concrete code or config example (drawn from references/examples.md if applicable)
c. effort estimate (small, medium, large)
d. risk or tradeoff (e.g., "breaking change in output format", "requires schema version bump")
output the refactor plan in priority order.
input: principle review and loop gaps. output: prioritized refactor plan with examples and effort estimates.
state overall verdict: agent-native (all seven principles, full loop), partially agent-native (most principles, some gaps), or not yet agent-native (gaps in P0, P1, P2, or loop coverage).
include sections:
a. three-audience contract review: human/agent/system assessment.
b. interaction loop coverage: phases supported, phases missing, phase notes.
c. rubric score and seven-principle review: score + per-principle summary.
d. key risks: design failures, human-only output, unstable JSON, no schema, overexposed destructive actions, coupled auth, ambiguous exit codes, etc.
e. refactor plan: prioritized recommendations with examples.
avoid recommending: human-readable prose as the only output, README required for discovery, schema/validation drift, agent-supplied auth, overexposed destructive actions, undocumented conventions, textual-only errors, non-idempotent mutating commands, confirmation prompts without --yes escape, eager schema dumps in --help.
input: all preceding steps. output: complete review document.
decision 1: is the input an existing CLI or a design?
references/examples.md Example 3 for a canonical pattern (auth delegation, dry-run, schema introspection).decision 2: does the CLI have a schema file?
decision 3: is the CLI designed primarily for humans or agents?
decision 4: does the CLI have a dry-run or preview mode?
--dry-run or --preview to every mutating command. this is P3 support and reduces execution risk.decision 5: is authentication delegated to env vars or is it agent-owned?
decision 6: are destructive commands hidden or easily discoverable?
decision 7: what is the user's goal?
references/examples.md.references/hybrid-mcp-cli.md, cite benchmark data, and recommend the tradeoff.format: markdown document with sections as below. code examples in fenced blocks. tables for structure (e.g., three-audience assessment, rubric scores, interaction loop coverage).
structure:
overall verdict: one sentence. "this CLI is [agent-native | partially agent-native | not yet agent-native]."
three-audience contract review: three subsections (human, agent, system). each subsection lists: needs · what the CLI provides · gap or strength · evidence (sample output, config, code).
interaction loop coverage: table with phases and coverage (complete, partial, missing). notes on gaps.
rubric score: format as N/14 criteria passing or average score M/3. list passing and failing criteria.
seven-principle review: for each principle, list: status (strong/partial/weak/absent) · evidence · issue · recommendation.
key risks: bullet list of design failures or vulnerabilities (e.g., "destructive commands exposed in help", "exit codes not documented", "auth coupled to agent").
refactor plan: prioritized list. each item: principle address · change description · code/config example · effort (small/medium/large) · risk or tradeoff.
closing: one-sentence summary of the path to agent-native.
file location: output as a markdown document in the conversation. if the user requests, save to a file (e.g., cli-review-<date>.md).
data format: all structured output (rubric scores, loop coverage, principle summaries) must be machine-parseable (markdown tables, JSON objects, or YAML). do not use prose-only reporting.
the user knows the skill worked if they can answer yes to:
verdict is clear: i know whether my CLI is agent-native, partially agent-native, or not yet. (outcome: binary classification with evidence).
gaps are specific: for each principle that is not strong, i know exactly what is missing and why. (outcome: per-principle diagnosis with evidence and citation to the rubric).
refactor path is actionable: i have a prioritized list of changes with examples and effort estimates. i can pick the first change and start coding. (outcome: step-by-step refactor plan with code samples).
three audiences are balanced: i understand how my CLI serves or fails humans, agents, and systems. i can verify each audience's needs after refactoring. (outcome: three-audience assessment and verification checklist).
interaction loop is complete: i can trace the full loop from auth bootstrap to error recovery. i know which phases my CLI supports and which need work. (outcome: loop coverage map with coverage signals for each phase).
schema, contracts, and safety are explicit: if i have a schema, i can point to it and verify no manual duplication. if i don't, i know i need to build one. if my CLI has destructive commands, i know they are tiered and gated. (outcome: schema audit, contract definitions, safety tier mapping).
next step is obvious: i know which principle to tackle first and have a concrete example to follow. (outcome: refactor plan with the first item fully detailed).
example outcome signal: "after this skill, i went from 'my CLI seems agent-unfriendly' to 'my CLI fails P1 (structured output) and P3 (self-description). i need to add --dry-run, emit JSON to stdout by default, and add a schema subcommand. here is example code for each.' the refactor plan gives me three weeks of work, prioritized by impact."
an agent-native CLI must simultaneously serve three audiences.
needs: readable output, friendly error messages, onboarding guidance.
channels: stderr, optional --format table, interactive TUI when appropriate.
needs: structured data, stable contracts, self-description.
channels: stdout as JSON, stable exit codes, schema introspection, dry-run previews, generated skills/docs.
needs: delegated authentication, process management, deterministic error routing. channels: environment variables, exit codes, dry-run mode, stable command semantics.
| channel | primary audience |
|---|---|
stdout |
machines and agents |
stderr |
humans |
| exit codes | systems and orchestrators |
this skill teaches how to make CLI a first-class interface for agents. production agents (Claude Code, Cursor, Gemini CLI) often pair a CLI with an MCP server. CLI is for state changes and local/scriptable work; MCP is for multi-tenant