Your CLI is an API, and agents are its users
CLIARE audits released CLI binaries as black boxes to build machine-readable command indexes, sparing AI agents from expensive trial-and-error discovery.

What it does
CLIARE runs a released CLI binary through bounded black-box probes, records the runtime evidence, and infers a structured command surface. It emits a command-index.json catalog, issue ledgers, scorecards, and persona reports for maintainers, security reviewers, and agent harnesses. The goal is to replace hand-written help text and stale documentation with an evidence-backed contract that an autonomous agent can consume directly.
The interesting bit
The project treats CLI drift—where --help, docs, and the actual binary disagree—as an API compatibility bug rather than a documentation problem. By snapshotting filesystem state around each probe, it can even catch “safe” commands like --version or --help quietly writing cache files or credentials, which is exactly the kind of undocumented side effect that concerns security reviewers when autonomous agents are involved.
Key highlights
- Generates a
command-index.jsonwith command paths, flags, positionals, preconditions, output contracts, and confidence scores derived from runtime behavior, not static parsing. - Detects side effects by snapshotting filesystem state, surfacing undocumented writes from seemingly read-only discovery commands.
- Outputs multiple persona-specific artifacts: maintainer fix queues, security side-effect reports, and harness-ready agent skills.
- Produces CI-friendly formats including SARIF and JUnit XML, framing agent-readiness gaps as release-gate failures.
- Supports configurable probing contexts (clean, authenticated, fixture-backed, host, CI) to measure behavior under different runtime conditions.
Caveats
- Deep traversal of large CLI surfaces is resource-intensive; the README shows a
supabaseexample configured for 5,000 probes and concurrency of 8. - Because it treats the CLI as a black box, inferred command shapes and side effects carry confidence scores rather than source-level certainty.
- Meaningful results depend on selecting the correct probing context; a mismatched context may miss commands or misreport preconditions.
Verdict
Worth a look if you maintain a CLI that autonomous agents might invoke, or if you build agent harnesses tired of token-burn from --help parsing loops. Skip it if your command-line tools are already simple, stable, and wrapped by proper programmatic APIs.
Frequently asked
- What is modiqo/cliare?
- CLIARE audits released CLI binaries as black boxes to build machine-readable command indexes, sparing AI agents from expensive trial-and-error discovery.
- Is cliare open source?
- Yes — modiqo/cliare is open source, released under the Apache-2.0 license.
- What language is cliare written in?
- modiqo/cliare is primarily written in Rust.
- How popular is cliare?
- modiqo/cliare has 602 stars on GitHub.
- Where can I find cliare?
- modiqo/cliare is on GitHub at https://github.com/modiqo/cliare.