STANDARD OPERATIONS INTERFACE FOR AI AGENTS

ONE INTERFACE FORAI AGENTS TO OPERATE PRODUCTION

Connect Vercel, GitHub, Render, and other provider surfaces once. Let your coding agent use Keycli to manage env vars, secrets, deploy-linked changes, approvals, and audit without raw provider access.

Open quickstart Open docs View providers

ONE INTERFACESCOPE CHECKSAPPROVALAUDIT

CLI front door. Governed execution underneath. Start with one provider and one honest live proof.

QUICKSTART :: USAGE FIRST

$npm install

$npm run demo:hosted:self

$npm run demo:vercel:preview

ONE COMMAND MODELSCOPED EXECUTIONHUMANS APPROVE

VERCELGITHUBRENDER

REQUEST→PLAN→CHECK→APPROVE→APPLY

HOW IT WORKS

One command model across provider operations

Agents use one Keycli interface. Underneath, Keycli standardizes request, planning, scope checks, approval, apply, and audit across provider-specific systems.

Request

The agent asks for a change.

Plan

Keycli turns it into a structured plan.

Check

Scope, readiness, and policy are checked.

Approve

Humans approve when required.

Apply

The adapter runs and leaves an audit trail.

Live only applies when the adapter is supported and the connection is in scope.

ONE INTERFACE, MANY PROVIDERS

Standardize provider ops before your agents touch production.

Keycli gives agents one command model across Vercel, GitHub, and Render while keeping provider scope, readiness, approval, and audit explicit underneath.

Vercel

BEST FIRST WEDGE

Scope: Project

The cleanest first proof that one Keycli interface can drive a real provider change safely.

Recommended first live demo
Project-scoped connection model
Can redeploy after config change when the plan requires it

GitHub

WORKFLOW WEDGE

Scope: Repository

Repo-scoped secret mutation plus approval where teams already work.

GitHub Actions repository secret mutation
Comment-based approval flow in the current supported wedge
Repository-scoped connection and rechecks before apply

Render

LIVE ADAPTER

Scope: Service

Service env var mutation through the same standardized Keycli flow.

Service env var mutation through a live adapter
Service-scoped connection model
Honest readiness reporting instead of pretending every target is global

Set up a provider See first governed change

The point is not to wrap CLIs for fun. The point is to give agents one governed interface across provider ops.

DOCS

One interface. Honest usage.

The docs are built around using Keycli as the standard interface for provider ops: run the self-demo, connect one provider, and make one governed change.

Run first

Run the quickstart.
Connect one scoped provider.
Make one governed change.

Know before you apply

Live apply only works with a supported adapter and valid scope.
One good provider setup beats three half-configured ones.
Mixed-provider comes after the first live proof.

Quickstart

The fastest path from clone to proof with the canonical Keycli interface.

Install once
Run the self-demo
Use the Vercel preview path

/docs/quickstart

Provider setup

Connect one provider with real scope before expecting live execution.

Vercel → project
GitHub → repository
Render → service

/docs/provider-connections

First governed change

See the low-risk path first, then the approval-gated path.

Low-risk first
Approval when needed
Audit at the end

/docs/first-governed-change

Core commands

npm installnpm run demo:hosted:selfnpm run api:hostednpm run demo:vercel:preview

Open docs home Open quickstart See first governed change