Skip to main content
Keycli exists so agents do not mutate providers directly. Instead:
  1. the agent asks for a change
  2. Keycli makes a plan
  3. Keycli checks risk, scope, and readiness
  4. a human approves when needed
  5. the adapter applies the change
  6. the run is recorded

Scope matters

  • Vercel → project
  • GitHub → repository
  • Render → service

Live vs simulated

  • provider-api = live adapter + valid scoped connection
  • local-provider-simulation = workflow visible, provider mutation not live

What Keycli is not

  • not a generic vault
  • not raw shell access to production
  • not a finished provider matrix for everything

Use this page after Quickstart

If you have not run Quickstart yet, do that first.