Agentic CLI
Agentic CLI
Section titled “Agentic CLI”The Agentic CLI is the headless configuration experience: talk to TapPass.
The operator types intent — "deny the gmail.send tool for every agent in the customer-support project, then attach the GDPR compliance pack to all of them" — and an LLM-driven agent uses the TapPass control plane (via MCP server tools) to plan, confirm, and apply the changes.
This is the long-term ambition. UI today, CLI next, Agentic CLI later.
At a glance
Section titled “At a glance”| Surface | terminal session (or chat panel) running an LLM-driven config loop |
| Drives | TapPass control plane via the MCP server tool surface |
| Auth | operator session token (SSO) — agent inherits operator's permissions |
| Output | applied changes + audit trail entries + a human-readable diff log |
| Status | future |
What "agentic" means here
Section titled “What "agentic" means here”It's not autocomplete on the CLI. It's a loop:
[intent] Operator: "Deny gmail.send for all customer-support agents, then attach GDPR pack to those projects." ↓[plan] Agent: lists target agents and projects (via resource reads), builds an ordered set of mutations ↓[confirm] Agent shows the plan as a diff. Operator confirms or amends. ↓[apply] Agent calls the MCP tools in order, surfacing failures. ↓[review] Agent summarizes what changed, links to audit trail entries.The agent is bounded by the operator's RBAC scope and by Compliance pack constraints — it can't authorize destructive changes the operator alone couldn't authorize.
Why this concept exists
Section titled “Why this concept exists”Three drivers:
- Headless future. The product vision treats UI as the on-ramp; long-term, configuration moves to CLI + agentic flows.
- Cross-project changes are high-leverage but tedious. "Apply this compliance pack to every project in the org" is a lot of clicks; one sentence to an agent does it.
- Self-documenting changes. The agent's plan + diff + summary become a natural change-log entry — better than what an operator typing CLI commands typically writes.
Guardrails
Section titled “Guardrails”The agent is bounded by:
| Guardrail | Effect |
|---|---|
| Operator RBAC scope | Agent can't do anything the operator can't |
| Plan-then-apply gating | No mutation without operator confirmation (configurable threshold) |
| Audit trail | Every action lands in audit, marked as agent-driven with operator + plan id |
| Compliance pack constraints | Mutations that would violate an attached compliance pack are rejected |
| Loop guard | Recursive / runaway agent loops detected and stopped |
Surfaces
Section titled “Surfaces”| Persona | Surface | What they do |
|---|---|---|
| Operator | Terminal tappass agentic | Open an agentic config session |
| Operator | Admin UI → AI Assistant | Same loop, in a chat panel inside the UI |
| Auditor | Audit trail | See exactly which mutations the agent made on whose behalf, with the plan |
Related concepts
Section titled “Related concepts”- drives → MCP server — the tool surface it operates against
- complementary to ↔ CLI, Admin UI, SDK (admin)
- bounded by → Identity (operator scope) + Compliance pack (regulatory floor)
- emits → Audit log — agent-driven mutations clearly tagged