{"schemaVersion":1,"name":"CLI Finder Agent-Ready CLI Registry","updatedAt":"2026-07-10","toolCount":38,"categories":[{"slug":"code-collaboration","name":{"en":"Code Collaboration","zh":"代码协作"},"description":{"en":"Work with repositories, pull requests, issues, pipelines, and releases.","zh":"处理代码仓库、拉取请求、Issue、流水线和发布。"},"taskKeywords":["git","repository","pull request","issue","release","ci"],"order":10},{"slug":"deployment-cloud","name":{"en":"Deployment and Cloud","zh":"部署与云平台"},"description":{"en":"Deploy applications and inspect cloud resources with explicit environment boundaries.","zh":"在明确环境边界的前提下部署应用并检查云资源。"},"taskKeywords":["deploy","cloud","worker","preview","hosting"],"order":20},{"slug":"containers-kubernetes","name":{"en":"Containers and Kubernetes","zh":"容器与 Kubernetes"},"description":{"en":"Build, inspect, and manage containers or clusters with read-first commands.","zh":"通过只读优先的命令构建、检查和管理容器或集群。"},"taskKeywords":["container","docker","kubernetes","cluster","helm"],"order":30},{"slug":"databases","name":{"en":"Databases","zh":"数据库"},"description":{"en":"Query and administer local or remote databases through scriptable commands.","zh":"通过可编排命令查询和管理本地或远程数据库。"},"taskKeywords":["database","sql","query","postgres","mysql","redis"],"order":40},{"slug":"data-text","name":{"en":"Data and Text","zh":"数据与文本"},"description":{"en":"Find, parse, validate, and transform files and structured data locally.","zh":"在本地查找、解析、校验和转换文件与结构化数据。"},"taskKeywords":["json","yaml","csv","search","files","transform"],"order":50},{"slug":"http-webhooks","name":{"en":"HTTP and Webhooks","zh":"HTTP 与 Webhook"},"description":{"en":"Call APIs, inspect protocols, and test webhooks or tunnels.","zh":"调用 API、检查协议并测试 Webhook 或隧道。"},"taskKeywords":["http","api","grpc","webhook","tunnel"],"order":60},{"slug":"web-automation","name":{"en":"Web Automation","zh":"网页自动化"},"description":{"en":"Test browser interfaces and extract authorized web content with auditable artifacts.","zh":"通过可审计产物测试浏览器界面并提取已授权的网页内容。"},"taskKeywords":["browser","crawl","scrape","screenshot","e2e"],"order":70},{"slug":"security","name":{"en":"Security","zh":"安全扫描"},"description":{"en":"Scan code, dependencies, images, and secrets into reviewable structured findings.","zh":"把代码、依赖、镜像和密钥扫描为可审查的结构化发现。"},"taskKeywords":["security","sast","vulnerability","secret","scan"],"order":80},{"slug":"operations-infrastructure","name":{"en":"Operations and Infrastructure","zh":"运维与基础设施"},"description":{"en":"Observe applications and plan infrastructure changes safely.","zh":"安全地观测应用并规划基础设施变更。"},"taskKeywords":["monitor","observability","infrastructure","iac","plan"],"order":90}],"tools":[{"slug":"github-cli","name":"GitHub CLI","command":"gh","publisher":"GitHub","official":true,"category":"code-collaboration","summary":{"en":"Review pull requests, triage issues, inspect Actions, and manage releases with GitHub's official CLI.","zh":"使用 GitHub 官方 CLI 审查拉取请求、处理 Issue、检查 Actions 并管理发布。"},"bestFor":["pull requests","issues","GitHub Actions","releases"],"searchTerms":["github","repo","pr review","actions","gh"],"featured":true,"order":101,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install gh","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install --id GitHub.cli","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["OAuth","personal access token","GitHub Actions token"],"headless":true,"secretEnv":["GH_TOKEN","GITHUB_TOKEN"],"minimumPermissions":{"en":"Use a read-only or fine-grained token limited to the required repositories.","zh":"使用只读或细粒度 Token，并仅授权任务所需仓库。"},"credentialStorage":{"en":"For headless runs, inject GH_TOKEN, GITHUB_TOKEN from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 GH_TOKEN、GITHUB_TOKEN。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json"],"flags":["--json","--jq"],"notes":{"en":"Use --json or --jq where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json 或 --jq，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"pr-list","name":{"en":"List pull requests","zh":"列出拉取请求"},"description":{"en":"Read pull request status and review fields without changing repository state.","zh":"读取拉取请求状态和审查字段，不更改仓库状态。"},"command":"gh pr list --state open --json number,title,reviewDecision,url","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"pr-merge","name":{"en":"Merge a pull request","zh":"合并拉取请求"},"description":{"en":"Merges code into the target branch and needs explicit approval.","zh":"会把代码合并到目标分支，必须明确确认。"},"command":"gh pr merge 123 --squash","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["gh","pr","merge"]},{"id":"repo-delete","name":{"en":"Delete a repository","zh":"删除仓库"},"description":{"en":"Deletes remote repository data and is destructive.","zh":"会删除远程仓库数据，属于破坏性操作。"},"command":"gh repo delete owner/repo","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["gh","repo","delete"]}],"readiness":{"score":84,"summary":{"en":"Documentation indicates an agent-readiness score of 84/100. A bounded local smoke test is recorded for 2.86.0; review its limitations before relying on untested commands.","zh":"文档证据对应的 Agent Readiness 为 84/100；已记录 2.86.0 的有限本地 Smoke Test，使用未测试命令前仍需查看证据边界。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --json or --jq where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json 或 --jq，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use a read-only or fine-grained token limited to the required repositories.","zh":"使用只读或细粒度 Token，并仅授权任务所需仓库。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"Read commands are safe by default; merges, edits, workflow runs, and deletion require confirmation.","zh":"读取命令默认安全；合并、编辑、运行工作流和删除必须确认。"}},"evidence":{"confidence":"verified","checkedAt":"2026-07-10","testedVersion":"2.86.0","testedAt":"2026-07-10","testEnvironment":"macOS 26.5.1 (arm64), local non-interactive shell","executedChecks":[{"command":"gh --version","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"},"stdoutExcerpt":"gh version 2.86.0 (2026-01-21)"},{"command":"gh help","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"}}],"outputSample":null,"limitations":{"en":"The installed binary, version output, help rendering, and zero exit status were checked locally. Authentication, repository access, JSON PR output, writes, and destructive commands were not executed.","zh":"已在本地检查安装后的二进制、版本输出、帮助内容和成功退出码；未执行认证、仓库访问、PR JSON 输出、写操作或破坏性命令。"},"sources":[{"label":"GitHub CLI manual","url":"https://cli.github.com/manual/","kind":"official-docs","official":true},{"label":"GitHub CLI manual source repository","url":"https://github.com/cli/cli","kind":"official-repository","official":true}]},"alternatives":["gitlab-cli"]},{"slug":"gitlab-cli","name":"GitLab CLI","command":"glab","publisher":"GitLab","official":true,"category":"code-collaboration","summary":{"en":"Work with GitLab merge requests, issues, pipelines, and releases from scripts.","zh":"通过脚本处理 GitLab 合并请求、Issue、流水线和发布。"},"bestFor":["merge requests","GitLab issues","pipelines","releases"],"searchTerms":["gitlab","merge request","pipeline","glab"],"featured":true,"order":102,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install glab","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install GLab.GLab","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["OAuth","personal access token","CI job token"],"headless":true,"secretEnv":["GITLAB_TOKEN","GITLAB_HOST"],"minimumPermissions":{"en":"Use a project-scoped token with read_api until a write is approved.","zh":"在写操作获批前，使用项目级且仅具 read_api 权限的 Token。"},"credentialStorage":{"en":"For headless runs, inject GITLAB_TOKEN, GITLAB_HOST from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 GITLAB_TOKEN、GITLAB_HOST。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","text"],"flags":["--output json"],"notes":{"en":"Use --output json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --output json，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"mr-list","name":{"en":"List merge requests","zh":"列出合并请求"},"description":{"en":"Reads merge request metadata for review and triage.","zh":"读取合并请求元数据，用于审查和分流。"},"command":"glab mr list --output json","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"issue-update","name":{"en":"Update an issue","zh":"更新 Issue"},"description":{"en":"Changes remote issue fields and requires approval.","zh":"会修改远程 Issue 字段，需要确认。"},"command":"glab issue update 123 --label bug","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["glab","issue","update"]}],"readiness":{"score":84,"summary":{"en":"Documentation indicates an agent-readiness score of 84/100. A bounded local smoke test is recorded for 1.92.1; review its limitations before relying on untested commands.","zh":"文档证据对应的 Agent Readiness 为 84/100；已记录 1.92.1 的有限本地 Smoke Test，使用未测试命令前仍需查看证据边界。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --output json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --output json，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use a project-scoped token with read_api until a write is approved.","zh":"在写操作获批前，使用项目级且仅具 read_api 权限的 Token。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"Inspection is read-only; merge, pipeline, release, and deletion commands can change remote state.","zh":"检查操作只读；合并、流水线、发布和删除命令可能改变远程状态。"}},"evidence":{"confidence":"verified","checkedAt":"2026-07-10","testedVersion":"1.92.1","testedAt":"2026-07-10","testEnvironment":"macOS 26.5.1 (arm64), local non-interactive shell","executedChecks":[{"command":"glab --version","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"},"stdoutExcerpt":"glab 1.92.1 (fcecef55)"},{"command":"glab --help","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"}}],"outputSample":null,"limitations":{"en":"The installed glab binary, version output, help rendering, and zero exit status were checked locally. Authentication, GitLab host access, merge-request JSON output, writes, and destructive commands were not executed.","zh":"已在本地检查 glab 二进制、版本输出、帮助内容和成功退出码；未执行认证、GitLab 主机访问、合并请求 JSON 输出、写操作或破坏性命令。"},"sources":[{"label":"GitLab CLI documentation","url":"https://docs.gitlab.com/cli/","kind":"official-docs","official":true},{"label":"GitLab CLI documentation source repository","url":"https://gitlab.com/gitlab-org/cli","kind":"official-repository","official":true}]},"alternatives":["github-cli"]},{"slug":"vercel-cli","name":"Vercel CLI","command":"vercel","publisher":"Vercel","official":true,"category":"deployment-cloud","summary":{"en":"Create, inspect, and promote Vercel deployments without relying on the dashboard.","zh":"无需依赖控制台即可创建、检查和提升 Vercel 部署。"},"bestFor":["preview deployments","production deploys","logs","environment variables"],"searchTerms":["vercel","deploy nextjs","preview","hosting"],"featured":true,"order":201,"installation":[{"label":"npm","manager":"npm","command":"npm install --global vercel","platforms":["macos","linux","windows"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["browser login","access token"],"headless":true,"secretEnv":["VERCEL_TOKEN","VERCEL_ORG_ID","VERCEL_PROJECT_ID"],"minimumPermissions":{"en":"Use a token scoped to the target team and project; keep production promotion separate.","zh":"Token 仅授权目标团队和项目，并把生产提升操作单独隔离。"},"credentialStorage":{"en":"For headless runs, inject VERCEL_TOKEN, VERCEL_ORG_ID, VERCEL_PROJECT_ID from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 VERCEL_TOKEN、VERCEL_ORG_ID、VERCEL_PROJECT_ID。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","text"],"flags":["--json","--yes"],"notes":{"en":"Use --json or --yes where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json 或 --yes，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"inspect","name":{"en":"Inspect a deployment","zh":"检查部署"},"description":{"en":"Reads deployment status and metadata.","zh":"读取部署状态和元数据。"},"command":"vercel inspect https://example.vercel.app --json","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"preview","name":{"en":"Create a preview deployment","zh":"创建预览部署"},"description":{"en":"Uploads code and creates a remote preview deployment.","zh":"会上传代码并创建远程预览部署。"},"command":"vercel --yes","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["vercel"]},{"id":"production","name":{"en":"Deploy to production","zh":"部署到生产环境"},"description":{"en":"Changes production traffic and must be explicitly approved.","zh":"会改变生产流量，必须明确确认。"},"command":"vercel --prod --yes","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["vercel"]}],"readiness":{"score":84,"summary":{"en":"Documentation indicates an agent-readiness score of 84/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 84/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --json or --yes where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json 或 --yes，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use a token scoped to the target team and project; keep production promotion separate.","zh":"Token 仅授权目标团队和项目，并把生产提升操作单独隔离。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R2","maximumLevel":"R3","summary":{"en":"A normal invocation creates remote deployment state; production promotion is high impact.","zh":"常规调用会创建远程部署状态；生产提升属于高影响操作。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"Vercel CLI documentation","url":"https://vercel.com/docs/cli","kind":"official-docs","official":true},{"label":"Vercel CLI documentation source repository","url":"https://github.com/vercel/vercel","kind":"official-repository","official":true}]},"alternatives":["cloudflare-wrangler","flyctl"]},{"slug":"cloudflare-wrangler","name":"Cloudflare Wrangler","command":"wrangler","publisher":"Cloudflare","official":true,"category":"deployment-cloud","summary":{"en":"Develop, deploy, and inspect Cloudflare Workers and related resources.","zh":"开发、部署并检查 Cloudflare Workers 及相关资源。"},"bestFor":["Cloudflare Workers","D1","R2","Queues","Pages"],"searchTerms":["cloudflare","workers","wrangler","d1","pages"],"featured":true,"order":202,"installation":[{"label":"npm","manager":"npm","command":"npm install --save-dev wrangler","platforms":["macos","linux","windows"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["OAuth","API token"],"headless":true,"secretEnv":["CLOUDFLARE_API_TOKEN","CLOUDFLARE_ACCOUNT_ID"],"minimumPermissions":{"en":"Use an API token limited to the required account, zone, and Worker resources.","zh":"API Token 仅授权任务所需账号、Zone 和 Worker 资源。"},"credentialStorage":{"en":"For headless runs, inject CLOUDFLARE_API_TOKEN, CLOUDFLARE_ACCOUNT_ID from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 CLOUDFLARE_API_TOKEN、CLOUDFLARE_ACCOUNT_ID。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","text"],"flags":["--json"],"notes":{"en":"Use --json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"deployments-list","name":{"en":"List deployments","zh":"列出部署"},"description":{"en":"Reads deployment history without publishing code.","zh":"读取部署历史，不发布代码。"},"command":"npx wrangler deployments list --json","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"deploy","name":{"en":"Deploy a Worker","zh":"部署 Worker"},"description":{"en":"Publishes code and changes remote Worker state.","zh":"会发布代码并更改远程 Worker 状态。"},"command":"npx wrangler deploy","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["npx","wrangler","deploy"]},{"id":"d1-delete","name":{"en":"Delete a D1 database","zh":"删除 D1 数据库"},"description":{"en":"Deletes a remote database and is destructive.","zh":"会删除远程数据库，属于破坏性操作。"},"command":"npx wrangler d1 delete DATABASE_NAME","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["npx","wrangler","d1","delete"]}],"readiness":{"score":84,"summary":{"en":"Documentation indicates an agent-readiness score of 84/100. A bounded local smoke test is recorded for 4.87.0; review its limitations before relying on untested commands.","zh":"文档证据对应的 Agent Readiness 为 84/100；已记录 4.87.0 的有限本地 Smoke Test，使用未测试命令前仍需查看证据边界。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use an API token limited to the required account, zone, and Worker resources.","zh":"API Token 仅授权任务所需账号、Zone 和 Worker 资源。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R2","maximumLevel":"R3","summary":{"en":"Deploy and resource commands modify a Cloudflare account; destructive resource commands need a separate gate.","zh":"部署和资源命令会修改 Cloudflare 账号；破坏性资源命令需要单独确认。"}},"evidence":{"confidence":"verified","checkedAt":"2026-07-10","testedVersion":"4.87.0","testedAt":"2026-07-10","testEnvironment":"macOS 26.5.1 (arm64), local non-interactive shell","executedChecks":[{"command":"wrangler --version","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"},"stdoutExcerpt":"4.87.0","stderrExcerpt":"Proxy environment variables detected. We'll use your proxy for fetch requests."},{"command":"wrangler --help","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"},"stderrExcerpt":"Proxy environment variables detected. We'll use your proxy for fetch requests."}],"outputSample":null,"limitations":{"en":"The installed Wrangler binary, version output, help rendering, and zero exit status were checked locally. Account reads, deployment, resource changes, secrets, and destructive commands were not part of this tool-level smoke test.","zh":"已在本地检查 Wrangler 二进制、版本输出、帮助内容和成功退出码；工具级 Smoke Test 未执行账号读取、部署、资源变更、密钥或破坏性命令。"},"sources":[{"label":"Wrangler documentation","url":"https://developers.cloudflare.com/workers/wrangler/","kind":"official-docs","official":true},{"label":"Wrangler documentation source repository","url":"https://github.com/cloudflare/workers-sdk","kind":"official-repository","official":true}]},"alternatives":["vercel-cli","flyctl"]},{"slug":"flyctl","name":"Fly.io flyctl","command":"fly","publisher":"Fly.io","official":true,"category":"deployment-cloud","summary":{"en":"Deploy and inspect Fly.io applications, Machines, logs, and releases.","zh":"部署并检查 Fly.io 应用、Machines、日志和发布。"},"bestFor":["Fly.io apps","Machines","logs","releases"],"searchTerms":["fly.io","flyctl","deploy","machines"],"featured":false,"order":203,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install flyctl","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["browser login","access token"],"headless":true,"secretEnv":["FLY_API_TOKEN"],"minimumPermissions":{"en":"Use a token scoped to the organization and app required by the task.","zh":"Token 仅授权任务所需组织与应用。"},"credentialStorage":{"en":"For headless runs, inject FLY_API_TOKEN from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 FLY_API_TOKEN。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","text"],"flags":["--json"],"notes":{"en":"Use --json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"status","name":{"en":"Inspect app status","zh":"检查应用状态"},"description":{"en":"Reads Machines and deployment state.","zh":"读取 Machines 和部署状态。"},"command":"fly status --app APP --json","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"deploy","name":{"en":"Deploy an app","zh":"部署应用"},"description":{"en":"Builds and releases application code remotely.","zh":"会构建并远程发布应用代码。"},"command":"fly deploy --app APP","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["fly","deploy"]},{"id":"apps-destroy","name":{"en":"Destroy an app","zh":"销毁应用"},"description":{"en":"Deletes the remote application and attached state.","zh":"会删除远程应用及其关联状态。"},"command":"fly apps destroy APP","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["fly","apps","destroy"]}],"readiness":{"score":84,"summary":{"en":"Documentation indicates an agent-readiness score of 84/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 84/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use a token scoped to the organization and app required by the task.","zh":"Token 仅授权任务所需组织与应用。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R2","maximumLevel":"R3","summary":{"en":"Deployment is a remote state change; app and Machine deletion are destructive.","zh":"部署会改变远程状态；删除应用或 Machine 属于破坏性操作。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"flyctl documentation","url":"https://fly.io/docs/flyctl/","kind":"official-docs","official":true},{"label":"flyctl documentation source repository","url":"https://github.com/superfly/flyctl","kind":"official-repository","official":true}]},"alternatives":["vercel-cli","cloudflare-wrangler"]},{"slug":"aws-cli","name":"AWS CLI","command":"aws","publisher":"Amazon Web Services","official":true,"category":"deployment-cloud","summary":{"en":"Query and manage AWS services with structured output and scoped credentials.","zh":"通过结构化输出和范围受限的凭据查询与管理 AWS 服务。"},"bestFor":["AWS inventory","S3","CloudFormation","IAM-aware automation"],"searchTerms":["aws","amazon","cloud","s3","ec2"],"featured":false,"order":204,"installation":[{"label":"Official installer","manager":"binary","command":"aws --version","platforms":["macos","linux","windows"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["access keys","IAM Identity Center","role credentials"],"headless":true,"secretEnv":["AWS_ACCESS_KEY_ID","AWS_SECRET_ACCESS_KEY","AWS_SESSION_TOKEN","AWS_PROFILE"],"minimumPermissions":{"en":"Prefer short-lived role credentials with an explicit deny for unrelated services and regions.","zh":"优先使用短期角色凭据，并显式拒绝无关服务和区域。"},"credentialStorage":{"en":"For headless runs, inject AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, AWS_PROFILE from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 AWS_ACCESS_KEY_ID、AWS_SECRET_ACCESS_KEY、AWS_SESSION_TOKEN、AWS_PROFILE。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","yaml","text","table"],"flags":["--output json","--query"],"notes":{"en":"Use --output json or --query where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --output json 或 --query，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"sts-identity","name":{"en":"Inspect current identity","zh":"检查当前身份"},"description":{"en":"Reads the caller account and role before any operation.","zh":"在执行操作前读取当前账号和角色。"},"command":"aws sts get-caller-identity --output json","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"s3-upload","name":{"en":"Upload an object","zh":"上传对象"},"description":{"en":"Writes remote S3 state and can overwrite an existing key.","zh":"会写入远程 S3，并可能覆盖已有对象。"},"command":"aws s3 cp FILE s3://BUCKET/KEY","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["aws","s3","cp"]},{"id":"cloudformation-delete","name":{"en":"Delete a stack","zh":"删除堆栈"},"description":{"en":"Can delete production infrastructure and dependent resources.","zh":"可能删除生产基础设施及其依赖资源。"},"command":"aws cloudformation delete-stack --stack-name STACK","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["aws","cloudformation","delete-stack"]}],"readiness":{"score":84,"summary":{"en":"Documentation indicates an agent-readiness score of 84/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 84/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --output json or --query where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --output json 或 --query，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Prefer short-lived role credentials with an explicit deny for unrelated services and regions.","zh":"优先使用短期角色凭据，并显式拒绝无关服务和区域。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"Read-only queries can be tightly scoped, while the same CLI can administer or delete nearly every AWS resource.","zh":"只读查询可以严格限权，但同一 CLI 也能管理或删除几乎所有 AWS 资源。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"AWS CLI user guide","url":"https://docs.aws.amazon.com/cli/latest/userguide/","kind":"official-docs","official":true},{"label":"AWS CLI user guide source repository","url":"https://github.com/aws/aws-cli","kind":"official-repository","official":true}]},"alternatives":["google-cloud-cli","terraform"]},{"slug":"google-cloud-cli","name":"Google Cloud CLI","command":"gcloud","publisher":"Google Cloud","official":true,"category":"deployment-cloud","summary":{"en":"Inspect and manage Google Cloud resources with explicit project, account, and output controls.","zh":"通过明确的项目、账号和输出控制检查与管理 Google Cloud 资源。"},"bestFor":["Google Cloud inventory","Cloud Run","GKE","IAM-aware automation"],"searchTerms":["gcloud","google cloud","gcp","cloud run","gke"],"featured":false,"order":205,"installation":[{"label":"Google Cloud SDK","manager":"binary","command":"gcloud version","platforms":["macos","linux","windows"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["browser login","service account","workload identity"],"headless":true,"secretEnv":["CLOUDSDK_AUTH_ACCESS_TOKEN","GOOGLE_APPLICATION_CREDENTIALS","CLOUDSDK_CORE_PROJECT"],"minimumPermissions":{"en":"Use a dedicated project and least-privilege service account or workload identity.","zh":"使用专用项目和最小权限服务账号或工作负载身份。"},"credentialStorage":{"en":"For headless runs, inject CLOUDSDK_AUTH_ACCESS_TOKEN, GOOGLE_APPLICATION_CREDENTIALS, CLOUDSDK_CORE_PROJECT from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 CLOUDSDK_AUTH_ACCESS_TOKEN、GOOGLE_APPLICATION_CREDENTIALS、CLOUDSDK_CORE_PROJECT。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","yaml","csv","text"],"flags":["--format=json","--project"],"notes":{"en":"Use --format=json or --project where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --format=json 或 --project，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"config-list","name":{"en":"Inspect active configuration","zh":"检查当前配置"},"description":{"en":"Reads the active account, project, and CLI settings.","zh":"读取当前账号、项目和 CLI 设置。"},"command":"gcloud config list --format=json","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"run-deploy","name":{"en":"Deploy to Cloud Run","zh":"部署到 Cloud Run"},"description":{"en":"Creates a new remote service revision and may change traffic.","zh":"会创建远程服务版本并可能改变流量。"},"command":"gcloud run deploy SERVICE --image IMAGE --format=json","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":true,"sensitiveOutput":false,"policyPrefix":["gcloud","run","deploy"]},{"id":"project-delete","name":{"en":"Delete a project","zh":"删除项目"},"description":{"en":"Schedules deletion of an entire Google Cloud project.","zh":"会安排删除整个 Google Cloud 项目。"},"command":"gcloud projects delete PROJECT_ID","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["gcloud","projects","delete"]}],"readiness":{"score":83,"summary":{"en":"Documentation indicates an agent-readiness score of 83/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 83/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --format=json or --project where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --format=json 或 --project，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use a dedicated project and least-privilege service account or workload identity.","zh":"使用专用项目和最小权限服务账号或工作负载身份。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":5,"weight":7,"evidence":{"en":"Maintenance is documented by the official publisher source.","zh":"维护状态来自官方发布方资料。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"Project-scoped reads are safe; IAM, deployment, billing, and deletion operations have a large blast radius.","zh":"项目范围内的读取较安全；IAM、部署、计费和删除操作影响范围很大。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"Google Cloud CLI documentation","url":"https://cloud.google.com/sdk/gcloud","kind":"official-docs","official":true}]},"alternatives":["aws-cli","terraform"]},{"slug":"docker-cli","name":"Docker CLI","command":"docker","publisher":"Docker","official":true,"category":"containers-kubernetes","summary":{"en":"Build, inspect, and run containers while separating local reads from destructive cleanup.","zh":"构建、检查和运行容器，并把本地读取与破坏性清理明确分开。"},"bestFor":["container builds","image inspection","local services","container logs"],"searchTerms":["docker","container","image","build","compose"],"featured":true,"order":301,"installation":[{"label":"Docker Desktop with Homebrew","manager":"brew","command":"brew install --cask docker","platforms":["macos"],"recommended":true,"fixedVersionSupported":true},{"label":"Docker Desktop with winget","manager":"winget","command":"winget install Docker.DockerDesktop","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":false,"methods":["none"],"headless":true,"secretEnv":[],"minimumPermissions":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"},"credentialStorage":{"en":"No service credential is stored for this CLI.","zh":"此 CLI 不保存服务凭据。"}},"output":{"structured":true,"formats":["json","text"],"flags":["--format json","--format \"{{json .}}\""],"notes":{"en":"Use --format json or --format \"{{json .}}\" where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --format json 或 --format \"{{json .}}\"，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"inspect","name":{"en":"Inspect a container","zh":"检查容器"},"description":{"en":"Reads container configuration and state as JSON.","zh":"以 JSON 读取容器配置和状态。"},"command":"docker inspect CONTAINER","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"build","name":{"en":"Build an image","zh":"构建镜像"},"description":{"en":"Writes local image layers and can execute Dockerfile build steps.","zh":"会写入本地镜像层，并执行 Dockerfile 构建步骤。"},"command":"docker build --tag app:local .","risk":"R1","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["docker","build"]},{"id":"system-prune","name":{"en":"Prune Docker state","zh":"清理 Docker 状态"},"description":{"en":"Deletes unused images, containers, networks, and optionally volumes.","zh":"会删除未使用的镜像、容器、网络，并可选删除卷。"},"command":"docker system prune --all --volumes","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["docker","system","prune"]}],"readiness":{"score":86,"summary":{"en":"Documentation indicates an agent-readiness score of 86/100. A bounded local smoke test is recorded for 29.2.0; review its limitations before relying on untested commands.","zh":"文档证据对应的 Agent Readiness 为 86/100；已记录 29.2.0 的有限本地 Smoke Test，使用未测试命令前仍需查看证据边界。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --format json or --format \"{{json .}}\" where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --format json 或 --format \"{{json .}}\"，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":10,"weight":10,"evidence":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R1","maximumLevel":"R3","summary":{"en":"Builds and runs change local state; volume mounts, privileged containers, and cleanup can be destructive.","zh":"构建和运行会改变本地状态；卷挂载、特权容器和清理操作可能具有破坏性。"}},"evidence":{"confidence":"verified","checkedAt":"2026-07-10","testedVersion":"29.2.0","testedAt":"2026-07-10","testEnvironment":"Debian Linux (x86_64), old-agi host, non-interactive SSH shell","executedChecks":[{"command":"docker --version","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"},"stdoutExcerpt":"Docker version 29.2.0, build 0b9d198"},{"command":"docker ps --format \"table {{.Names}}\\t{{.Image}}\\t{{.Status}}\"","status":"passed","exitCode":0,"result":{"en":"The designated build host daemon responded and returned the active-container table without mutation.","zh":"指定构建机的 Docker 守护进程正常响应，并只读返回了运行中容器表。"}}],"outputSample":null,"limitations":{"en":"The Docker CLI version, daemon connection, and a read-only container listing were checked on the designated LAN build host. No image pull, build, run, push, stop, removal, volume access, or cleanup command was executed.","zh":"已在指定局域网构建机检查 Docker CLI 版本、守护进程连接和只读容器列表；未执行镜像拉取、构建、运行、推送、停止、删除、卷访问或清理命令。"},"sources":[{"label":"Docker CLI reference","url":"https://docs.docker.com/reference/cli/docker/","kind":"official-docs","official":true},{"label":"Docker CLI reference source repository","url":"https://github.com/docker/cli","kind":"official-repository","official":true}]},"alternatives":[]},{"slug":"kubectl","name":"kubectl","command":"kubectl","publisher":"Kubernetes","official":true,"category":"containers-kubernetes","summary":{"en":"Inspect Kubernetes with structured output and gate every cluster-changing command.","zh":"使用结构化输出检查 Kubernetes，并对每个集群变更命令设置确认门槛。"},"bestFor":["cluster inspection","workload status","events","logs"],"searchTerms":["kubernetes","k8s","cluster","pods","read only audit"],"featured":true,"order":302,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install kubectl","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install Kubernetes.kubectl","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["kubeconfig","service account token","exec credential plugin"],"headless":true,"secretEnv":["KUBECONFIG"],"minimumPermissions":{"en":"Use a dedicated context and RBAC role limited to get, list, and watch for audit tasks.","zh":"审计任务使用专用 context，RBAC 仅授予 get、list 和 watch。"},"credentialStorage":{"en":"For headless runs, inject KUBECONFIG from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 KUBECONFIG。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","yaml","jsonpath","go-template"],"flags":["-o json","-o yaml"],"notes":{"en":"Use -o json or -o yaml where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 -o json 或 -o yaml，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"get-pods","name":{"en":"List pods","zh":"列出 Pod"},"description":{"en":"Reads workload status in the selected namespace.","zh":"读取所选命名空间中的工作负载状态。"},"command":"kubectl get pods --namespace NAMESPACE -o json","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"apply","name":{"en":"Apply a manifest","zh":"应用清单"},"description":{"en":"Creates or updates live cluster resources.","zh":"会创建或更新集群中的实时资源。"},"command":"kubectl apply --filename manifest.yaml","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["kubectl","apply"]},{"id":"delete-namespace","name":{"en":"Delete a namespace","zh":"删除命名空间"},"description":{"en":"Deletes a namespace and all resources contained in it.","zh":"会删除命名空间及其中所有资源。"},"command":"kubectl delete namespace NAMESPACE","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["kubectl","delete","namespace"]}],"readiness":{"score":84,"summary":{"en":"Documentation indicates an agent-readiness score of 84/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 84/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use -o json or -o yaml where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 -o json 或 -o yaml，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use a dedicated context and RBAC role limited to get, list, and watch for audit tasks.","zh":"审计任务使用专用 context，RBAC 仅授予 get、list 和 watch。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"A read-only RBAC context keeps inspection safe; apply, exec, secrets, and delete need stronger controls.","zh":"只读 RBAC context 可保证检查安全；apply、exec、Secret 和 delete 需要更强控制。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"kubectl reference","url":"https://kubernetes.io/docs/reference/kubectl/","kind":"official-docs","official":true},{"label":"kubectl reference source repository","url":"https://github.com/kubernetes/kubectl","kind":"official-repository","official":true}]},"alternatives":["helm"]},{"slug":"helm","name":"Helm CLI","command":"helm","publisher":"Helm","official":true,"category":"containers-kubernetes","summary":{"en":"Render, inspect, install, and upgrade Kubernetes packages with preview and rollback paths.","zh":"通过预览和回滚路径渲染、检查、安装与升级 Kubernetes 包。"},"bestFor":["Helm charts","manifest rendering","release history","Kubernetes upgrades"],"searchTerms":["helm","chart","kubernetes package","release"],"featured":false,"order":303,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install helm","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install Helm.Helm","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["kubeconfig","registry credentials"],"headless":true,"secretEnv":["KUBECONFIG","HELM_REGISTRY_CONFIG"],"minimumPermissions":{"en":"Use read-only cluster credentials for template and list; elevate only for an approved release.","zh":"template 和 list 使用只读集群凭据，仅在发布获批后提升权限。"},"credentialStorage":{"en":"For headless runs, inject KUBECONFIG, HELM_REGISTRY_CONFIG from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 KUBECONFIG、HELM_REGISTRY_CONFIG。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","yaml","text"],"flags":["--output json"],"notes":{"en":"Use --output json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --output json，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"template","name":{"en":"Render a chart locally","zh":"在本地渲染 Chart"},"description":{"en":"Renders manifests without changing cluster state.","zh":"渲染清单但不改变集群状态。"},"command":"helm template RELEASE CHART --values values.yaml","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":false,"sensitiveOutput":false},{"id":"upgrade-dry-run","name":{"en":"Preview an upgrade","zh":"预览升级"},"description":{"en":"Renders and validates an upgrade before applying it.","zh":"在应用前渲染并校验升级。"},"command":"helm upgrade RELEASE CHART --dry-run --debug","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":false,"sensitiveOutput":false},{"id":"upgrade","name":{"en":"Upgrade a release","zh":"升级发布"},"description":{"en":"Changes live Kubernetes resources.","zh":"会更改实时 Kubernetes 资源。"},"command":"helm upgrade RELEASE CHART --atomic","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["helm","upgrade"]},{"id":"uninstall","name":{"en":"Uninstall a release","zh":"卸载发布"},"description":{"en":"Deletes resources managed by a release.","zh":"会删除该发布管理的资源。"},"command":"helm uninstall RELEASE","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["helm","uninstall"]}],"readiness":{"score":85,"summary":{"en":"Documentation indicates an agent-readiness score of 85/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 85/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":16,"weight":20,"evidence":{"en":"Use --output json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --output json，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":14,"weight":15,"evidence":{"en":"The documented command surface includes a dry-run, preview, plan, or check path.","zh":"文档中的命令包含 dry-run、preview、plan 或 check 路径。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use read-only cluster credentials for template and list; elevate only for an approved release.","zh":"template 和 list 使用只读集群凭据，仅在发布获批后提升权限。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"Template and dry-run are safe starting points; upgrade and uninstall change live clusters.","zh":"template 和 dry-run 是安全起点；upgrade 和 uninstall 会改变实时集群。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"Helm CLI documentation","url":"https://helm.sh/docs/helm/","kind":"official-docs","official":true},{"label":"Helm CLI documentation source repository","url":"https://github.com/helm/helm","kind":"official-repository","official":true}]},"alternatives":["kubectl"]},{"slug":"psql","name":"PostgreSQL psql","command":"psql","publisher":"PostgreSQL Global Development Group","official":true,"category":"databases","summary":{"en":"Query PostgreSQL non-interactively with explicit credentials, output, transactions, and write boundaries.","zh":"通过显式凭据、输出、事务和写入边界，以非交互方式查询 PostgreSQL。"},"bestFor":["PostgreSQL queries","schema inspection","CSV export","migration checks"],"searchTerms":["postgres","postgresql","sql","query database","psql"],"featured":true,"order":401,"installation":[{"label":"Homebrew libpq","manager":"brew","command":"brew install libpq","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["connection URI","password file","service file","peer authentication"],"headless":true,"secretEnv":["DATABASE_URL","PGHOST","PGUSER","PGPASSWORD","PGSERVICE"],"minimumPermissions":{"en":"Use a read-only database role, TLS, and a database/schema search path limited to the task.","zh":"使用只读数据库角色、TLS，并把数据库与 schema 搜索路径限制在任务范围内。"},"credentialStorage":{"en":"For headless runs, inject DATABASE_URL, PGHOST, PGUSER, PGPASSWORD, PGSERVICE from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 DATABASE_URL、PGHOST、PGUSER、PGPASSWORD、PGSERVICE。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["csv","unaligned text","html","latex"],"flags":["--csv","--tuples-only","--no-psqlrc"],"notes":{"en":"Use --csv or --tuples-only or --no-psqlrc where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --csv 或 --tuples-only 或 --no-psqlrc，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"select","name":{"en":"Run a read-only query","zh":"运行只读查询"},"description":{"en":"Executes a bounded SELECT and emits CSV.","zh":"执行有范围限制的 SELECT，并输出 CSV。"},"command":"psql \"$DATABASE_URL\" --no-psqlrc --csv --command \"SELECT * FROM table_name LIMIT 20\"","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"update","name":{"en":"Update rows","zh":"更新数据行"},"description":{"en":"Changes database records and should run in a reviewed transaction.","zh":"会更改数据库记录，应在经审查的事务中执行。"},"command":"psql \"$DATABASE_URL\" --command \"BEGIN; UPDATE table_name SET ...; COMMIT;\"","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["psql"]},{"id":"drop-database","name":{"en":"Drop a database","zh":"删除数据库"},"description":{"en":"Permanently deletes a database.","zh":"会永久删除数据库。"},"command":"dropdb --if-exists DATABASE_NAME","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["dropdb"]}],"readiness":{"score":83,"summary":{"en":"Documentation indicates an agent-readiness score of 83/100. A bounded local smoke test is recorded for 18.1; review its limitations before relying on untested commands.","zh":"文档证据对应的 Agent Readiness 为 83/100；已记录 18.1 的有限本地 Smoke Test，使用未测试命令前仍需查看证据边界。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --csv or --tuples-only or --no-psqlrc where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --csv 或 --tuples-only 或 --no-psqlrc，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use a read-only database role, TLS, and a database/schema search path limited to the task.","zh":"使用只读数据库角色、TLS，并把数据库与 schema 搜索路径限制在任务范围内。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":5,"weight":7,"evidence":{"en":"Maintenance is documented by the official publisher source.","zh":"维护状态来自官方发布方资料。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"A read-only role makes bounded SELECTs safe; write-capable credentials can alter or delete production data.","zh":"只读角色可保证有限 SELECT 安全；具备写权限的凭据可修改或删除生产数据。"}},"evidence":{"confidence":"verified","checkedAt":"2026-07-10","testedVersion":"18.1","testedAt":"2026-07-10","testEnvironment":"macOS 26.5.1 (arm64), local non-interactive shell","executedChecks":[{"command":"psql --version","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"},"stdoutExcerpt":"psql (PostgreSQL) 18.1"},{"command":"psql --help","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"}}],"outputSample":null,"limitations":{"en":"The installed psql binary, version output, help rendering, and zero exit status were checked locally. No server connection, authentication, SQL query, CSV output, transaction, write, or destructive database command was executed.","zh":"已在本地检查 psql 二进制、版本输出、帮助内容和成功退出码；未执行服务器连接、认证、SQL 查询、CSV 输出、事务、写入或破坏性数据库命令。"},"sources":[{"label":"PostgreSQL psql documentation","url":"https://www.postgresql.org/docs/current/app-psql.html","kind":"official-docs","official":true}]},"alternatives":["mysql-cli","sqlite","duckdb-cli"]},{"slug":"sqlite","name":"SQLite CLI","command":"sqlite3","publisher":"SQLite","official":true,"category":"databases","summary":{"en":"Inspect and transform local SQLite databases with stable batch and machine-readable output modes.","zh":"使用稳定的批处理和机器可读输出模式检查与转换本地 SQLite 数据库。"},"bestFor":["local databases","schema inspection","CSV or JSON export","data repair"],"searchTerms":["sqlite","sqlite3","local database","sql"],"featured":false,"order":402,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install sqlite","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install SQLite.SQLite","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":false,"methods":["none"],"headless":true,"secretEnv":[],"minimumPermissions":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"},"credentialStorage":{"en":"No service credential is stored for this CLI.","zh":"此 CLI 不保存服务凭据。"}},"output":{"structured":true,"formats":["json","csv","html","markdown"],"flags":["-json","-csv"],"notes":{"en":"Use -json or -csv where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 -json 或 -csv，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"select","name":{"en":"Query a local database","zh":"查询本地数据库"},"description":{"en":"Reads bounded rows and emits JSON.","zh":"读取有限数据行并输出 JSON。"},"command":"sqlite3 -json data.db \"SELECT * FROM table_name LIMIT 20\"","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"export","name":{"en":"Export a table","zh":"导出数据表"},"description":{"en":"Writes a new local CSV file without changing the database.","zh":"写入新的本地 CSV 文件，不更改数据库。"},"command":"sqlite3 -csv data.db \"SELECT * FROM table_name\" > output.csv","risk":"R1","idempotent":false,"requiresConfirmation":true,"structuredOutput":true,"sensitiveOutput":true,"policyPrefix":["sqlite3"]},{"id":"delete","name":{"en":"Delete rows","zh":"删除数据行"},"description":{"en":"Permanently removes rows when no backup or transaction rollback remains.","zh":"在没有备份或事务回滚时会永久删除数据行。"},"command":"sqlite3 data.db \"DELETE FROM table_name WHERE ...\"","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["sqlite3"]}],"readiness":{"score":86,"summary":{"en":"Documentation indicates an agent-readiness score of 86/100. A bounded local smoke test is recorded for 3.51.0; review its limitations before relying on untested commands.","zh":"文档证据对应的 Agent Readiness 为 86/100；已记录 3.51.0 的有限本地 Smoke Test，使用未测试命令前仍需查看证据边界。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use -json or -csv where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 -json 或 -csv，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":10,"weight":10,"evidence":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"Read queries are local and predictable; direct writes can permanently alter the database file.","zh":"读取查询在本地执行且较可预测；直接写入可能永久改变数据库文件。"}},"evidence":{"confidence":"verified","checkedAt":"2026-07-10","testedVersion":"3.51.0","testedAt":"2026-07-10","testEnvironment":"macOS 26.5.1 (arm64), local non-interactive shell","executedChecks":[{"command":"sqlite3 --version","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"},"stdoutExcerpt":"3.51.0 2025-06-12 (64-bit)"},{"command":"sqlite3 ':memory:' 'select json_object(\"ok\", true);'","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"},"stdoutExcerpt":"{\"ok\":1}"},{"command":"sqlite3 ':memory:' 'select json_object(\"ok\", true);' | jq -e '.ok == 1'","status":"passed","exitCode":0,"result":{"en":"The in-memory JSON result passed the recorded jq assertion.","zh":"内存数据库返回的 JSON 通过了已记录的 jq 断言。"},"stdoutExcerpt":"true"}],"outputSample":{"command":"sqlite3 ':memory:' 'select json_object(\"ok\", true);'","format":"json","stdout":"{\"ok\":1}","schema":{"type":"object","additionalProperties":false,"required":["ok"],"properties":{"ok":{"type":"integer","enum":[1]}}}},"limitations":{"en":"Version output, an in-memory read query, SQLite JSON output, and a successful parse were executed locally. File databases, locking, migrations, writes, extensions, backups, and destructive statements were not tested.","zh":"已在本地执行版本输出、内存只读查询、SQLite JSON 输出和成功解析；未测试文件数据库、锁、迁移、写入、扩展、备份或破坏性语句。"},"sources":[{"label":"SQLite command-line shell documentation","url":"https://sqlite.org/cli.html","kind":"official-docs","official":true},{"label":"SQLite command-line shell documentation source repository","url":"https://github.com/sqlite/sqlite","kind":"official-repository","official":true}]},"alternatives":["duckdb-cli","psql"]},{"slug":"mysql-cli","name":"MySQL CLI","command":"mysql","publisher":"Oracle","official":true,"category":"databases","summary":{"en":"Run non-interactive MySQL queries while isolating credentials and database writes.","zh":"隔离凭据和数据库写入，以非交互方式运行 MySQL 查询。"},"bestFor":["MySQL queries","schema inspection","batch SQL","tabular export"],"searchTerms":["mysql","mariadb","sql","query database"],"featured":false,"order":403,"installation":[{"label":"Homebrew client","manager":"brew","command":"brew install mysql-client","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["option file","login path","password","TLS certificate"],"headless":true,"secretEnv":["MYSQL_PWD"],"minimumPermissions":{"en":"Use a read-only user, require TLS, and prefer a protected option file over command-line passwords.","zh":"使用只读用户并要求 TLS，优先使用受保护的配置文件，避免在命令行传密码。"},"credentialStorage":{"en":"For headless runs, inject MYSQL_PWD from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 MYSQL_PWD。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["batch text","xml","html"],"flags":["--batch","--raw","--skip-column-names"],"notes":{"en":"Use --batch or --raw or --skip-column-names where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --batch 或 --raw 或 --skip-column-names，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"select","name":{"en":"Run a batch query","zh":"运行批量查询"},"description":{"en":"Reads a bounded result set without an interactive prompt.","zh":"以非交互方式读取有限结果集。"},"command":"mysql --batch --raw --execute \"SELECT * FROM table_name LIMIT 20\" DATABASE","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"update","name":{"en":"Update records","zh":"更新记录"},"description":{"en":"Changes remote database records.","zh":"会更改远程数据库记录。"},"command":"mysql --execute \"UPDATE table_name SET ... WHERE ...\" DATABASE","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["mysql"]},{"id":"drop","name":{"en":"Drop a database","zh":"删除数据库"},"description":{"en":"Permanently deletes a database.","zh":"会永久删除数据库。"},"command":"mysql --execute \"DROP DATABASE database_name\"","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["mysql"]}],"readiness":{"score":83,"summary":{"en":"Documentation indicates an agent-readiness score of 83/100. A bounded local smoke test is recorded for 8.0.45; review its limitations before relying on untested commands.","zh":"文档证据对应的 Agent Readiness 为 83/100；已记录 8.0.45 的有限本地 Smoke Test，使用未测试命令前仍需查看证据边界。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --batch or --raw or --skip-column-names where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --batch 或 --raw 或 --skip-column-names，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use a read-only user, require TLS, and prefer a protected option file over command-line passwords.","zh":"使用只读用户并要求 TLS，优先使用受保护的配置文件，避免在命令行传密码。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":5,"weight":7,"evidence":{"en":"Maintenance is documented by the official publisher source.","zh":"维护状态来自官方发布方资料。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"Batch reads are safe with a read-only user; administrative credentials can alter or remove server data.","zh":"只读用户下的批量读取较安全；管理员凭据可修改或删除服务器数据。"}},"evidence":{"confidence":"verified","checkedAt":"2026-07-10","testedVersion":"8.0.45","testedAt":"2026-07-10","testEnvironment":"Linux (x86_64), existing isolated MySQL container on old-agi","executedChecks":[{"command":"mysql --version","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"},"stdoutExcerpt":"mysql Ver 8.0.45 for Linux on x86_64 (MySQL Community Server - GPL)"},{"command":"mysql --help","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"}}],"outputSample":null,"limitations":{"en":"The MySQL client version, help rendering, and zero exit status were checked inside an existing isolated container. No database connection, authentication, query, batch output, write, or destructive command was executed.","zh":"已在现有隔离容器中检查 MySQL 客户端版本、帮助内容和成功退出码；未执行数据库连接、认证、查询、批量输出、写入或破坏性命令。"},"sources":[{"label":"MySQL command-line client documentation","url":"https://dev.mysql.com/doc/refman/8.0/en/mysql.html","kind":"official-docs","official":true}]},"alternatives":["psql","sqlite"]},{"slug":"redis-cli","name":"redis-cli","command":"redis-cli","publisher":"Redis","official":true,"category":"databases","summary":{"en":"Inspect Redis keys and server state while separating reads from mutating or destructive commands.","zh":"检查 Redis 键与服务器状态，并把读取、修改和破坏性命令分开。"},"bestFor":["Redis diagnostics","key inspection","latency checks","data export"],"searchTerms":["redis","cache","key value","redis-cli"],"featured":false,"order":404,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install redis","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["ACL username and password","URI","TLS certificates"],"headless":true,"secretEnv":["REDISCLI_AUTH"],"minimumPermissions":{"en":"Use a Redis ACL user limited to read commands and the necessary key prefixes.","zh":"使用 Redis ACL 用户，仅授权读取命令和必要的键前缀。"},"credentialStorage":{"en":"For headless runs, inject REDISCLI_AUTH from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 REDISCLI_AUTH。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","csv","raw text"],"flags":["--json","--csv","--raw"],"notes":{"en":"Use --json or --csv or --raw where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json 或 --csv 或 --raw，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"scan","name":{"en":"Scan keys","zh":"扫描键"},"description":{"en":"Iterates matching keys without blocking the server like KEYS can.","zh":"迭代匹配键，避免像 KEYS 一样阻塞服务器。"},"command":"redis-cli --json --scan --pattern \"prefix:*\"","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"set","name":{"en":"Set a key","zh":"写入键"},"description":{"en":"Changes remote cache or application state.","zh":"会改变远程缓存或应用状态。"},"command":"redis-cli SET key value","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["redis-cli"]},{"id":"flushall","name":{"en":"Flush all databases","zh":"清空所有数据库"},"description":{"en":"Deletes all keys from every database on the server.","zh":"会删除服务器所有数据库中的全部键。"},"command":"redis-cli FLUSHALL","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["redis-cli"]}],"readiness":{"score":84,"summary":{"en":"Documentation indicates an agent-readiness score of 84/100. A bounded local smoke test is recorded for 8.6.1; review its limitations before relying on untested commands.","zh":"文档证据对应的 Agent Readiness 为 84/100；已记录 8.6.1 的有限本地 Smoke Test，使用未测试命令前仍需查看证据边界。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --json or --csv or --raw where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json 或 --csv 或 --raw，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use a Redis ACL user limited to read commands and the necessary key prefixes.","zh":"使用 Redis ACL 用户，仅授权读取命令和必要的键前缀。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"ACL-limited inspection is safe; mutation and flush commands can affect live application state.","zh":"ACL 限权后的检查较安全；修改和清空命令会影响实时应用状态。"}},"evidence":{"confidence":"verified","checkedAt":"2026-07-10","testedVersion":"8.6.1","testedAt":"2026-07-10","testEnvironment":"macOS 26.5.1 (arm64), local non-interactive shell","executedChecks":[{"command":"redis-cli --version","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"},"stdoutExcerpt":"redis-cli 8.6.1"},{"command":"redis-cli --help","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"}}],"outputSample":null,"limitations":{"en":"The installed redis-cli binary, version output, help rendering, and zero exit status were checked locally. No Redis server connection, authentication, ACL or TLS path, scan, JSON response, mutation, or flush command was executed.","zh":"已在本地检查 redis-cli 二进制、版本输出、帮助内容和成功退出码；未执行 Redis 服务器连接、认证、ACL 或 TLS 路径、扫描、JSON 响应、写入或清空命令。"},"sources":[{"label":"Redis CLI documentation","url":"https://redis.io/docs/latest/develop/tools/cli/","kind":"official-docs","official":true},{"label":"Redis CLI documentation source repository","url":"https://github.com/redis/redis","kind":"official-repository","official":true}]},"alternatives":["sqlite"]},{"slug":"supabase-cli","name":"Supabase CLI","command":"supabase","publisher":"Supabase","official":true,"category":"databases","summary":{"en":"Manage local Supabase development, migrations, functions, and linked projects with explicit environment risk.","zh":"在明确环境风险的前提下管理本地 Supabase 开发、迁移、函数和已关联项目。"},"bestFor":["local Supabase stack","database migrations","Edge Functions","type generation"],"searchTerms":["supabase","postgres","database migration","edge functions"],"featured":false,"order":405,"installation":[{"label":"npm development dependency","manager":"npm","command":"npm install --save-dev supabase","platforms":["macos","linux","windows"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["access token","database password","local development"],"headless":true,"secretEnv":["SUPABASE_ACCESS_TOKEN","SUPABASE_DB_PASSWORD"],"minimumPermissions":{"en":"Use a token limited to the intended organization and verify the linked project before remote commands.","zh":"Token 仅授权目标组织，并在远程命令前确认已关联项目。"},"credentialStorage":{"en":"For headless runs, inject SUPABASE_ACCESS_TOKEN, SUPABASE_DB_PASSWORD from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 SUPABASE_ACCESS_TOKEN、SUPABASE_DB_PASSWORD。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","text"],"flags":["--output json"],"notes":{"en":"Use --output json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --output json，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"status","name":{"en":"Inspect local status","zh":"检查本地状态"},"description":{"en":"Reads service URLs and local development status.","zh":"读取服务 URL 和本地开发状态。"},"command":"npx supabase status --output json","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"db-diff","name":{"en":"Generate a schema diff","zh":"生成 Schema 差异"},"description":{"en":"Writes a local migration draft for review.","zh":"写入本地迁移草案供审查。"},"command":"npx supabase db diff --file migration_name","risk":"R1","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["npx","supabase","db","diff"]},{"id":"db-push","name":{"en":"Push migrations","zh":"推送迁移"},"description":{"en":"Changes the linked remote database schema.","zh":"会改变已关联远程数据库的 Schema。"},"command":"npx supabase db push","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["npx","supabase","db","push"]},{"id":"db-reset-linked","name":{"en":"Reset a database","zh":"重置数据库"},"description":{"en":"Can erase data when used against the wrong environment.","zh":"若针对错误环境执行，可能清除数据。"},"command":"npx supabase db reset","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["npx","supabase","db","reset"]}],"readiness":{"score":84,"summary":{"en":"Documentation indicates an agent-readiness score of 84/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 84/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --output json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --output json，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use a token limited to the intended organization and verify the linked project before remote commands.","zh":"Token 仅授权目标组织，并在远程命令前确认已关联项目。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R1","maximumLevel":"R3","summary":{"en":"Local generation is reversible; linked project migrations and resets affect remote databases.","zh":"本地生成可撤销；已关联项目的迁移和重置会影响远程数据库。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"Supabase CLI documentation","url":"https://supabase.com/docs/guides/cli","kind":"official-docs","official":true},{"label":"Supabase CLI documentation source repository","url":"https://github.com/supabase/cli","kind":"official-repository","official":true}]},"alternatives":["psql"]},{"slug":"duckdb-cli","name":"DuckDB CLI","command":"duckdb","publisher":"DuckDB Foundation","official":true,"category":"databases","summary":{"en":"Query local files and analytical data directly with fast SQL and structured exports.","zh":"使用快速 SQL 和结构化导出直接查询本地文件与分析数据。"},"bestFor":["CSV and Parquet queries","local analytics","data profiling","format conversion"],"searchTerms":["duckdb","analytics","parquet","csv sql","local query"],"featured":true,"order":406,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install duckdb","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":false,"methods":["none"],"headless":true,"secretEnv":[],"minimumPermissions":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"},"credentialStorage":{"en":"No service credential is stored for this CLI.","zh":"此 CLI 不保存服务凭据。"}},"output":{"structured":true,"formats":["json","csv","parquet","markdown"],"flags":["-json","-csv"],"notes":{"en":"Use -json or -csv where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 -json 或 -csv，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"query-csv","name":{"en":"Query a CSV file","zh":"查询 CSV 文件"},"description":{"en":"Reads local tabular data without importing it first.","zh":"无需预先导入即可读取本地表格数据。"},"command":"duckdb -json -c \"SELECT * FROM 'data.csv' LIMIT 20\"","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":false},{"id":"copy-parquet","name":{"en":"Export Parquet","zh":"导出 Parquet"},"description":{"en":"Writes a new local analytical data file.","zh":"写入新的本地分析数据文件。"},"command":"duckdb -c \"COPY (SELECT * FROM 'data.csv') TO 'data.parquet' (FORMAT PARQUET)\"","risk":"R1","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["duckdb"]},{"id":"delete","name":{"en":"Delete database rows","zh":"删除数据库行"},"description":{"en":"Permanently removes rows from a DuckDB database.","zh":"会永久删除 DuckDB 数据库中的数据行。"},"command":"duckdb data.db -c \"DELETE FROM table_name WHERE ...\"","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["duckdb"]}],"readiness":{"score":86,"summary":{"en":"Documentation indicates an agent-readiness score of 86/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 86/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use -json or -csv where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 -json 或 -csv，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":10,"weight":10,"evidence":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"File and SELECT queries are local reads; COPY writes files and SQL mutations can destroy data.","zh":"文件与 SELECT 查询属于本地读取；COPY 会写文件，SQL 修改可能破坏数据。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"DuckDB CLI documentation","url":"https://duckdb.org/docs/stable/clients/cli/overview.html","kind":"official-docs","official":true},{"label":"DuckDB CLI documentation source repository","url":"https://github.com/duckdb/duckdb","kind":"official-repository","official":true}]},"alternatives":["sqlite","psql","csvkit"]},{"slug":"jq","name":"jq","command":"jq","publisher":"jqlang","official":true,"category":"data-text","summary":{"en":"Parse, filter, validate, and transform JSON locally with deterministic output.","zh":"在本地以确定性输出解析、筛选、校验和转换 JSON。"},"bestFor":["JSON filtering","API response transformation","validation","NDJSON processing"],"searchTerms":["jq","json","parse json","filter","transform"],"featured":true,"order":501,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install jq","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install jqlang.jq","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":false,"methods":["none"],"headless":true,"secretEnv":[],"minimumPermissions":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"},"credentialStorage":{"en":"No service credential is stored for this CLI.","zh":"此 CLI 不保存服务凭据。"}},"output":{"structured":true,"formats":["json","raw text","compact json"],"flags":["-c","-r","-e"],"notes":{"en":"Use -c or -r or -e where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 -c 或 -r 或 -e，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"select","name":{"en":"Filter JSON","zh":"筛选 JSON"},"description":{"en":"Reads JSON and emits only matching records.","zh":"读取 JSON 并仅输出匹配记录。"},"command":"jq -c '.items[] | select(.active == true)' input.json","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":false},{"id":"validate","name":{"en":"Validate a JSON shape","zh":"校验 JSON 结构"},"description":{"en":"Uses the exit status to reject missing required fields.","zh":"通过退出状态拒绝缺少必填字段的数据。"},"command":"jq -e '.name and .version' input.json >/dev/null","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":false,"sensitiveOutput":false},{"id":"write-file","name":{"en":"Write transformed JSON","zh":"写入转换后的 JSON"},"description":{"en":"Creates or overwrites a local output file.","zh":"会创建或覆盖本地输出文件。"},"command":"jq '.items |= sort_by(.name)' input.json > output.json","risk":"R1","idempotent":false,"requiresConfirmation":true,"structuredOutput":true,"sensitiveOutput":false,"policyPrefix":["jq"]}],"readiness":{"score":86,"summary":{"en":"Documentation indicates an agent-readiness score of 86/100. A bounded local smoke test is recorded for jq-1.7.1-apple; review its limitations before relying on untested commands.","zh":"文档证据对应的 Agent Readiness 为 86/100；已记录 jq-1.7.1-apple 的有限本地 Smoke Test，使用未测试命令前仍需查看证据边界。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use -c or -r or -e where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 -c 或 -r 或 -e，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":10,"weight":10,"evidence":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R1","summary":{"en":"jq is a local read-only transformer unless shell redirection overwrites a file.","zh":"jq 本身是本地只读转换器；只有 shell 重定向覆盖文件时产生写入风险。"}},"evidence":{"confidence":"verified","checkedAt":"2026-07-10","testedVersion":"jq-1.7.1-apple","testedAt":"2026-07-10","testEnvironment":"macOS 26.5.1 (arm64), local non-interactive shell","executedChecks":[{"command":"jq --version","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"},"stdoutExcerpt":"jq-1.7.1-apple"},{"command":"jq -e '.name == \"clifinder-net\" and (.scripts | type == \"object\")' package.json","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"},"stdoutExcerpt":"true"},{"command":"jq -c '{name,private}' package.json","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"},"stdoutExcerpt":"{\"name\":\"clifinder-net\",\"private\":true}"},{"command":"printf 'null\\n' | jq -e '.'","status":"expected-failure","exitCode":1,"result":{"en":"jq returned its documented non-zero status for a false or null -e result.","zh":"jq 对 false 或 null 的 -e 结果返回了文档约定的非零状态。"},"stdoutExcerpt":"null"}],"outputSample":{"command":"jq -c '{name,private}' package.json","format":"json","stdout":"{\"name\":\"clifinder-net\",\"private\":true}","schema":{"type":"object","additionalProperties":false,"required":["name","private"],"properties":{"name":{"type":"string"},"private":{"type":"boolean"}}}},"limitations":{"en":"Version output, successful and expected-failure -e exit statuses, and one compact JSON transform were executed against this repository. Installation paths, other platforms, streaming input, malformed JSON, and file writes were not tested.","zh":"已在本仓库执行版本输出、-e 成功与预期失败退出状态，以及一次紧凑 JSON 转换；未测试安装路径、其他平台、流式输入、畸形 JSON 或文件写入。"},"sources":[{"label":"jq manual","url":"https://jqlang.github.io/jq/manual/","kind":"official-docs","official":true},{"label":"jq manual source repository","url":"https://github.com/jqlang/jq","kind":"official-repository","official":true}]},"alternatives":["yq"]},{"slug":"yq","name":"yq","command":"yq","publisher":"Mike Farah","official":true,"category":"data-text","summary":{"en":"Read and transform YAML, JSON, XML, CSV, and properties files in scripts.","zh":"在脚本中读取和转换 YAML、JSON、XML、CSV 与 properties 文件。"},"bestFor":["YAML queries","configuration edits","format conversion","CI manifests"],"searchTerms":["yq","yaml","config","convert yaml json"],"featured":true,"order":502,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install yq","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install MikeFarah.yq","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":false,"methods":["none"],"headless":true,"secretEnv":[],"minimumPermissions":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"},"credentialStorage":{"en":"No service credential is stored for this CLI.","zh":"此 CLI 不保存服务凭据。"}},"output":{"structured":true,"formats":["yaml","json","xml","csv","properties"],"flags":["-o=json","-o=yaml","-r"],"notes":{"en":"Use -o=json or -o=yaml or -r where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 -o=json 或 -o=yaml 或 -r，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"read","name":{"en":"Read a YAML value","zh":"读取 YAML 值"},"description":{"en":"Reads a configuration path without changing the file.","zh":"读取配置路径，不更改文件。"},"command":"yq -o=json '.services' compose.yaml","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":false},{"id":"convert","name":{"en":"Convert YAML to JSON","zh":"把 YAML 转为 JSON"},"description":{"en":"Writes a new JSON representation to a local file.","zh":"把新的 JSON 表示写入本地文件。"},"command":"yq -o=json '.' input.yaml > output.json","risk":"R1","idempotent":false,"requiresConfirmation":true,"structuredOutput":true,"sensitiveOutput":false,"policyPrefix":["yq"]},{"id":"in-place","name":{"en":"Edit a file in place","zh":"原地编辑文件"},"description":{"en":"Overwrites the source configuration and needs a diff review.","zh":"会覆盖源配置文件，需要审查差异。"},"command":"yq --inplace '.image.tag = \"new\"' values.yaml","risk":"R1","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["yq"]}],"readiness":{"score":86,"summary":{"en":"Documentation indicates an agent-readiness score of 86/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 86/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use -o=json or -o=yaml or -r where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 -o=json 或 -o=yaml 或 -r，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":10,"weight":10,"evidence":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R1","summary":{"en":"Reads and stdout conversions are safe; --inplace and redirection write local files.","zh":"读取和标准输出转换较安全；--inplace 与重定向会写入本地文件。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"yq documentation","url":"https://mikefarah.gitbook.io/yq/","kind":"official-docs","official":true},{"label":"yq documentation source repository","url":"https://github.com/mikefarah/yq","kind":"official-repository","official":true}]},"alternatives":["jq"]},{"slug":"ripgrep","name":"ripgrep","command":"rg","publisher":"Andrew Gallant","official":true,"category":"data-text","summary":{"en":"Search source trees quickly with stable JSON, glob, type, and context controls.","zh":"通过稳定的 JSON、glob、文件类型和上下文控制快速搜索源码树。"},"bestFor":["source search","pattern discovery","file type filtering","machine-readable matches"],"searchTerms":["ripgrep","rg","grep","search code","regex"],"featured":true,"order":503,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install ripgrep","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install BurntSushi.ripgrep.MSVC","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":false,"methods":["none"],"headless":true,"secretEnv":[],"minimumPermissions":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"},"credentialStorage":{"en":"No service credential is stored for this CLI.","zh":"此 CLI 不保存服务凭据。"}},"output":{"structured":true,"formats":["json","text","null-delimited paths"],"flags":["--json","--null"],"notes":{"en":"Use --json or --null where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json 或 --null，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"search-json","name":{"en":"Search with JSON events","zh":"使用 JSON 事件搜索"},"description":{"en":"Searches a bounded directory and emits one JSON event per line.","zh":"搜索指定目录，并逐行输出 JSON 事件。"},"command":"rg --json --glob \"*.ts\" \"pattern\" src","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"list-files","name":{"en":"List searchable files","zh":"列出可搜索文件"},"description":{"en":"Lists files while respecting ignore rules.","zh":"列出文件并遵循忽略规则。"},"command":"rg --files --null src","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":false}],"readiness":{"score":83,"summary":{"en":"Documentation indicates an agent-readiness score of 83/100. A bounded local smoke test is recorded for 15.1.0; review its limitations before relying on untested commands.","zh":"文档证据对应的 Agent Readiness 为 83/100；已记录 15.1.0 的有限本地 Smoke Test，使用未测试命令前仍需查看证据边界。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --json or --null where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json 或 --null，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":8,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":10,"weight":10,"evidence":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R0","summary":{"en":"ripgrep reads files; the main risk is exposing sensitive matches or scanning outside the intended scope.","zh":"ripgrep 只读取文件；主要风险是泄露敏感匹配或扫描超出预期范围。"}},"evidence":{"confidence":"verified","checkedAt":"2026-07-10","testedVersion":"15.1.0","testedAt":"2026-07-10","testEnvironment":"macOS 26.5.1 (arm64), local non-interactive shell","executedChecks":[{"command":"rg --version","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"},"stdoutExcerpt":"ripgrep 15.1.0"},{"command":"rg --json --glob '*.ts' 'createFileRoute' src/routes","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"}},{"command":"rg --json '\"name\"' package.json | jq -c 'select(.type == \"match\")'","status":"passed","exitCode":0,"result":{"en":"The NDJSON stream was reduced to the recorded match event without changing its payload.","zh":"NDJSON 流被筛选为已记录的 Match 事件，事件内容未被改写。"}},{"command":"rg --json 'definitely-no-clifinder-match' package.json","status":"expected-failure","exitCode":1,"result":{"en":"ripgrep returned its documented no-match exit status without writing diagnostics to stderr.","zh":"ripgrep 在无匹配时返回了文档约定的退出状态，且未向 stderr 写入诊断信息。"}}],"outputSample":{"command":"rg --json '\"name\"' package.json | jq -c 'select(.type == \"match\")'","format":"ndjson match event","stdout":"{\"type\":\"match\",\"data\":{\"path\":{\"text\":\"package.json\"},\"lines\":{\"text\":\"  \\\"name\\\": \\\"clifinder-net\\\",\\n\"},\"line_number\":2,\"absolute_offset\":2,\"submatches\":[{\"match\":{\"text\":\"\\\"name\\\"\"},\"start\":2,\"end\":8}]}}","schema":{"type":"object","required":["type","data"],"properties":{"type":{"const":"match"},"data":{"type":"object","required":["path","lines","line_number","submatches"],"properties":{"path":{"type":"object"},"lines":{"type":"object"},"line_number":{"type":"integer"},"absolute_offset":{"type":"integer"},"submatches":{"type":"array"}}}}}},"limitations":{"en":"Version output, repository search, NDJSON event output, one extracted match event, and the no-match exit path were executed locally. Installation paths, other platforms, binary files, encoding edge cases, and out-of-scope directories were not tested.","zh":"已在本地执行版本输出、仓库搜索、NDJSON 事件输出、单个 Match 事件提取和无匹配退出路径；未测试安装路径、其他平台、二进制文件、编码边界或任务范围外目录。"},"sources":[{"label":"ripgrep guide","url":"https://github.com/BurntSushi/ripgrep/blob/master/GUIDE.md","kind":"official-docs","official":true},{"label":"ripgrep guide source repository","url":"https://github.com/BurntSushi/ripgrep","kind":"official-repository","official":true}]},"alternatives":["fd"]},{"slug":"fd","name":"fd","command":"fd","publisher":"sharkdp","official":true,"category":"data-text","summary":{"en":"Discover files predictably with clear filters, ignore handling, and null-delimited output.","zh":"通过清晰筛选、忽略规则和空字符分隔输出可预测地查找文件。"},"bestFor":["file discovery","extension filters","ignore-aware search","safe command pipelines"],"searchTerms":["fd","find files","file discovery","find alternative"],"featured":false,"order":504,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install fd","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install sharkdp.fd","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":false,"methods":["none"],"headless":true,"secretEnv":[],"minimumPermissions":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"},"credentialStorage":{"en":"No service credential is stored for this CLI.","zh":"此 CLI 不保存服务凭据。"}},"output":{"structured":true,"formats":["paths","null-delimited paths"],"flags":["--print0","--absolute-path"],"notes":{"en":"Use --print0 or --absolute-path where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --print0 或 --absolute-path，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"find-typescript","name":{"en":"Find TypeScript files","zh":"查找 TypeScript 文件"},"description":{"en":"Finds matching files under a bounded root.","zh":"在指定根目录下查找匹配文件。"},"command":"fd --type file --extension ts --print0 . src","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":false},{"id":"find-large","name":{"en":"Find large files","zh":"查找大文件"},"description":{"en":"Lists files above a size threshold without modifying them.","zh":"列出超过大小阈值的文件，不做修改。"},"command":"fd --type file --size +10m . .","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":false,"sensitiveOutput":false}],"readiness":{"score":83,"summary":{"en":"Documentation indicates an agent-readiness score of 83/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 83/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --print0 or --absolute-path where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --print0 或 --absolute-path，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":8,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":10,"weight":10,"evidence":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R0","summary":{"en":"fd only discovers paths unless its output is piped into a mutating command.","zh":"fd 本身只发现路径；只有把输出传给修改命令时才产生额外风险。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"fd documentation","url":"https://github.com/sharkdp/fd#how-to-use","kind":"official-docs","official":true},{"label":"fd documentation source repository","url":"https://github.com/sharkdp/fd","kind":"official-repository","official":true}]},"alternatives":["ripgrep","fzf"]},{"slug":"fzf","name":"fzf","command":"fzf","publisher":"Junegunn Choi","official":true,"category":"data-text","summary":{"en":"Use fuzzy selection in deterministic scripts with filter and machine-safe output modes.","zh":"通过 filter 和机器安全输出模式，在确定性脚本中使用模糊选择。"},"bestFor":["fuzzy filtering","non-interactive ranking","path selection","shell workflows"],"searchTerms":["fzf","fuzzy finder","select","filter list"],"featured":false,"order":505,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install fzf","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install junegunn.fzf","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":false,"methods":["none"],"headless":true,"secretEnv":[],"minimumPermissions":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"},"credentialStorage":{"en":"No service credential is stored for this CLI.","zh":"此 CLI 不保存服务凭据。"}},"output":{"structured":true,"formats":["text","null-delimited records"],"flags":["--filter","--print0","--read0"],"notes":{"en":"Use --filter or --print0 or --read0 where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --filter 或 --print0 或 --read0，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"filter","name":{"en":"Filter without a TTY","zh":"无 TTY 过滤"},"description":{"en":"Ranks input using a fixed query without opening the interactive UI.","zh":"使用固定查询排序输入，不打开交互界面。"},"command":"printf \"%s\\n\" alpha beta gamma | fzf --filter beta","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":false,"sensitiveOutput":false},{"id":"null-filter","name":{"en":"Filter null-delimited paths","zh":"过滤空字符分隔路径"},"description":{"en":"Preserves paths containing whitespace in scripted pipelines.","zh":"在脚本流水线中安全保留包含空格的路径。"},"command":"fd --print0 | fzf --read0 --print0 --filter src","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":false}],"readiness":{"score":83,"summary":{"en":"Documentation indicates an agent-readiness score of 83/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 83/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --filter or --print0 or --read0 where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --filter 或 --print0 或 --read0，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":8,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":10,"weight":10,"evidence":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R0","summary":{"en":"fzf filters input; preview commands and downstream shell pipelines define any additional risk.","zh":"fzf 只过滤输入；preview 命令和下游 shell 流水线决定额外风险。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"fzf documentation","url":"https://github.com/junegunn/fzf#usage","kind":"official-docs","official":true},{"label":"fzf documentation source repository","url":"https://github.com/junegunn/fzf","kind":"official-repository","official":true}]},"alternatives":["fd","ripgrep"]},{"slug":"csvkit","name":"csvkit","command":"csvstat","publisher":"Wireservice","official":true,"category":"data-text","summary":{"en":"Inspect, convert, query, and reshape CSV data with composable command-line utilities.","zh":"通过可组合的命令行工具检查、转换、查询和重塑 CSV 数据。"},"bestFor":["CSV profiling","CSV to JSON","column selection","SQL over CSV"],"searchTerms":["csvkit","csv","csvjson","csvsql","convert spreadsheet"],"featured":false,"order":506,"installation":[{"label":"pipx","manager":"pipx","command":"pipx install csvkit","platforms":["macos","linux","windows"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":false,"methods":["none"],"headless":true,"secretEnv":[],"minimumPermissions":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"},"credentialStorage":{"en":"No service credential is stored for this CLI.","zh":"此 CLI 不保存服务凭据。"}},"output":{"structured":true,"formats":["csv","json","sql","text"],"flags":["--json","--csv"],"notes":{"en":"Use --json or --csv where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json 或 --csv，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"stats","name":{"en":"Profile a CSV file","zh":"分析 CSV 文件"},"description":{"en":"Calculates column statistics without changing the input.","zh":"计算列统计信息，不更改输入文件。"},"command":"csvstat --json data.csv","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":false},{"id":"to-json","name":{"en":"Convert CSV to JSON","zh":"把 CSV 转为 JSON"},"description":{"en":"Writes a JSON copy of the tabular data.","zh":"写入表格数据的 JSON 副本。"},"command":"csvjson data.csv > data.json","risk":"R1","idempotent":false,"requiresConfirmation":true,"structuredOutput":true,"sensitiveOutput":false,"policyPrefix":["csvjson"]},{"id":"query","name":{"en":"Query CSV with SQL","zh":"使用 SQL 查询 CSV"},"description":{"en":"Runs a local read query over CSV input.","zh":"对 CSV 输入执行本地只读查询。"},"command":"csvsql --query \"SELECT * FROM data LIMIT 20\" data.csv","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":false}],"readiness":{"score":86,"summary":{"en":"Documentation indicates an agent-readiness score of 86/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 86/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --json or --csv where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json 或 --csv，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":10,"weight":10,"evidence":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R1","summary":{"en":"Inspection and stdout conversion are read-only; redirection creates or overwrites local files.","zh":"检查和标准输出转换只读；重定向会创建或覆盖本地文件。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"csvkit documentation","url":"https://csvkit.readthedocs.io/en/latest/","kind":"official-docs","official":true},{"label":"csvkit documentation source repository","url":"https://github.com/wireservice/csvkit","kind":"official-repository","official":true}]},"alternatives":["duckdb-cli","jq"]},{"slug":"curl","name":"curl","command":"curl","publisher":"curl project","official":true,"category":"http-webhooks","summary":{"en":"Call HTTP APIs with explicit methods, headers, authentication, retries, and failure handling.","zh":"通过显式方法、请求头、认证、重试和失败处理调用 HTTP API。"},"bestFor":["HTTP APIs","file transfers","health checks","webhook calls"],"searchTerms":["curl","http","api request","download","webhook"],"featured":true,"order":601,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install curl","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install cURL.cURL","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["none","basic","bearer token","client certificate","netrc"],"headless":true,"secretEnv":["HTTP_TOKEN"],"minimumPermissions":{"en":"Pass scoped tokens through environment-backed headers and never print request secrets.","zh":"通过环境变量提供范围受限的 Token，不要在输出中打印请求密钥。"},"credentialStorage":{"en":"For headless runs, inject HTTP_TOKEN from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 HTTP_TOKEN。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["response body","headers","JSON when returned by server"],"flags":["--fail-with-body","--silent","--show-error"],"notes":{"en":"Use --fail-with-body or --silent or --show-error where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --fail-with-body 或 --silent 或 --show-error，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"get-json","name":{"en":"Read a JSON endpoint","zh":"读取 JSON 接口"},"description":{"en":"Performs a failing-fast GET request and preserves the response body.","zh":"执行失败即退出的 GET 请求并保留响应正文。"},"command":"curl --fail-with-body --silent --show-error --header \"Accept: application/json\" https://api.example.com/items","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"post-json","name":{"en":"Create a remote resource","zh":"创建远程资源"},"description":{"en":"Sends a state-changing POST request.","zh":"发送会改变状态的 POST 请求。"},"command":"curl --fail-with-body --request POST --header \"Content-Type: application/json\" --data @payload.json https://api.example.com/items","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":true,"sensitiveOutput":false,"policyPrefix":["curl"]},{"id":"delete","name":{"en":"Delete a remote resource","zh":"删除远程资源"},"description":{"en":"Sends a potentially destructive DELETE request.","zh":"发送可能具有破坏性的 DELETE 请求。"},"command":"curl --fail-with-body --request DELETE https://api.example.com/items/ID","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["curl"]}],"readiness":{"score":84,"summary":{"en":"Documentation indicates an agent-readiness score of 84/100. A bounded local smoke test is recorded for 8.7.1; review its limitations before relying on untested commands.","zh":"文档证据对应的 Agent Readiness 为 84/100；已记录 8.7.1 的有限本地 Smoke Test，使用未测试命令前仍需查看证据边界。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --fail-with-body or --silent or --show-error where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --fail-with-body 或 --silent 或 --show-error，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Pass scoped tokens through environment-backed headers and never print request secrets.","zh":"通过环境变量提供范围受限的 Token，不要在输出中打印请求密钥。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"GET requests can be read-only but may expose secrets; POST, PUT, PATCH, and DELETE depend on the target API.","zh":"GET 请求可以只读但可能暴露敏感信息；POST、PUT、PATCH 和 DELETE 的风险取决于目标 API。"}},"evidence":{"confidence":"verified","checkedAt":"2026-07-10","testedVersion":"8.7.1","testedAt":"2026-07-10","testEnvironment":"macOS 26.5.1 (arm64), local non-interactive shell","executedChecks":[{"command":"curl --version","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"},"stdoutExcerpt":"curl 8.7.1 (x86_64-apple-darwin25.0) libcurl/8.7.1"},{"command":"curl --fail --silent --show-error --max-time 5 file://$PWD/package.json","status":"passed","exitCode":0,"result":{"en":"The recorded smoke check completed successfully.","zh":"已记录的 Smoke Check 成功完成。"}},{"command":"curl --fail --silent --show-error --max-time 5 file://$PWD/package.json | jq -e '.name == \"clifinder-net\"'","status":"passed","exitCode":0,"result":{"en":"The bounded local file response passed the recorded jq assertion.","zh":"有限本地文件响应通过了已记录的 jq 断言。"},"stdoutExcerpt":"true"},{"command":"curl --fail --silent --show-error --max-time 5 file://$PWD/not-a-real-qa-file","status":"expected-failure","exitCode":37,"result":{"en":"curl returned its documented local-file open error and kept the diagnostic on stderr.","zh":"curl 对不存在的本地文件返回了文档约定的打开错误，并把诊断保留在 stderr。"},"stderrExcerpt":"curl: (37) Couldn't open file <workspace>/not-a-real-qa-file"}],"outputSample":{"command":"curl --fail --silent --show-error --max-time 5 file://$PWD/package.json | jq -c '{name,private}'","format":"json","stdout":"{\"name\":\"clifinder-net\",\"private\":true}","schema":{"type":"object","additionalProperties":false,"required":["name","private"],"properties":{"name":{"type":"string"},"private":{"type":"boolean"}}}},"limitations":{"en":"Version output, a bounded local file response, a JSON assertion, and the missing-file failure path were executed with fail, silent, error, and timeout flags. No network, TLS, authentication, redirect, HTTP response failure, upload, or state-changing request was tested.","zh":"已执行版本输出、有限本地文件读取、JSON 断言和文件缺失失败路径，并使用 fail、silent、error 与 timeout 标志；未测试网络、TLS、认证、重定向、HTTP 响应错误、上传或状态变更请求。"},"sources":[{"label":"curl manual","url":"https://curl.se/docs/manpage.html","kind":"official-docs","official":true},{"label":"curl manual source repository","url":"https://github.com/curl/curl","kind":"official-repository","official":true}]},"alternatives":["httpie"]},{"slug":"httpie","name":"HTTPie","command":"http","publisher":"HTTPie","official":true,"category":"http-webhooks","summary":{"en":"Send readable HTTP requests with JSON-aware input and output for local or CI workflows.","zh":"通过 JSON 感知的输入输出，在本地或 CI 工作流中发送易读的 HTTP 请求。"},"bestFor":["JSON APIs","request debugging","sessions","human-readable HTTP"],"searchTerms":["httpie","http","api request","json api"],"featured":false,"order":602,"installation":[{"label":"pipx","manager":"pipx","command":"pipx install httpie","platforms":["macos","linux","windows"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["none","basic","bearer token","auth plugins","sessions"],"headless":true,"secretEnv":["HTTP_TOKEN"],"minimumPermissions":{"en":"Use environment-backed headers and store sessions outside the repository.","zh":"通过环境变量提供请求头，并把 session 存储在仓库之外。"},"credentialStorage":{"en":"For headless runs, inject HTTP_TOKEN from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 HTTP_TOKEN。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","raw response","headers"],"flags":["--check-status","--print=b","--quiet"],"notes":{"en":"Use --check-status or --print=b or --quiet where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --check-status 或 --print=b 或 --quiet，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"get","name":{"en":"Read an API endpoint","zh":"读取 API 接口"},"description":{"en":"Sends a GET request and exits non-zero for HTTP errors.","zh":"发送 GET 请求，并在 HTTP 错误时以非零状态退出。"},"command":"http --check-status --print=b GET https://api.example.com/items Accept:application/json","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"post","name":{"en":"Post JSON data","zh":"提交 JSON 数据"},"description":{"en":"Creates or updates remote state depending on the endpoint.","zh":"会根据接口语义创建或更新远程状态。"},"command":"http --check-status POST https://api.example.com/items name=example","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":true,"sensitiveOutput":false,"policyPrefix":["http"]}],"readiness":{"score":87,"summary":{"en":"Documentation indicates an agent-readiness score of 87/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 87/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --check-status or --print=b or --quiet where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --check-status 或 --print=b 或 --quiet，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":14,"weight":15,"evidence":{"en":"The documented command surface includes a dry-run, preview, plan, or check path.","zh":"文档中的命令包含 dry-run、preview、plan 或 check 路径。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use environment-backed headers and store sessions outside the repository.","zh":"通过环境变量提供请求头，并把 session 存储在仓库之外。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"Request method and endpoint determine risk; do not infer safety from HTTPie syntax alone.","zh":"风险由请求方法和接口决定，不能仅根据 HTTPie 语法判断安全性。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"HTTPie CLI documentation","url":"https://httpie.io/docs/cli","kind":"official-docs","official":true},{"label":"HTTPie CLI documentation source repository","url":"https://github.com/httpie/cli","kind":"official-repository","official":true}]},"alternatives":["curl"]},{"slug":"grpcurl","name":"grpcurl","command":"grpcurl","publisher":"FullStory","official":true,"category":"http-webhooks","summary":{"en":"Discover and invoke gRPC services from scripts without generating a client.","zh":"无需生成客户端即可在脚本中发现和调用 gRPC 服务。"},"bestFor":["gRPC reflection","service discovery","RPC testing","JSON request bodies"],"searchTerms":["grpcurl","grpc","protobuf","rpc test"],"featured":false,"order":603,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install grpcurl","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install fullstorydev.grpcurl","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["none","metadata token","client certificate","TLS"],"headless":true,"secretEnv":["GRPC_TOKEN"],"minimumPermissions":{"en":"Use TLS and credentials scoped to the target service; begin with reflection and read RPCs.","zh":"使用 TLS 和仅授权目标服务的凭据，并先从反射与读取 RPC 开始。"},"credentialStorage":{"en":"For headless runs, inject GRPC_TOKEN from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 GRPC_TOKEN。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","text"],"flags":["-format json","-emit-defaults"],"notes":{"en":"Use -format json or -emit-defaults where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 -format json 或 -emit-defaults，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"list","name":{"en":"List services","zh":"列出服务"},"description":{"en":"Uses server reflection to discover available services.","zh":"使用服务器反射发现可用服务。"},"command":"grpcurl -format json api.example.com:443 list","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"invoke","name":{"en":"Invoke an RPC","zh":"调用 RPC"},"description":{"en":"May change remote state depending on the method implementation.","zh":"可能根据方法实现改变远程状态。"},"command":"grpcurl -d @ api.example.com:443 package.Service/Method < request.json","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":true,"sensitiveOutput":false,"policyPrefix":["grpcurl"]}],"readiness":{"score":84,"summary":{"en":"Documentation indicates an agent-readiness score of 84/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 84/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use -format json or -emit-defaults where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 -format json 或 -emit-defaults，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use TLS and credentials scoped to the target service; begin with reflection and read RPCs.","zh":"使用 TLS 和仅授权目标服务的凭据，并先从反射与读取 RPC 开始。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"Reflection is read-only; an RPC method can perform any server-side action.","zh":"反射操作只读；RPC 方法可以执行任意服务端动作。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"grpcurl documentation","url":"https://github.com/fullstorydev/grpcurl#usage","kind":"official-docs","official":true},{"label":"grpcurl documentation source repository","url":"https://github.com/fullstorydev/grpcurl","kind":"official-repository","official":true}]},"alternatives":["curl","httpie"]},{"slug":"ngrok","name":"ngrok CLI","command":"ngrok","publisher":"ngrok","official":true,"category":"http-webhooks","summary":{"en":"Expose local services and inspect tunnels while controlling network and credential scope.","zh":"在控制网络和凭据范围的前提下暴露本地服务并检查隧道。"},"bestFor":["local tunnels","webhook testing","traffic inspection","temporary endpoints"],"searchTerms":["ngrok","tunnel","expose localhost","webhook"],"featured":false,"order":604,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install ngrok/ngrok/ngrok","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install ngrok.ngrok","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["authtoken"],"headless":true,"secretEnv":["NGROK_AUTHTOKEN"],"minimumPermissions":{"en":"Use a dedicated agent credential and restrict endpoints, domains, and traffic policy.","zh":"使用专用 Agent 凭据，并限制端点、域名和流量策略。"},"credentialStorage":{"en":"For headless runs, inject NGROK_AUTHTOKEN from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 NGROK_AUTHTOKEN。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","yaml","text"],"flags":["--log-format=json"],"notes":{"en":"Use --log-format=json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --log-format=json，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"config-check","name":{"en":"Check configuration","zh":"检查配置"},"description":{"en":"Validates local ngrok configuration without opening a tunnel.","zh":"校验本地 ngrok 配置，不打开隧道。"},"command":"ngrok config check","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":false,"sensitiveOutput":false},{"id":"http-tunnel","name":{"en":"Open an HTTP tunnel","zh":"打开 HTTP 隧道"},"description":{"en":"Makes a local service reachable from the public network.","zh":"会让本地服务可从公网访问。"},"command":"ngrok http 3000 --log stdout --log-format json","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":true,"sensitiveOutput":true,"policyPrefix":["ngrok","http"]}],"readiness":{"score":83,"summary":{"en":"Documentation indicates an agent-readiness score of 83/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 83/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --log-format=json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --log-format=json，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use a dedicated agent credential and restrict endpoints, domains, and traffic policy.","zh":"使用专用 Agent 凭据，并限制端点、域名和流量策略。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":5,"weight":7,"evidence":{"en":"Maintenance is documented by the official publisher source.","zh":"维护状态来自官方发布方资料。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R2","maximumLevel":"R3","summary":{"en":"Opening a tunnel changes network exposure; sensitive local or admin services must never be exposed by default.","zh":"打开隧道会改变网络暴露面；不得默认暴露敏感本地服务或管理服务。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"ngrok agent CLI reference","url":"https://ngrok.com/docs/agent/cli/","kind":"official-docs","official":true}]},"alternatives":["cloudflare-wrangler"]},{"slug":"stripe-cli","name":"Stripe CLI","command":"stripe","publisher":"Stripe","official":true,"category":"http-webhooks","summary":{"en":"Test webhooks, inspect events, and use test-mode Stripe workflows with explicit approval boundaries.","zh":"在明确确认边界下测试 Webhook、检查事件并使用 Stripe 测试模式工作流。"},"bestFor":["Stripe webhooks","test events","API logs","test-mode resources"],"searchTerms":["stripe","webhook","payment test","event"],"featured":true,"order":605,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install stripe/stripe-cli/stripe","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install Stripe.StripeCLI","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["browser login","restricted API key"],"headless":true,"secretEnv":["STRIPE_API_KEY"],"minimumPermissions":{"en":"Use a restricted test-mode key and verify account and livemode before every write.","zh":"使用受限测试模式密钥，并在每次写操作前确认账号和 livemode。"},"credentialStorage":{"en":"For headless runs, inject STRIPE_API_KEY from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 STRIPE_API_KEY。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","text"],"flags":["--format json"],"notes":{"en":"Use --format json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --format json，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"events-list","name":{"en":"List test events","zh":"列出测试事件"},"description":{"en":"Reads recent events in the selected account.","zh":"读取所选账号中的近期事件。"},"command":"stripe events list --limit 10","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"listen","name":{"en":"Forward test webhooks","zh":"转发测试 Webhook"},"description":{"en":"Creates a temporary remote listener and forwards payloads locally.","zh":"会创建临时远程监听并把载荷转发到本地。"},"command":"stripe listen --forward-to localhost:3000/api/webhooks/stripe","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":true,"policyPrefix":["stripe","listen"]},{"id":"trigger","name":{"en":"Trigger a test event","zh":"触发测试事件"},"description":{"en":"Creates test-mode resources and webhook events.","zh":"会创建测试模式资源和 Webhook 事件。"},"command":"stripe trigger payment_intent.succeeded","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["stripe","trigger"]}],"readiness":{"score":84,"summary":{"en":"Documentation indicates an agent-readiness score of 84/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 84/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --format json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --format json，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use a restricted test-mode key and verify account and livemode before every write.","zh":"使用受限测试模式密钥，并在每次写操作前确认账号和 livemode。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"Test-mode reads are low risk; live-mode writes can charge customers or alter billing state.","zh":"测试模式读取风险较低；实时模式写入可能向客户收费或改变计费状态。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"Stripe CLI documentation","url":"https://docs.stripe.com/stripe-cli","kind":"official-docs","official":true},{"label":"Stripe CLI documentation source repository","url":"https://github.com/stripe/stripe-cli","kind":"official-repository","official":true}]},"alternatives":["ngrok","curl"]},{"slug":"playwright","name":"Playwright","command":"playwright","publisher":"Microsoft","official":true,"category":"web-automation","summary":{"en":"Run browser tests, capture screenshots and traces, and automate evidence-backed UI workflows.","zh":"运行浏览器测试、捕获截图与 Trace，并自动化可留存证据的 UI 工作流。"},"bestFor":["browser testing","screenshots","traces","authenticated UI flows"],"searchTerms":["playwright","browser automation","e2e","screenshot","test"],"featured":true,"order":606,"installation":[{"label":"npm","manager":"npm","command":"npm install --save-dev @playwright/test","platforms":["macos","linux","windows"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":false,"methods":["none"],"headless":true,"secretEnv":[],"minimumPermissions":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"},"credentialStorage":{"en":"No service credential is stored for this CLI.","zh":"此 CLI 不保存服务凭据。"}},"output":{"structured":true,"formats":["json","junit","html","blob"],"flags":["--reporter=json","--reporter=junit"],"notes":{"en":"Use --reporter=json or --reporter=junit where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --reporter=json 或 --reporter=junit，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless"],"platforms":["macos","linux","windows"]},"commands":[{"id":"show-report","name":{"en":"Inspect a test report","zh":"检查测试报告"},"description":{"en":"Reads an existing report without rerunning browser actions.","zh":"读取已有报告，不重新执行浏览器操作。"},"command":"npx playwright show-report","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":false,"sensitiveOutput":false},{"id":"test","name":{"en":"Run browser tests","zh":"运行浏览器测试"},"description":{"en":"Executes project-defined browser actions and writes reports and traces.","zh":"会执行项目定义的浏览器操作并写入报告与 Trace。"},"command":"npx playwright test --reporter=json","risk":"R1","idempotent":false,"requiresConfirmation":true,"structuredOutput":true,"sensitiveOutput":true,"policyPrefix":["npx","playwright","test"]},{"id":"authenticated-codegen","name":{"en":"Record an authenticated flow","zh":"录制已认证流程"},"description":{"en":"Can submit forms or mutate remote state through the browser.","zh":"可能通过浏览器提交表单或修改远程状态。"},"command":"npx playwright codegen https://example.com","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["npx","playwright","codegen"]}],"readiness":{"score":86,"summary":{"en":"Documentation indicates an agent-readiness score of 86/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 86/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --reporter=json or --reporter=junit where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --reporter=json 或 --reporter=junit，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":10,"weight":10,"evidence":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R1","maximumLevel":"R3","summary":{"en":"Test behavior is code-defined; authenticated flows can perform any action available to the browser user.","zh":"测试行为由代码定义；已认证流程可执行浏览器用户拥有的任何操作。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"Playwright test CLI documentation","url":"https://playwright.dev/docs/test-cli","kind":"official-docs","official":true},{"label":"Playwright test CLI documentation source repository","url":"https://github.com/microsoft/playwright","kind":"official-repository","official":true}]},"alternatives":["firecrawl-cli"]},{"slug":"firecrawl-cli","name":"Firecrawl CLI","command":"firecrawl","publisher":"Firecrawl","official":true,"category":"web-automation","summary":{"en":"Scrape or crawl web pages into Markdown and JSON for downstream agent analysis.","zh":"把网页抓取或爬取为 Markdown 与 JSON，供 Agent 后续分析。"},"bestFor":["web scraping","site crawling","Markdown extraction","structured web data"],"searchTerms":["firecrawl","crawl website","scrape","markdown extraction"],"featured":false,"order":607,"installation":[{"label":"npx","manager":"npm","command":"npx firecrawl --help","platforms":["macos","linux","windows"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["API key"],"headless":true,"secretEnv":["FIRECRAWL_API_KEY"],"minimumPermissions":{"en":"Use a dedicated key with quota limits and crawl only authorized targets.","zh":"使用带配额限制的专用密钥，并且只抓取获授权目标。"},"credentialStorage":{"en":"For headless runs, inject FIRECRAWL_API_KEY from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 FIRECRAWL_API_KEY。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","markdown"],"flags":["--json"],"notes":{"en":"Use --json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"help","name":{"en":"Inspect CLI help","zh":"检查 CLI 帮助"},"description":{"en":"Reads the installed command surface without starting a crawl.","zh":"读取已安装命令能力，不启动抓取任务。"},"command":"npx firecrawl --help","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":false,"sensitiveOutput":false},{"id":"scrape","name":{"en":"Scrape one page","zh":"抓取单个页面"},"description":{"en":"Fetches one authorized URL for extraction.","zh":"获取一个已授权 URL 并提取内容。"},"command":"npx firecrawl scrape https://example.com --json","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":true,"sensitiveOutput":true,"policyPrefix":["npx","firecrawl","scrape"]},{"id":"crawl","name":{"en":"Crawl a site","zh":"爬取网站"},"description":{"en":"Starts a remote crawl that consumes quota and may send many requests.","zh":"会启动消耗配额且可能发送大量请求的远程爬取任务。"},"command":"npx firecrawl crawl https://example.com --json","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":true,"sensitiveOutput":true,"policyPrefix":["npx","firecrawl","crawl"]}],"readiness":{"score":84,"summary":{"en":"Documentation indicates an agent-readiness score of 84/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 84/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use a dedicated key with quota limits and crawl only authorized targets.","zh":"使用带配额限制的专用密钥，并且只抓取获授权目标。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R2","maximumLevel":"R2","summary":{"en":"Scrapes create remote jobs, consume quota, and must respect authorization, robots guidance, rate limits, and site terms.","zh":"抓取会创建远程任务并消耗配额，必须遵守授权、robots 指引、速率限制和站点条款。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"Firecrawl documentation","url":"https://docs.firecrawl.dev/","kind":"official-docs","official":true},{"label":"Firecrawl documentation source repository","url":"https://github.com/firecrawl/firecrawl","kind":"official-repository","official":true}]},"alternatives":["playwright","curl"]},{"slug":"sentry-cli","name":"Sentry CLI","command":"sentry-cli","publisher":"Sentry","official":true,"category":"operations-infrastructure","summary":{"en":"Inspect projects and automate Sentry releases, source maps, and deploy records with scoped credentials.","zh":"使用范围受限的凭据检查项目，并自动化 Sentry 发布、Source Map 与部署记录。"},"bestFor":["Sentry releases","source maps","deploy records","project inspection"],"searchTerms":["sentry","error monitoring","release","source maps"],"featured":false,"order":701,"installation":[{"label":"npm","manager":"npm","command":"npm install --save-dev @sentry/cli","platforms":["macos","linux","windows"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["auth token","DSN for some commands"],"headless":true,"secretEnv":["SENTRY_AUTH_TOKEN","SENTRY_ORG","SENTRY_PROJECT","SENTRY_URL"],"minimumPermissions":{"en":"Use a token limited to the required organization, project, and release scopes.","zh":"Token 仅授权任务所需组织、项目和发布权限。"},"credentialStorage":{"en":"For headless runs, inject SENTRY_AUTH_TOKEN, SENTRY_ORG, SENTRY_PROJECT, SENTRY_URL from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 SENTRY_AUTH_TOKEN、SENTRY_ORG、SENTRY_PROJECT、SENTRY_URL。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","text"],"flags":["--json"],"notes":{"en":"Use --json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"projects-list","name":{"en":"List projects","zh":"列出项目"},"description":{"en":"Reads project metadata in the configured organization.","zh":"读取所配置组织中的项目元数据。"},"command":"npx sentry-cli projects list --json","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"release-new","name":{"en":"Create a release","zh":"创建发布"},"description":{"en":"Creates remote release state in Sentry.","zh":"会在 Sentry 中创建远程发布状态。"},"command":"npx sentry-cli releases new RELEASE","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["npx","sentry-cli","releases","new"]},{"id":"release-delete","name":{"en":"Delete a release","zh":"删除发布"},"description":{"en":"Deletes Sentry release data and associated artifacts.","zh":"会删除 Sentry 发布数据及关联产物。"},"command":"npx sentry-cli releases delete RELEASE","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["npx","sentry-cli","releases","delete"]}],"readiness":{"score":84,"summary":{"en":"Documentation indicates an agent-readiness score of 84/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 84/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use a token limited to the required organization, project, and release scopes.","zh":"Token 仅授权任务所需组织、项目和发布权限。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"Inspection can be read-only; release and source-map commands modify observability data.","zh":"检查操作可以只读；发布和 Source Map 命令会修改可观测性数据。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"Sentry CLI documentation","url":"https://docs.sentry.io/product/cli/","kind":"official-docs","official":true},{"label":"Sentry CLI documentation source repository","url":"https://github.com/getsentry/sentry-cli","kind":"official-repository","official":true}]},"alternatives":["datadog-pup"]},{"slug":"terraform","name":"Terraform CLI","command":"terraform","publisher":"HashiCorp","official":true,"category":"operations-infrastructure","summary":{"en":"Format, validate, plan, and apply infrastructure while keeping plan and apply risk distinct.","zh":"格式化、校验、规划和应用基础设施，并明确区分 plan 与 apply 风险。"},"bestFor":["infrastructure planning","state inspection","provider workflows","reviewable plans"],"searchTerms":["terraform","iac","infrastructure","plan","apply"],"featured":true,"order":702,"installation":[{"label":"Homebrew","manager":"brew","command":"brew tap hashicorp/tap && brew install hashicorp/tap/terraform","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install Hashicorp.Terraform","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["provider credentials","Terraform Cloud token","workload identity"],"headless":true,"secretEnv":["TF_TOKEN_app_terraform_io","TF_CLI_CONFIG_FILE"],"minimumPermissions":{"en":"Use read-only provider credentials for validate and plan, and separate apply credentials by environment.","zh":"validate 和 plan 使用只读 Provider 凭据，并按环境隔离 apply 凭据。"},"credentialStorage":{"en":"For headless runs, inject TF_TOKEN_app_terraform_io, TF_CLI_CONFIG_FILE from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 TF_TOKEN_app_terraform_io、TF_CLI_CONFIG_FILE。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","binary plan","text"],"flags":["show -json","output -json"],"notes":{"en":"Use show -json or output -json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 show -json 或 output -json，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"validate","name":{"en":"Validate configuration","zh":"校验配置"},"description":{"en":"Checks local configuration syntax and internal consistency.","zh":"检查本地配置语法和内部一致性。"},"command":"terraform validate -json","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":false},{"id":"plan","name":{"en":"Create a saved plan","zh":"创建保存的计划"},"description":{"en":"Refreshes state and writes a reviewable local plan file without applying changes.","zh":"刷新状态并写入可审查的本地计划文件，不应用变更。"},"command":"terraform plan -out=tfplan","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":false,"sensitiveOutput":false},{"id":"apply","name":{"en":"Apply a reviewed plan","zh":"应用已审查计划"},"description":{"en":"Changes remote infrastructure exactly as recorded in the plan.","zh":"会按照计划更改远程基础设施。"},"command":"terraform apply tfplan","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["terraform","apply"]},{"id":"destroy","name":{"en":"Destroy infrastructure","zh":"销毁基础设施"},"description":{"en":"Deletes managed infrastructure resources.","zh":"会删除受管理的基础设施资源。"},"command":"terraform destroy","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["terraform","destroy"]}],"readiness":{"score":87,"summary":{"en":"Documentation indicates an agent-readiness score of 87/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 87/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use show -json or output -json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 show -json 或 output -json，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":14,"weight":15,"evidence":{"en":"The documented command surface includes a dry-run, preview, plan, or check path.","zh":"文档中的命令包含 dry-run、preview、plan 或 check 路径。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use read-only provider credentials for validate and plan, and separate apply credentials by environment.","zh":"validate 和 plan 使用只读 Provider 凭据，并按环境隔离 apply 凭据。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"Validate and reviewed plans are safe starting points; apply and destroy affect real infrastructure.","zh":"validate 和经审查的 plan 是安全起点；apply 和 destroy 会影响真实基础设施。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"Terraform CLI documentation","url":"https://developer.hashicorp.com/terraform/cli","kind":"official-docs","official":true},{"label":"Terraform CLI documentation source repository","url":"https://github.com/hashicorp/terraform","kind":"official-repository","official":true}]},"alternatives":["opentofu","pulumi"]},{"slug":"opentofu","name":"OpenTofu CLI","command":"tofu","publisher":"OpenTofu","official":true,"category":"operations-infrastructure","summary":{"en":"Plan and manage open-source infrastructure state with explicit approval for remote changes.","zh":"规划和管理开源基础设施状态，并对远程变更进行明确确认。"},"bestFor":["open-source IaC","infrastructure planning","state inspection","Terraform-compatible workflows"],"searchTerms":["opentofu","tofu","terraform alternative","iac"],"featured":false,"order":703,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install opentofu","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install OpenTofu.Tofu","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["provider credentials","backend credentials","workload identity"],"headless":true,"secretEnv":["TF_CLI_CONFIG_FILE"],"minimumPermissions":{"en":"Use read-only provider credentials for planning and environment-specific credentials for apply.","zh":"规划使用只读 Provider 凭据，apply 使用环境专用凭据。"},"credentialStorage":{"en":"For headless runs, inject TF_CLI_CONFIG_FILE from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 TF_CLI_CONFIG_FILE。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","binary plan","text"],"flags":["show -json","output -json"],"notes":{"en":"Use show -json or output -json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 show -json 或 output -json，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"validate","name":{"en":"Validate configuration","zh":"校验配置"},"description":{"en":"Checks local configuration without changing infrastructure.","zh":"检查本地配置，不改变基础设施。"},"command":"tofu validate -json","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":false},{"id":"plan","name":{"en":"Create a saved plan","zh":"创建保存的计划"},"description":{"en":"Produces a reviewable plan before any remote mutation.","zh":"在任何远程修改前生成可审查计划。"},"command":"tofu plan -out=tfplan","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":false,"sensitiveOutput":false},{"id":"apply","name":{"en":"Apply a plan","zh":"应用计划"},"description":{"en":"Changes remote infrastructure from an approved plan.","zh":"根据获批计划更改远程基础设施。"},"command":"tofu apply tfplan","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["tofu","apply"]},{"id":"destroy","name":{"en":"Destroy infrastructure","zh":"销毁基础设施"},"description":{"en":"Deletes managed infrastructure resources.","zh":"会删除受管理的基础设施资源。"},"command":"tofu destroy","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["tofu","destroy"]}],"readiness":{"score":87,"summary":{"en":"Documentation indicates an agent-readiness score of 87/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 87/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use show -json or output -json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 show -json 或 output -json，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":14,"weight":15,"evidence":{"en":"The documented command surface includes a dry-run, preview, plan, or check path.","zh":"文档中的命令包含 dry-run、preview、plan 或 check 路径。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use read-only provider credentials for planning and environment-specific credentials for apply.","zh":"规划使用只读 Provider 凭据，apply 使用环境专用凭据。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"Planning is read-first; applying or destroying a plan changes real infrastructure.","zh":"规划以读取为先；应用或销毁计划会改变真实基础设施。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"OpenTofu CLI documentation","url":"https://opentofu.org/docs/cli/","kind":"official-docs","official":true},{"label":"OpenTofu CLI documentation source repository","url":"https://github.com/opentofu/opentofu","kind":"official-repository","official":true}]},"alternatives":["terraform","pulumi"]},{"slug":"pulumi","name":"Pulumi CLI","command":"pulumi","publisher":"Pulumi","official":true,"category":"operations-infrastructure","summary":{"en":"Preview and apply infrastructure programs with structured output and explicit stack controls.","zh":"通过结构化输出和明确 Stack 控制预览并应用基础设施程序。"},"bestFor":["infrastructure as code","stack previews","typed cloud programs","deployment history"],"searchTerms":["pulumi","iac","infrastructure","preview","stack"],"featured":false,"order":704,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install pulumi/tap/pulumi","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install Pulumi.Pulumi","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["Pulumi access token","DIY backend","provider credentials"],"headless":true,"secretEnv":["PULUMI_ACCESS_TOKEN","PULUMI_CONFIG_PASSPHRASE"],"minimumPermissions":{"en":"Select the exact stack and use read-only cloud credentials for previews.","zh":"选择准确的 Stack，并为 preview 使用只读云凭据。"},"credentialStorage":{"en":"For headless runs, inject PULUMI_ACCESS_TOKEN, PULUMI_CONFIG_PASSPHRASE from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 PULUMI_ACCESS_TOKEN、PULUMI_CONFIG_PASSPHRASE。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","text"],"flags":["--json","--diff"],"notes":{"en":"Use --json or --diff where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json 或 --diff，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"stack-output","name":{"en":"Read stack outputs","zh":"读取 Stack 输出"},"description":{"en":"Reads outputs from the explicitly selected stack.","zh":"读取明确选择的 Stack 输出。"},"command":"pulumi stack output --json --stack ORG/PROJECT/STACK","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"preview","name":{"en":"Preview changes","zh":"预览变更"},"description":{"en":"Calculates infrastructure changes without applying them.","zh":"计算基础设施变更但不应用。"},"command":"pulumi preview --json --stack ORG/PROJECT/STACK","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":false},{"id":"up","name":{"en":"Apply an update","zh":"应用更新"},"description":{"en":"Changes remote infrastructure in the selected stack.","zh":"会更改所选 Stack 中的远程基础设施。"},"command":"pulumi up --stack ORG/PROJECT/STACK","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["pulumi","up"]},{"id":"destroy","name":{"en":"Destroy a stack","zh":"销毁 Stack"},"description":{"en":"Deletes managed resources from the selected stack.","zh":"会删除所选 Stack 管理的资源。"},"command":"pulumi destroy --stack ORG/PROJECT/STACK","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["pulumi","destroy"]}],"readiness":{"score":87,"summary":{"en":"Documentation indicates an agent-readiness score of 87/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 87/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --json or --diff where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json 或 --diff，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":14,"weight":15,"evidence":{"en":"The documented command surface includes a dry-run, preview, plan, or check path.","zh":"文档中的命令包含 dry-run、preview、plan 或 check 路径。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Select the exact stack and use read-only cloud credentials for previews.","zh":"选择准确的 Stack，并为 preview 使用只读云凭据。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"Stack output and preview are safe starting points; up and destroy change cloud resources.","zh":"Stack 输出和 preview 是安全起点；up 与 destroy 会改变云资源。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"Pulumi CLI documentation","url":"https://www.pulumi.com/docs/iac/cli/","kind":"official-docs","official":true},{"label":"Pulumi CLI documentation source repository","url":"https://github.com/pulumi/pulumi","kind":"official-repository","official":true}]},"alternatives":["terraform","opentofu"]},{"slug":"ansible","name":"Ansible CLI","command":"ansible-playbook","publisher":"Red Hat Ansible","official":true,"category":"operations-infrastructure","summary":{"en":"Run inventory checks, syntax checks, dry runs, and controlled remote automation.","zh":"运行 Inventory 检查、语法检查、Dry Run 和受控远程自动化。"},"bestFor":["server inventory","configuration checks","playbook dry runs","remote automation"],"searchTerms":["ansible","playbook","inventory","configuration management"],"featured":false,"order":705,"installation":[{"label":"pipx","manager":"pipx","command":"pipx install --include-deps ansible","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["SSH key","WinRM","Ansible Vault","become credentials"],"headless":true,"secretEnv":["ANSIBLE_CONFIG","ANSIBLE_VAULT_PASSWORD_FILE"],"minimumPermissions":{"en":"Use a dedicated inventory, unprivileged remote account, host limit, and vault-backed secrets.","zh":"使用专用 Inventory、非特权远程账号、主机限制和 Vault 管理的密钥。"},"credentialStorage":{"en":"For headless runs, inject ANSIBLE_CONFIG, ANSIBLE_VAULT_PASSWORD_FILE from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 ANSIBLE_CONFIG、ANSIBLE_VAULT_PASSWORD_FILE。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","yaml","text"],"flags":["ansible-inventory --list","ANSIBLE_STDOUT_CALLBACK=json"],"notes":{"en":"Use ansible-inventory --list or ANSIBLE_STDOUT_CALLBACK=json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 ansible-inventory --list 或 ANSIBLE_STDOUT_CALLBACK=json，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux"]},"commands":[{"id":"inventory","name":{"en":"Inspect inventory","zh":"检查 Inventory"},"description":{"en":"Reads the resolved inventory as JSON.","zh":"以 JSON 读取解析后的 Inventory。"},"command":"ansible-inventory --inventory inventory.ini --list","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"check","name":{"en":"Check a playbook","zh":"检查 Playbook"},"description":{"en":"Runs check mode against a limited host set; modules may still have side effects.","zh":"针对有限主机运行 check 模式；部分模块仍可能产生副作用。"},"command":"ansible-playbook --inventory inventory.ini --limit staging --check --diff site.yml","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":false,"sensitiveOutput":false},{"id":"apply","name":{"en":"Run a playbook","zh":"运行 Playbook"},"description":{"en":"Changes remote hosts selected by the inventory and limit.","zh":"会更改 Inventory 和 limit 选中的远程主机。"},"command":"ansible-playbook --inventory inventory.ini --limit staging site.yml","risk":"R2","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["ansible-playbook"]}],"readiness":{"score":85,"summary":{"en":"Documentation indicates an agent-readiness score of 85/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 85/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use ansible-inventory --list or ANSIBLE_STDOUT_CALLBACK=json where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 ansible-inventory --list 或 ANSIBLE_STDOUT_CALLBACK=json，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":14,"weight":15,"evidence":{"en":"The documented command surface includes a dry-run, preview, plan, or check path.","zh":"文档中的命令包含 dry-run、preview、plan 或 check 路径。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Use a dedicated inventory, unprivileged remote account, host limit, and vault-backed secrets.","zh":"使用专用 Inventory、非特权远程账号、主机限制和 Vault 管理的密钥。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":6,"weight":8,"evidence":{"en":"The documented installation path covers the listed platforms.","zh":"文档安装路径覆盖条目列出的平台。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"Inventory and syntax checks are read-first; playbooks can execute privileged changes across many hosts.","zh":"Inventory 和语法检查以读取为先；Playbook 可在大量主机上执行特权变更。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"Ansible command-line tools guide","url":"https://docs.ansible.com/ansible/latest/command_guide/index.html","kind":"official-docs","official":true},{"label":"Ansible command-line tools guide source repository","url":"https://github.com/ansible/ansible","kind":"official-repository","official":true}]},"alternatives":["terraform","pulumi"]},{"slug":"semgrep","name":"Semgrep","command":"semgrep","publisher":"Semgrep","official":true,"category":"security","summary":{"en":"Scan source code with structured findings before separately reviewing any autofix or rule change.","zh":"先以结构化结果扫描源码，再单独审查任何 Autofix 或规则变更。"},"bestFor":["static analysis","security rules","JSON or SARIF findings","custom code patterns"],"searchTerms":["semgrep","sast","security scan","code analysis"],"featured":true,"order":706,"installation":[{"label":"pipx","manager":"pipx","command":"pipx install semgrep","platforms":["macos","linux","windows"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["none for local rules","Semgrep token for platform features"],"headless":true,"secretEnv":["SEMGREP_APP_TOKEN"],"minimumPermissions":{"en":"Run local rules without a token when possible; scope platform tokens to the required deployment.","zh":"尽量在无 Token 情况下运行本地规则；平台 Token 仅授权目标部署。"},"credentialStorage":{"en":"For headless runs, inject SEMGREP_APP_TOKEN from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 SEMGREP_APP_TOKEN。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","sarif","text"],"flags":["--json","--sarif","--output"],"notes":{"en":"Use --json or --sarif or --output where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json 或 --sarif 或 --output，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"scan","name":{"en":"Scan source code","zh":"扫描源码"},"description":{"en":"Writes structured findings without changing source files.","zh":"写入结构化发现，不修改源文件。"},"command":"semgrep scan --config auto --json --output semgrep.json","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"local-rules","name":{"en":"Run repository rules","zh":"运行仓库规则"},"description":{"en":"Runs locally reviewed rules and writes SARIF findings.","zh":"运行本地已审查规则并写入 SARIF 发现。"},"command":"semgrep scan --config .semgrep/ --sarif --output semgrep.sarif","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"autofix","name":{"en":"Apply autofixes","zh":"应用 Autofix"},"description":{"en":"Modifies source files in place and needs a diff review.","zh":"会原地修改源码文件，需要审查差异。"},"command":"semgrep scan --config auto --autofix","risk":"R1","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["semgrep","scan"]}],"readiness":{"score":84,"summary":{"en":"Documentation indicates an agent-readiness score of 84/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 84/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --json or --sarif or --output where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --json 或 --sarif 或 --output，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Run local rules without a token when possible; scope platform tokens to the required deployment.","zh":"尽量在无 Token 情况下运行本地规则；平台 Token 仅授权目标部署。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R2","summary":{"en":"Local report scans are read-only; autofix writes source and platform uploads send findings remotely.","zh":"本地报告扫描只读；Autofix 会写源码，平台上传会把发现发送到远程。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"Semgrep CLI reference","url":"https://semgrep.dev/docs/cli-reference/","kind":"official-docs","official":true},{"label":"Semgrep CLI reference source repository","url":"https://github.com/semgrep/semgrep","kind":"official-repository","official":true}]},"alternatives":["trivy","gitleaks"]},{"slug":"trivy","name":"Trivy","command":"trivy","publisher":"Aqua Security","official":true,"category":"security","summary":{"en":"Scan repositories, filesystems, images, and infrastructure configuration into JSON or SARIF reports.","zh":"把仓库、文件系统、镜像和基础设施配置扫描为 JSON 或 SARIF 报告。"},"bestFor":["vulnerability scans","container images","IaC scanning","SBOMs"],"searchTerms":["trivy","vulnerability","container scan","sbom","iac"],"featured":true,"order":707,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install trivy","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install AquaSecurity.Trivy","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":false,"methods":["none"],"headless":true,"secretEnv":[],"minimumPermissions":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"},"credentialStorage":{"en":"No service credential is stored for this CLI.","zh":"此 CLI 不保存服务凭据。"}},"output":{"structured":true,"formats":["json","sarif","cyclonedx","spdx","table"],"flags":["--format json","--format sarif","--output"],"notes":{"en":"Use --format json or --format sarif or --output where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --format json 或 --format sarif 或 --output，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"filesystem","name":{"en":"Scan a filesystem","zh":"扫描文件系统"},"description":{"en":"Writes a JSON vulnerability and misconfiguration report.","zh":"写入 JSON 漏洞和配置错误报告。"},"command":"trivy fs --format json --output trivy.json .","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"image","name":{"en":"Scan an image","zh":"扫描镜像"},"description":{"en":"Reads image layers and writes a JSON report.","zh":"读取镜像层并写入 JSON 报告。"},"command":"trivy image --format json --output image-scan.json IMAGE","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"ignore-edit","name":{"en":"Change ignore policy","zh":"修改忽略策略"},"description":{"en":"Can hide real findings and requires security review.","zh":"可能隐藏真实发现，必须经过安全审查。"},"command":"vi .trivyignore","risk":"R1","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["vi"]}],"readiness":{"score":86,"summary":{"en":"Documentation indicates an agent-readiness score of 86/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 86/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --format json or --format sarif or --output where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --format json 或 --format sarif 或 --output，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":10,"weight":10,"evidence":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R1","summary":{"en":"Scans are read-only apart from caches and reports; ignore-policy changes can suppress findings.","zh":"除缓存和报告外，扫描只读；修改忽略策略可能压制真实发现。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"Trivy documentation","url":"https://trivy.dev/latest/docs/","kind":"official-docs","official":true},{"label":"Trivy documentation source repository","url":"https://github.com/aquasecurity/trivy","kind":"official-repository","official":true}]},"alternatives":["semgrep","gitleaks"]},{"slug":"gitleaks","name":"Gitleaks","command":"gitleaks","publisher":"Gitleaks","official":true,"category":"security","summary":{"en":"Find hard-coded secrets in repositories and changesets with JSON, SARIF, or CSV evidence.","zh":"通过 JSON、SARIF 或 CSV 证据发现仓库和变更集中的硬编码密钥。"},"bestFor":["secret scanning","pre-commit checks","Git history","SARIF reports"],"searchTerms":["gitleaks","secret scan","credentials","pre commit"],"featured":true,"order":708,"installation":[{"label":"Homebrew","manager":"brew","command":"brew install gitleaks","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true},{"label":"winget","manager":"winget","command":"winget install Gitleaks.Gitleaks","platforms":["windows"],"fixedVersionSupported":true}],"authentication":{"required":false,"methods":["none"],"headless":true,"secretEnv":[],"minimumPermissions":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"},"credentialStorage":{"en":"No service credential is stored for this CLI.","zh":"此 CLI 不保存服务凭据。"}},"output":{"structured":true,"formats":["json","sarif","csv","junit","text"],"flags":["--report-format json","--report-path"],"notes":{"en":"Use --report-format json or --report-path where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --report-format json 或 --report-path，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"detect","name":{"en":"Scan a repository","zh":"扫描仓库"},"description":{"en":"Writes a JSON report of detected secrets without editing files.","zh":"写入检测到的密钥 JSON 报告，不编辑文件。"},"command":"gitleaks detect --source . --report-format json --report-path gitleaks.json","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"staged","name":{"en":"Scan staged changes","zh":"扫描暂存变更"},"description":{"en":"Checks pending commit content before it leaves the workstation.","zh":"在提交内容离开工作站前进行检查。"},"command":"gitleaks protect --staged --verbose","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":false,"sensitiveOutput":true},{"id":"allowlist-edit","name":{"en":"Edit the allowlist","zh":"编辑白名单"},"description":{"en":"Can hide real leaks and must be reviewed carefully.","zh":"可能隐藏真实泄漏，必须仔细审查。"},"command":"vi .gitleaks.toml","risk":"R1","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["vi"]}],"readiness":{"score":86,"summary":{"en":"Documentation indicates an agent-readiness score of 86/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 86/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --report-format json or --report-path where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --report-format json 或 --report-path，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":10,"weight":10,"evidence":{"en":"No service credential is required; restrict filesystem and network access to the task.","zh":"无需服务凭据；仍应把文件系统和网络访问限制在任务范围内。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R1","summary":{"en":"Scanning is read-only apart from reports; allowlist edits can suppress real credentials.","zh":"除报告外，扫描只读；白名单编辑可能压制真实凭据。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"Gitleaks documentation","url":"https://gitleaks.io/","kind":"official-docs","official":true},{"label":"Gitleaks documentation source repository","url":"https://github.com/gitleaks/gitleaks","kind":"official-repository","official":true}]},"alternatives":["trivy","semgrep"]},{"slug":"datadog-pup","name":"Datadog Pup CLI","command":"pup","publisher":"Datadog","official":true,"category":"operations-infrastructure","summary":{"en":"Query Datadog observability data through an agent-aware CLI with JSON output and a read-only mode.","zh":"通过支持 JSON 输出和只读模式的 Agent-aware CLI 查询 Datadog 可观测性数据。"},"bestFor":["Datadog monitors","logs","metrics","dashboards","read-only operations"],"searchTerms":["datadog","pup","observability","logs","metrics","monitors"],"featured":true,"order":709,"installation":[{"label":"Homebrew","manager":"brew","command":"brew tap datadog-labs/pack && brew install datadog-labs/pack/pup","platforms":["macos","linux"],"recommended":true,"fixedVersionSupported":true}],"authentication":{"required":true,"methods":["OAuth2 PKCE","access token","API and application keys"],"headless":true,"secretEnv":["DD_ACCESS_TOKEN","DD_API_KEY","DD_APP_KEY","DD_SITE"],"minimumPermissions":{"en":"Prefer OAuth scopes or --read-only; never set DD_AUTO_APPROVE for an unattended write-capable session.","zh":"优先使用 OAuth Scope 或 --read-only；无人值守且可写的会话不得设置 DD_AUTO_APPROVE。"},"credentialStorage":{"en":"For headless runs, inject DD_ACCESS_TOKEN, DD_API_KEY, DD_APP_KEY, DD_SITE from the CI or platform secret manager at process start. For local interactive use, prefer the CLI or operating-system credential store when the official client supports one. Never save values in repository files.","zh":"无界面运行时，在进程启动时从 CI 或平台密钥管理器注入 DD_ACCESS_TOKEN、DD_API_KEY、DD_APP_KEY、DD_SITE。本地交互使用时，若官方客户端支持，应优先使用 CLI 或操作系统凭据存储；不要把值写入仓库文件。"}},"output":{"structured":true,"formats":["json","yaml","table"],"flags":["--output json","--agent","--read-only"],"notes":{"en":"Use --output json or --agent or --read-only where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --output json 或 --agent 或 --read-only，并将诊断日志保留在 stderr。"}},"compatibility":{"agents":["claude-code","codex","gemini-cli","copilot-cli"],"environments":["local","ci","container","headless","remote"],"platforms":["macos","linux","windows"]},"commands":[{"id":"schema","name":{"en":"Inspect the agent schema","zh":"检查 Agent Schema"},"description":{"en":"Emits the machine-readable command surface.","zh":"输出机器可读的命令能力面。"},"command":"pup agent schema","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":false},{"id":"monitors-list","name":{"en":"List monitors read-only","zh":"只读列出 Monitor"},"description":{"en":"Reads monitor data while blocking write operations.","zh":"在阻止写操作的同时读取 Monitor 数据。"},"command":"pup --read-only --output json monitors list --tags=\"team:api-platform\"","risk":"R0","idempotent":true,"requiresConfirmation":false,"structuredOutput":true,"sensitiveOutput":true},{"id":"dashboard-delete","name":{"en":"Delete a dashboard","zh":"删除 Dashboard"},"description":{"en":"Deletes a remote dashboard; --yes suppresses the prompt.","zh":"会删除远程 Dashboard；--yes 会跳过提示。"},"command":"pup dashboards delete DASHBOARD_ID --yes","risk":"R3","idempotent":false,"requiresConfirmation":true,"structuredOutput":false,"sensitiveOutput":false,"policyPrefix":["pup","dashboards","delete"]}],"readiness":{"score":84,"summary":{"en":"Documentation indicates an agent-readiness score of 84/100. No local execution test has been recorded.","zh":"文档证据对应的 Agent Readiness 为 84/100；尚未记录本地执行测试。"},"dimensions":[{"key":"structured-output","label":{"en":"Structured output","zh":"结构化输出"},"score":18,"weight":20,"evidence":{"en":"Use --output json or --agent or --read-only where supported and keep diagnostic logs on stderr.","zh":"在支持的命令中使用 --output json 或 --agent 或 --read-only，并将诊断日志保留在 stderr。"}},{"key":"headless","label":{"en":"Headless operation","zh":"无界面运行"},"score":14,"weight":15,"evidence":{"en":"Official documentation describes a non-interactive authentication or execution path.","zh":"官方文档描述了非交互认证或执行路径。"}},{"key":"safety-controls","label":{"en":"Safety controls","zh":"安全控制"},"score":11,"weight":15,"evidence":{"en":"CLI Finder separates read commands from commands that require confirmation.","zh":"CLI Finder 将读取命令与需要确认的命令分开。"}},{"key":"determinism","label":{"en":"Determinism","zh":"确定性"},"score":8,"weight":10,"evidence":{"en":"Commands use explicit arguments and documented output controls where available.","zh":"命令尽量使用显式参数和文档支持的输出控制。"}},{"key":"authentication","label":{"en":"Authentication","zh":"认证"},"score":8,"weight":10,"evidence":{"en":"Prefer OAuth scopes or --read-only; never set DD_AUTO_APPROVE for an unattended write-capable session.","zh":"优先使用 OAuth Scope 或 --read-only；无人值守且可写的会话不得设置 DD_AUTO_APPROVE。"}},{"key":"documentation","label":{"en":"Documentation","zh":"文档"},"score":9,"weight":10,"evidence":{"en":"This entry cites official documentation checked on 2026-07-10.","zh":"本条目引用了 2026-07-10 检查的官方文档。"}},{"key":"installation","label":{"en":"Installation","zh":"安装"},"score":8,"weight":8,"evidence":{"en":"Official installation paths cover macOS, Linux, and Windows.","zh":"官方安装路径覆盖 macOS、Linux 和 Windows。"}},{"key":"maintenance","label":{"en":"Maintenance","zh":"维护状态"},"score":6,"weight":7,"evidence":{"en":"An official source repository is linked for release and maintenance review.","zh":"条目链接了官方源码仓库，便于检查发布与维护状态。"}},{"key":"agent-artifacts","label":{"en":"Agent artifacts","zh":"Agent 产物"},"score":2,"weight":5,"evidence":{"en":"CLI Finder can generate registry-derived skills and policies; the tool itself was not credited with shipping them.","zh":"CLI Finder 可生成基于注册表的 Skill 和策略；该分数不假定工具自身提供这些产物。"}}]},"operationalRisk":{"defaultLevel":"R0","maximumLevel":"R3","summary":{"en":"--read-only blocks writes, while agent mode can auto-approve prompts; keep write sessions explicitly gated.","zh":"--read-only 会阻止写入，而 Agent 模式可能自动确认提示；可写会话必须显式设门槛。"}},"evidence":{"confidence":"docs-verified","checkedAt":"2026-07-10","testedVersion":null,"testedAt":null,"testEnvironment":null,"executedChecks":[],"outputSample":null,"limitations":{"en":"Official documentation was reviewed, but installation, help output, exit codes, headless behavior, and structured output were not executed locally.","zh":"已审阅官方文档，但未在本地执行安装、帮助输出、退出码、无界面行为或结构化输出测试。"},"sources":[{"label":"Datadog Pup CLI documentation","url":"https://docs.datadoghq.com/cli/","kind":"official-docs","official":true},{"label":"Datadog Pup CLI documentation source repository","url":"https://github.com/DataDog/pup","kind":"official-repository","official":true}]},"alternatives":["sentry-cli"]}],"legacyRedirects":{"codex-cli":{"destination":"/agents/codex","permanent":true,"reason":"Codex is an agent stack, not an external CLI used by an agent."},"gemini-cli":{"destination":"/agents/gemini-cli","permanent":true,"reason":"Gemini CLI is an agent stack, not an external CLI used by an agent."},"playwright-cli":{"destination":"/tools/playwright","permanent":true,"reason":"The Playwright CLI entry is canonicalized to the Playwright tool page."}}}