cli-web-ops

⚠️ A CLI-to-RCE bridge by construction. Read docs/FEATURES.md before deploying. Default scaffolding refuses to bind any non-Tailscale interface.

cli-web-ops is a mobile-first MCP-client web executor for Model Context Protocol servers (typically cli-mcp projecting a urfave/cli v3 command tree), featuring:

• never invokes a CLI directly; every action routes through the MCP server (trust boundary)
• annotation-driven mobile favorites via tool.Meta["webops.*"] stamped by cli-mcp
• one-page experience: description (Markdown via goldmark) + form (from JSON Schema) + SSE output stream
• /docs route renders the full reference; shell shared with cli-web-docs
• Tailscale binding gate refuses public listeners by default
• Dangerously*-prefixed safety opt-outs so call sites read as the alarm they are
• pluggable Auth interface; production path is Caddy-in-front (see deploy/Caddyfile.example)

Documentation

See docs/FEATURES.md for a feature inventory and the full threat model, examples/serve/ for a runnable dev-local demo, and deploy/Caddyfile.example for the recommended production posture. Local dev verbs live in .agent-guard/agent-guard.yaml; agent-guard lint validates that against the Makefile.

Support

If you found a bug or have a feature request, create a new issue. Participation in this community is governed by the Code of Conduct. Security disclosures go through SECURITY.md.

Sibling repos in the cli-* family: cli-guard, cli-mcp, cli-web-docs.

License

See LICENSE.

See also

• AGENTS.md - agent-facing operating rules.
• docs/FEATURES.md - inventory of what ships today.
• .agent-guard/agent-guard.yaml - allowlisted commands.

Cross-reference convention from coilysiren/agentic-os#59.