One CLI.
Every capability.
Fully governed. ▋

CLIable is a governed execution runtime for AI agents. Call cliable run — CLIable owns the contract, governance, audit, and verification around every action.

get started
// governance, not glue

Execution that stays accountable

Every run passes through a contract and a policy before it touches the outside world — and lands in an immutable record after.

contract-bound

Each action binds to a typed action-contract sidecar. Capability ids must match the manifest — no contract, no run.

policy-gated

Package-local policy defaults decide allow, deny, or gate. Gated runs return no_op plus a CLIable-owned interaction task.

command + api bindings

Active runtime binding families. Connector metadata selects the concrete command or api binding at run time.

durable run records

A two-level SQLite topology: a global routing index plus immutable per-shard run, task, and verification facts.

task continuity

Pending authorizations resume through cliable task get | resolve | cancel — caller and task identity travel in context-json.

post-run verification

A minimal verification hook records signals after execution, so an outcome is something you can audit, not just trust.

// the surface

Three commands. The whole lifecycle.

01 / discover
cliable connector

List and inspect governed connectors. Filesystem-backed packages load their contract sidecars and policy defaults at registry build.

02 / execute
cliable run

Execute one atomic action. Business input in --input-json, caller + task continuity in --context-json. One compact JSON summary back.

03 / govern
cliable task

Resolve, cancel, or read the interaction tasks that gated runs create. Closure run + updated task snapshot returned together.

// the governance sandbox

Watch a gated run resolve

A high-risk refund is held as an InteractionTask. Resolve it or cancel it — every step writes to a local shard.

agent session — cliable policy hold
01 / governed run
cliable run stripe \
--input-json '{"action":"refund","amount":2000}'
{
"outcome": "no_op",
"interaction_task": "it_22b9",
"reason": "requires_authorization"
}
policy gate

Refund exceeds the autonomous allowance. Execution is held as a CLIable-owned InteractionTask until an operator resolves or cancels it.

02 / audit · db/shards/03.db
3 rec
14:02:43.100RUN_STARTtrace 7f02bdf1 · run r_8f2a14
14:02:43.612CONTRACTstripe.refund bound · capability matched
14:02:44.205YIELD it_22b9 pending · awaiting operator decision

Records write to a local two-level SQLite topology — a routing index plus immutable per-shard facts. Nothing is shipped to a third-party endpoint.

// how it works

Three steps to a governed run.

01

install

$ uv tool install cliable

One tool, no daemon — runs on your machine. Python 3.14 + uv.

02

register a connector

$ cliable connector list

Drop a package — manifest, contract sidecars, policy defaults — and it's discoverable and contract-bound.

03

run, governed

$ cliable run feishu …

Every action clears a contract and a policy, then lands in an immutable shard record.

// connectors

A growing surface of governed connectors

Each ships as a package: manifest, contract sidecars, and policy defaults. Add one and it's discoverable, contract-bound, and audited from the first run.

f
feishu active
binding: command

Docs creation over a vendored lark-cli bridge. Auth failures normalize to a structured error.

n
notion active
binding: api

Package-owned auth via NOTION_TOKEN or its own store. Search read flow piloting page mutation.

g
github preview
binding: api

Issue and PR actions under contract. Scoped tokens injected through credential-authority.

s
slack planned
binding: api

Message and workflow actions. Policy-gated by channel and caller scope.

// faq

Questions, answered straight.

No marketing — the mechanics, in plain terms.

is CLIable open source?

Yes — the runtime is open source and self-hosted. Install it with uv and run it on your own machine; paid tiers only cover governance at scale.

where do my runs and audit data live?

Locally. CLIable writes to a two-level SQLite topology — a routing index plus immutable per-shard facts. Nothing is shipped to a third-party endpoint.

what happens when an action is risky?

Package-local policy decides allow, deny, or gate. A gated run returns no_op plus a CLIable-owned interaction_task you resolve or cancel with cliable task.

which agents or models does it work with?

Any. CLIable is a CLI — an agent calls cliable run, so it's model- and framework-agnostic. The governance lives in the runtime, not the agent.

how do I add my own connector?

Ship a package with a manifest, typed action-contract sidecars, and policy defaults. It's discoverable, contract-bound, and audited from the first run.

command or api bindings?

Both are active binding families. Connector metadata selects the concrete command or api binding at run time.

Give your agents a CLI they can be trusted with.

Install the runtime, register a connector, and watch every run land in an immutable record.

read the docs star on github