Home / Features / Internal CLI Framework
platform engineering internal tools DevEx CLI framework

Internal CLI Framework

The internal CLI framework for the agent era.

Beltline gives platform teams the production foundation for a branded internal CLI: auth, profiles, config, API clients, JSON output, MCP export, automation adapters, and release-ready defaults.

The first command should feel like gh, not like a shell script. Beltline starts there.

Internal CLIs start as scripts. Then they become infrastructure.

First it is a deployment script. Then it needs login. Then profiles. Then JSON output. Then shell completions. Then agents need to call it. By the time the CLI is useful, the team has already rebuilt a platform — usually badly, because none of that was the work they were trying to do.

Every serious internal CLI eventually needs the same foundation: auth, profiles, config, API clients, retries, JSON output, structured errors, docs, completions, tests, and a release path. Most teams rebuild that plumbing before they ship a single useful command.

Before and after Beltline

| Before | After Beltline | |--------|----------------| | Bash scripts scattered across five repos | One branded CLI on every developer's PATH | | Copy-pasted API calls and token handling | Shared auth, profiles, and typed API client | | Inconsistent help and output | Human tables by default, --json everywhere | | Agents cannot safely call it | MCP tools generated from the same definitions | | Automation is a second integration project | Zapier-style adapters from the same source | | No release path | Versioned releases, completions, doctor command |

From zero to a production CLI surface

beltline new acme

beltline auth init oidc --provider okta

beltline api import platform.openapi.yaml

beltline generate resource deployments

Generated CLI:

acme auth login

acme deployments list --env prod

acme deployments rollback dep_123 --confirm

acme deployments list --json | jq '.[] | select(.status == "failed")'

One manifest. The same handlers that power the CLI also feed the MCP server and automation adapters. Change a command name once and every surface updates.

What Beltline handles for you

  • Standard command structure — noun-verb commands, consistent help text, structured errors from day one
  • Auth and profile context — PKCE browser login, device flow fallback, named profiles, OS keychain storage
  • OpenAPI-backed resources — import a spec, get typed commands and a generated client
  • Human and JSON output — every command supports --json; data on stdout, errors on stderr
  • MCP export for agents — the same commands become tools with per-command confirmation rules
  • Automation adapters — Zapier triggers/actions and webhook receivers from the same definitions
  • Release and update conventions — versioning, shell completions, install paths, and an acme doctor command

Frequently asked questions

Is this only for platform teams? No, but platform teams feel the pain first. API teams and DevEx teams building internal tooling sit on the same foundation.

Can we distribute the CLI privately? Yes. Beltline is designed for internal tools distributed through private registries, artifact stores, or a single-binary install script.

Can teams add their own commands? Yes. Teams add commands through the manifest and customize behavior with plain TypeScript handlers. Beltline writes the structure; your team writes the logic.

Does this replace a CLI framework like oclif? Beltline sits one layer above. It is the opinionated path between framework primitives — auth, release, multi-surface export — that frameworks leave to you.

Ready to ship a production CLI?

Get Beltline Read the docs
Other features
CLI Auth
Beltline ships the auth foundation internal CLIs need — browser login, device flow fallback, secure credential storage, automatic token refresh, and named profiles.
Distribution and Releases
Beltline starts generated CLIs with release-ready conventions — npm install path, single-binary build, shell completions, versioning, changelog, CI workflows, and private distribution patterns.
JSON Output and Errors
Beltline gives generated commands consistent human output, --json output, machine-readable errors, redaction conventions, and non-interactive modes.
MCP Server Generator
Beltline exports MCP tools from the same command definitions that power the CLI, so humans and agents share auth, inputs, outputs, and safety rules.
OpenAPI to CLI
Beltline imports an OpenAPI spec and generates resource commands, a typed API client, pagination, retries, JSON output, and examples — then lets you customize the TypeScript where it matters.
Profiles, Config, and Secrets
Beltline gives generated CLIs a consistent way to handle user config, project config, environment overrides, named profiles, and secure credential storage.
YAML Manifest
Beltline uses a readable YAML manifest to define commands, resources, auth, outputs, confirmations, and exported surfaces — with TypeScript handlers when custom logic is needed.
Zapier and Webhook Adapter
Beltline generates Zapier-style actions, searches, triggers, and webhook receivers from the same definitions behind the CLI and MCP tools.