A lightweight abstraction for executing CLI coding agents headlessly
Project description
Agent Shell
Agent Shell is a light weight abstraction for executing a cli coding agent headlessly and returning the output that can be used programatically as a unified contract
Installation
uv add agent-shell-py
or with pip:
pip install agent-shell-py
Examples
Execute
from agent_shell.shell import AgentShell
from agent_shell.models.agent import AgentType
shell = AgentShell(agent_type=AgentType.CLAUDE_CODE)
response = await shell.execute(
cwd="/path/to/project",
prompt="Can you tell me about this project?",
allowed_tools=["Read", "Glob", "Grep"],
model="sonnet",
)
print(response.response)
print(f"Cost: ${response.cost:.4f}")
print(f"Session: {response.session_id}")
# Resume the conversation using the session_id
follow_up = await shell.execute(
cwd="/path/to/project",
prompt="Now refactor the auth module based on your findings",
allowed_tools=["Read", "Edit", "Bash"],
model="sonnet",
session_id=response.session_id,
)
Stream
from agent_shell.shell import AgentShell
from agent_shell.models.agent import AgentType
shell = AgentShell(agent_type=AgentType.CLAUDE_CODE)
async for event in shell.stream(
cwd="/path/to/project",
prompt="Refactor the auth module",
allowed_tools=["Read", "Edit", "Bash"],
model="sonnet",
effort="high",
include_thinking=True,
):
if event.type == "system":
print(f"Session: {event.session_id}")
else:
print(f"[{event.type}] {event.content}")
Restricting tools (disallowed_tools)
Pass a deny-list of tools that the agent must not use. Use the canonical vocabulary
{bash, edit, read, web_search, web_fetch} and Agent Shell translates it to each CLI's
own tool names — callers don't need to know the per-harness vocabulary:
shell = AgentShell(agent_type=AgentType.CLAUDE_CODE)
response = await shell.execute(
cwd="/path/to/project",
prompt="Audit this code but don't run anything or touch the network",
disallowed_tools=["bash", "web_search", "web_fetch"],
)
editcovers write/edit/notebook-edit (it fans out on harnesses that split them).- Any name outside the canonical set passes through verbatim (e.g. an MCP tool
mcp__server__tool, or a harness-specific name likeWrite, or Copilot'sview). - Deny takes precedence over auto-approve on every backend that supports it.
- Where a backend cannot enforce a deny, the adapter emits a
UserWarninglisting the ignored tools rather than failing silently. Coverage varies: Claude and OpenCode enforce all five canonical names; Copilot enforces onlybash/editcanonically (use a verbatim name for its other tools); Codex can only denyweb_search. - Denying
editorreadis best-effort: a model can still modify or read files through the shell, so also denybashwhen you need a hard file boundary.
OpenCode
from agent_shell.shell import AgentShell
from agent_shell.models.agent import AgentType
shell = AgentShell(agent_type=AgentType.OPENCODE)
response = await shell.execute(
cwd="/path/to/project",
prompt="Can you tell me about this project?",
model="anthropic/claude-sonnet-4-5",
)
print(response.response)
print(f"Session: {response.session_id}")
# Resume the conversation using the session_id
follow_up = await shell.execute(
cwd="/path/to/project",
prompt="Now refactor the auth module based on your findings",
model="anthropic/claude-sonnet-4-5",
session_id=response.session_id,
)
Note: OpenCode's
runmode auto-approves all tools. Theallowed_toolsandeffortparameters are configured viaopencode.json, not CLI flags.
MCP Servers
Register MCP servers for any supported agent through a unified API. All adapters use user-scope configuration so registrations persist across the agent's execute/stream calls.
from agent_shell.shell import AgentShell
from agent_shell.models.agent import AgentType, MCPServerSpec, MCPServerType
shell = AgentShell(agent_type=AgentType.CLAUDE_CODE)
# Register a stdio MCP server (e.g. forgetful) before running an eval
await shell.add_mcp_server(MCPServerSpec(
name="forgetful",
type=MCPServerType.STDIO,
command="uvx",
args=["forgetful-ai"],
env={"FORGETFUL_API_KEY": "..."},
))
response = await shell.execute(
cwd="/path/to/project",
prompt="Recall any prior decisions about the auth module",
)
# Optional cleanup
await shell.remove_mcp_server("forgetful")
For HTTP transport, pass url and headers instead of command/args/env:
await shell.add_mcp_server(MCPServerSpec(
name="remote",
type=MCPServerType.HTTP,
url="https://example.com/mcp",
headers={"Authorization": "Bearer ..."},
))
add_mcp_server overwrites an existing server with the same name. remove_mcp_server warns rather than raises when the named server is not found. list_mcp_servers() works for OpenCode and Copilot CLI; for Claude Code it currently raises NotImplementedError.
Logging
Agent Shell uses Python's standard logging module. Configure the agent_shell logger to capture tool calls, session IDs, costs, and errors:
import logging
logging.getLogger("agent_shell").setLevel(logging.INFO)
logging.getLogger("agent_shell").addHandler(logging.StreamHandler())
Set to DEBUG for raw JSON events and full command arguments.
Supported CLI Agents:
- Claude Code
- OpenCode
- Copilot CLI
- Codex
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agent_shell_py-0.1.12.tar.gz.
File metadata
- Download URL: agent_shell_py-0.1.12.tar.gz
- Upload date:
- Size: 64.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d31d7853d156f733018e27740591dcec7227ec4443cb2ab03d0d2762d04fdc47
|
|
| MD5 |
56b4efc26fbc04c0e09a798d52775374
|
|
| BLAKE2b-256 |
b21adcee99cfb00d0f95756d84dcaaf8ccaf741f48b8f6a3b690e35678b783bd
|
Provenance
The following attestation bundles were made for agent_shell_py-0.1.12.tar.gz:
Publisher:
publish.yml on ScottRBK/agent-shell
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agent_shell_py-0.1.12.tar.gz -
Subject digest:
d31d7853d156f733018e27740591dcec7227ec4443cb2ab03d0d2762d04fdc47 - Sigstore transparency entry: 1841976730
- Sigstore integration time:
-
Permalink:
ScottRBK/agent-shell@76e26d6f9714f7057725572adc8d98ab04805992 -
Branch / Tag:
refs/tags/v0.1.12 - Owner: https://github.com/ScottRBK
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@76e26d6f9714f7057725572adc8d98ab04805992 -
Trigger Event:
release
-
Statement type:
File details
Details for the file agent_shell_py-0.1.12-py3-none-any.whl.
File metadata
- Download URL: agent_shell_py-0.1.12-py3-none-any.whl
- Upload date:
- Size: 23.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
abf2fe04f16c2676590f5b8d36b2fc9ef5164730d8e1c5d4b5fc9f77ac3fcbbc
|
|
| MD5 |
f6d71fa5b8df587afd0a311b9bc81349
|
|
| BLAKE2b-256 |
5e0e8fa2c5c68d33c858c61a004f8fee8e753a824bb2ba9ebbb34b296948be13
|
Provenance
The following attestation bundles were made for agent_shell_py-0.1.12-py3-none-any.whl:
Publisher:
publish.yml on ScottRBK/agent-shell
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agent_shell_py-0.1.12-py3-none-any.whl -
Subject digest:
abf2fe04f16c2676590f5b8d36b2fc9ef5164730d8e1c5d4b5fc9f77ac3fcbbc - Sigstore transparency entry: 1841976909
- Sigstore integration time:
-
Permalink:
ScottRBK/agent-shell@76e26d6f9714f7057725572adc8d98ab04805992 -
Branch / Tag:
refs/tags/v0.1.12 - Owner: https://github.com/ScottRBK
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@76e26d6f9714f7057725572adc8d98ab04805992 -
Trigger Event:
release
-
Statement type: