Skip to main content

Interactive command explainer with risk assessment

Project description

wtcmddo logo

wtcmddo

What The Command Do — a lightweight command explainer with guardrails.

Python Rich OpenAI SDK Version Status

Don't just run it — understand it first.


Overview

wtcmddo is a terminal-native security companion for the command line. Paste any shell command and it calls an LLM to produce a detailed explanation, a color-coded risk assessment, and a reason — then asks for your confirmation before executing. Think of it as a second pair of eyes that reads the command back to you in plain English before anything hits your shell.

Built on the OpenAI-compatible SDK, so it works with OpenRouter, OpenAI directly, local LLMs, or any provider that speaks the same API.

Features

Feature What it does
Rich TUI Color-coded panels, animated spinner, and styled prompts powered by rich
Live analysis A spinner animates while the API thinks, so you always know it's working
Risk levels Every command is tagged LOW · MEDIUM · HIGH · CRITICAL with matching colors
Detailed explanations One-to-two sentence breakdowns covering flags, options, and effects — not just a label
Guardrails Refuses non-commands, never rewrites or suggests alternatives, stays strictly analytical
Confirm before run Interactive yes/no prompt before anything executes (or skip with --yes)
Setup wizard A guided --setup flow with masked key entry and a config summary panel
Provider-agnostic Point --base-url at any OpenAI-compatible endpoint and switch models freely

Installation

pip install wtcmddo
# or
git clone https://github.com/Zaeem20/wtcmddo.git
cd wtcmddo
uv sync          # recommended (uses uv_build)

Configuration

There are two ways to provide your API key.

Option A — Interactive wizard (recommended)

wtcmddo --setup

This launches a guided setup with masked input and a summary panel. Configuration is saved to ~/.wtcmddo/config.json.

Option B — Environment variable

export OPENROUTER_API_KEY="sk-or-v1-..."

The env var is used as a fallback when no key is set in the config file.

Free Usage

You can use wtcmddo for free with OpenRouter's free tier — no credit card required.

  1. Get a key — Sign up at openrouter.ai/keys and create a free API key.
  2. Set the model to one of OpenRouter's free models:
# Use the setup wizard
wtcmddo --setup

# Or set the model directly
wtcmddo --model openrouter/free ls -la

Free models on OpenRouter (as of now) include openrouter/free (routes to the best available free model), (Kimi/DeepSeek/Nemtron/Gemma) and others. You can browse the full list at openrouter.ai/models.

The --base-url defaults to OpenRouter already, so you only need the key and the model:

export OPENROUTER_API_KEY="sk-or-v1-..."
wtcmddo --model openrouter/free "curl https://example.com"

Usage

wtcmddo ls -la
whatcmd git status
explain "rm -rf /"
explaincmd --dry-run curl https://example.com

The tool ships under four aliaseswtcmddo, whatcmd, explaincmd, and explain — all pointing to the same entry point.

Example output

┌─ $ rm -rf / ───────────────────────────────────────────────────────────────┐
│                                                                            │
│  This command forcefully removes all files and directories from the root   │
│  directory and its subdirectories without prompting for confirmation,      │
│  effectively wiping the entire filesystem.                                 │
│                                                                            │
│  Risk    CRITICAL                                                          │
│  Reason  The command performs a recursive and forceful deletion of all     │
│          files, which can result in total data loss.                       │
│  Type    DATA_DESTRUCTION                                                  │
│                                                                            │
└────────────────────────────────────────────────────────────────────────────┘

Execute this command [y/N]:

The panel border and risk label are color-coded to the risk level, so dangerous commands grab your attention instantly.

Flags

Flag Short Description
--setup Run the interactive setup wizard
--model Override the configured model
--base-url Override the API base URL (any OpenAI-compatible endpoint)
--yes -y Skip confirmation and execute immediately
--dry-run -n Explain only; never ask to execute

Risk Levels

Level Color Meaning
LOW 🟢 Green Read-only, lists files, shows status, harmless inspection
MEDIUM 🟡 Yellow Reads sensitive files, sends non-destructive network data, installs packages
HIGH 🔴 Red Modifies files/system state, deletes data, changes configuration, runs remote scripts
CRITICAL 🟣 Magenta Wipes storage, recursive deletes, privilege escalation, raw disk writes, mass exfiltration

Command categories

Every command is also classified into one of: FILE · NETWORK · SYSTEM · PRIVACY · DATA_DESTRUCTION · OTHER.

Provider Switching

Because the tool uses the OpenAI SDK with a configurable base URL, you can point it at any compatible endpoint:

# OpenAI directly
wtcmddo --base-url https://api.openai.com/v1 --model gpt-4o-mini ls -la

# A local LLM via LM Studio / Ollama (OpenAI-compatible mode)
wtcmddo --base-url http://localhost:1234/v1 --model local-model ls -la

Defaults: base URL https://openrouter.ai/api/v1, model openai/gpt-4o-mini.

How It Works

 you type a command
        │
        ▼
 ┌─────────────┐    spinner animates     ┌──────────────┐
 │  parse args │ ────────────────────▶  │  LLM analyzes │
 └─────────────┘                         │   the command │
        │                                └──────────────┘
        ▼                                        │
 ┌─────────────┐    color-coded panel            │
 │  display    │ ◀──────────────────────────────┘
 │  explanation│
 └─────────────┘
        │
        ├── --dry-run  →  stop here
        ├── --yes      →  execute immediately
        └── prompt     →  [y/N] confirm before running

The LLM is constrained by a strict system prompt: it only analyzes shell commands, never rewrites them, never answers questions, and always returns a structured four-line response. If the input isn't a command, it says so explicitly.

Project Structure

src/wtcmddo/
├── __init__.py    # CLI entry point & orchestration
├── tui.py         # Rich-based terminal UI (panels, spinner, wizard)
├── explainer.py   # OpenAI-compatible API call & response parsing
├── config.py      # Config file & env-var management
└── prompts.py     # Restricted system prompt (guardrails)

Exit Codes

Code Meaning
0 Success or aborted by user
1 Explainer error (API failure, parse error, no command)
2 Input was not recognized as a shell command
127 Command not found at execution time

Built with Python · Rich · OpenAI SDK

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

wtcmddo-0.1.1.tar.gz (8.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

wtcmddo-0.1.1-py3-none-any.whl (10.6 kB view details)

Uploaded Python 3

File details

Details for the file wtcmddo-0.1.1.tar.gz.

File metadata

  • Download URL: wtcmddo-0.1.1.tar.gz
  • Upload date:
  • Size: 8.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.14 {"installer":{"name":"uv","version":"0.11.14","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":null,"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for wtcmddo-0.1.1.tar.gz
Algorithm Hash digest
SHA256 078f02ca179c8d1d52b27ef92cd9aa1e0a1c980a74ae3e6e7471e45eb47be305
MD5 d5af9ab9e004d36031878c60f80997c0
BLAKE2b-256 12677bc83c8c2229ed3e15f09b2c2a8829213badffbe459a2e83ef5bd22f7ce2

See more details on using hashes here.

File details

Details for the file wtcmddo-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: wtcmddo-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 10.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.14 {"installer":{"name":"uv","version":"0.11.14","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":null,"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for wtcmddo-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 cbef27b0711da65ef5b8c23dffa96834a02a0963734618dd853cc99961f9a506
MD5 51837c297356b83c29959568f08f3ee4
BLAKE2b-256 4c2e87c29e070c0a2b01b88f1dbd91b0fddfc8fc278f7b99521190b270e8fca4

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page