Skip to main content

Interactive command explainer with risk assessment

Project description

wtcmddo logo

wtcmddo

What The Command Do — a lightweight command explainer with guardrails.

Python Rich OpenAI SDK Version Status

Don't just run it — understand it first.


Overview

wtcmddo is a terminal-native security companion for the command line. Paste any shell command and it calls an LLM to produce a detailed explanation, a color-coded risk assessment, and a reason — then asks for your confirmation before executing. Think of it as a second pair of eyes that reads the command back to you in plain English before anything hits your shell.

Built on the OpenAI-compatible SDK, so it works with OpenRouter, OpenAI directly, local LLMs, or any provider that speaks the same API.

Features

Feature What it does
Rich TUI Color-coded panels, animated spinner, and styled prompts powered by rich
Live analysis A spinner animates while the API thinks, so you always know it's working
Risk levels Every command is tagged LOW · MEDIUM · HIGH · CRITICAL with matching colors
Detailed explanations One-to-two sentence breakdowns covering flags, options, and effects — not just a label
Guardrails Refuses non-commands, never rewrites or suggests alternatives, stays strictly analytical
Confirm before run Interactive yes/no prompt before anything executes (or skip with --yes)
Setup wizard A guided --setup flow with masked key entry and a config summary panel
Provider-agnostic Point --base-url at any OpenAI-compatible endpoint and switch models freely

Installation

pip install wtcmddo
# or
git clone https://github.com/Zaeem20/wtcmddo.git
cd wtcmddo
uv sync          # recommended (uses uv_build)

Configuration

There are two ways to provide your API key.

Option A — Interactive wizard (recommended)

wtcmddo --setup

This launches a guided setup with masked input and a summary panel. Configuration is saved to ~/.wtcmddo/config.json.

Option B — Environment variable

export OPENROUTER_API_KEY="sk-or-v1-..."

The env var is used as a fallback when no key is set in the config file.

Free Usage

You can use wtcmddo for free with OpenRouter's free tier — no credit card required.

  1. Get a key — Sign up at openrouter.ai/keys and create a free API key.
  2. Set the model to one of OpenRouter's free models:
# Use the setup wizard
wtcmddo --setup

# Or set the model directly
wtcmddo --model openrouter/free ls -la

Free models on OpenRouter (as of now) include openrouter/free (routes to the best available free model), (Kimi/DeepSeek/Nemtron/Gemma) and others. You can browse the full list at openrouter.ai/models.

The --base-url defaults to OpenRouter already, so you only need the key and the model:

export OPENROUTER_API_KEY="sk-or-v1-..."
wtcmddo --model openrouter/free "curl https://example.com"

Usage

wtcmddo ls -la
whatcmd git status
explain "rm -rf /"
explaincmd --dry-run curl https://example.com

The tool ships under four aliaseswtcmddo, whatcmd, explaincmd, and explain — all pointing to the same entry point.

Example output

┌─ $ rm -rf / ───────────────────────────────────────────────────────────────┐
│                                                                            │
│  This command forcefully removes all files and directories from the root   │
│  directory and its subdirectories without prompting for confirmation,      │
│  effectively wiping the entire filesystem.                                 │
│                                                                            │
│  Risk    CRITICAL                                                          │
│  Reason  The command performs a recursive and forceful deletion of all     │
│          files, which can result in total data loss.                       │
│  Type    DATA_DESTRUCTION                                                  │
│                                                                            │
└────────────────────────────────────────────────────────────────────────────┘

Execute this command [y/N]:

The panel border and risk label are color-coded to the risk level, so dangerous commands grab your attention instantly.

Flags

Flag Short Description
--setup Run the interactive setup wizard
--model Override the configured model
--base-url Override the API base URL (any OpenAI-compatible endpoint)
--yes -y Skip confirmation and execute immediately
--dry-run -n Explain only; never ask to execute

Risk Levels

Level Color Meaning
LOW 🟢 Green Read-only, lists files, shows status, harmless inspection
MEDIUM 🟡 Yellow Reads sensitive files, sends non-destructive network data, installs packages
HIGH 🔴 Red Modifies files/system state, deletes data, changes configuration, runs remote scripts
CRITICAL 🟣 Magenta Wipes storage, recursive deletes, privilege escalation, raw disk writes, mass exfiltration

Command categories

Every command is also classified into one of: FILE · NETWORK · SYSTEM · PRIVACY · DATA_DESTRUCTION · OTHER.

Provider Switching

Because the tool uses the OpenAI SDK with a configurable base URL, you can point it at any compatible endpoint:

# OpenAI directly
wtcmddo --base-url https://api.openai.com/v1 --model gpt-4o-mini ls -la

# A local LLM via LM Studio / Ollama (OpenAI-compatible mode)
wtcmddo --base-url http://localhost:1234/v1 --model local-model ls -la

Defaults: base URL https://openrouter.ai/api/v1, model openai/gpt-4o-mini.

How It Works

 you type a command
        │
        ▼
 ┌─────────────┐    spinner animates     ┌──────────────┐
 │  parse args │ ────────────────────▶  │  LLM analyzes │
 └─────────────┘                         │   the command │
        │                                └──────────────┘
        ▼                                        │
 ┌─────────────┐    color-coded panel            │
 │  display    │ ◀──────────────────────────────┘
 │  explanation│
 └─────────────┘
        │
        ├── --dry-run  →  stop here
        ├── --yes      →  execute immediately
        └── prompt     →  [y/N] confirm before running

The LLM is constrained by a strict system prompt: it only analyzes shell commands, never rewrites them, never answers questions, and always returns a structured four-line response. If the input isn't a command, it says so explicitly.

Project Structure

src/wtcmddo/
├── __init__.py    # CLI entry point & orchestration
├── tui.py         # Rich-based terminal UI (panels, spinner, wizard)
├── explainer.py   # OpenAI-compatible API call & response parsing
├── config.py      # Config file & env-var management
└── prompts.py     # Restricted system prompt (guardrails)

Exit Codes

Code Meaning
0 Success or aborted by user
1 Explainer error (API failure, parse error, no command)
2 Input was not recognized as a shell command
127 Command not found at execution time

Built with Python · Rich · OpenAI SDK

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

wtcmddo-0.1.0.tar.gz (8.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

wtcmddo-0.1.0-py3-none-any.whl (10.6 kB view details)

Uploaded Python 3

File details

Details for the file wtcmddo-0.1.0.tar.gz.

File metadata

  • Download URL: wtcmddo-0.1.0.tar.gz
  • Upload date:
  • Size: 8.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.14 {"installer":{"name":"uv","version":"0.11.14","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":null,"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for wtcmddo-0.1.0.tar.gz
Algorithm Hash digest
SHA256 1b9f5d884ddf7b398ac794ce56de0a6431fe5945882e2a479ab9d5c8e2b0214d
MD5 90290717add76605b976cff0aab5abee
BLAKE2b-256 969332f7c48be6846a8504c9c329b31c11b6eaf2dfbcc925a4d17f352b228e03

See more details on using hashes here.

File details

Details for the file wtcmddo-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: wtcmddo-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 10.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.14 {"installer":{"name":"uv","version":"0.11.14","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":null,"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for wtcmddo-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 bff3a27810dcfd6a9443227a7d9bf66dba9f29610617ea493dce23a7c9e0fc67
MD5 527c5d6be448109a2b070665bb6e2dde
BLAKE2b-256 0da5d37c34c7a6ee2316e30404e219bc25f281c0f369195bd25310fb4c43c124

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page