Non-Interactive by Default
Definition
Every automation path MUST run without human input. A CLI tool that blocks on an interactive prompt is invisible to an agent: the agent hangs, the user sees nothing, and the operation times out silently.
Why Agents Need It
An agent calling a CLI cannot type. When the tool prompts for a confirmation or a credential, the agent's process stalls until timeout: no tokens recovered, no structured signal that interaction was requested, and no way to distinguish "waiting for input" from "still processing." Interactive prompts in automation paths are a leading cause of agent-tool deadlock.
anc audit <tool> --principle 1: behavioral and source checks.Requirements
Scope
"Agent" in this specification means a process invoking the CLI as a subprocess. This spec's automated audits verify behavior under non-TTY stdin. TTY-driving agents (tmux panes, ssh -t sandbox shells, expect automation, computer-use desktop agents) are affected by the same MUSTs, but anc currently does not allocate a PTY during verification. Pass verdicts for TTY-driving-agent scenarios are probable-but-not-verified; see /coverage for the gap.
Evidence
--no-interactiveflag in the CLI struct with an env-var binding.- Boolean env vars parsed with a falsey-value parser (not the default string parser).
- TTY guard wrapping every
dialoguer,inquire, or equivalent prompt call. --no-browserflag present on authenticated CLIs.env = "TOOL_..."attribute on every flag that takes user input.- A stdin or
--*-filepath for every secret-accepting flag, present alongside (not instead of) any convenience flag-value or env-var alternative.
Anti-Patterns
- Bare
dialoguer::Confirm::new().interact()with no TTY check and no--no-interactiveoverride — agents hang indefinitely. - Boolean environment variables parsed as plain strings, so
TOOL_QUIET=falseis truthy because the string is non-empty. stdin().read_line()in a code path reached during normal operation without a TTY check first.- Hard-coded credentials prompts with no env-var or config-file alternative.
- OAuth flow that unconditionally opens a browser with no headless escape hatch.
- A
--password <value>flag with no stdin or file alternative — every invocation leaks the secret into process listings.
Measured by audit IDs p1-non-interactive (behavioral) and p1-non-interactive-source (source) today. Run anc audit --principle 1 . against the CLI under test to see each.