The GUI trap
Every AI agent platform ships a GUI. Chat windows, node editors, drag-and-drop flows, settings panels. And only a GUI. Here's why we built a native Rust CLI that shares everything with the desktop app
That means:
- No headless operation. You can't run agents on a server without a display.
- No scripting. Automating agent management requires either a REST API you have to host or brittle UI automation.
- No CI integration. Checking agent status, cleaning up sessions, or validating configuration in a pipeline? Open a browser.
-
No composability. You can't pipe agent output into
jq,grep, or another tool. The data is trapped behind a window.
AI power users — the people building real workflows, deploying to production, managing dozens of agents — live in the terminal. Forcing them into a GUI for every interaction is a productivity tax they shouldn't have to pay.
OpenPawz ships a native Rust CLI that talks directly to the same engine library as the desktop app. No REST API. No network layer. No second-class citizen.
Star the repo — it's open source
The architecture: one engine, two interfaces
Most platforms that offer both a GUI and a CLI do it wrong. The CLI is an afterthought — a thin HTTP client that hits the same server the GUI talks to. It adds latency, requires the server to be running, and breaks when the API changes.
OpenPawz does it differently. The engine is a pure Rust library (openpawz-core) with zero GUI or framework dependencies. Both the Tauri desktop app and the CLI binary depend on this same library directly:
┌──────────────────────┐ ┌─────────────────────┐
│ openpawz (Tauri) │ │ openpawz (CLI) │
│ Desktop GUI app │ │ Terminal binary │
└──────────┬───────────┘ └──────────┬──────────┘
│ │
│ use openpawz_core::* │ use openpawz_core::*
│ │
└──────────┐ ┌──────────────┘
│ │
┌───────▼───▼───────┐
│ openpawz-core │
│ │
│ Sessions (SQLite)│
│ Memory engine │
│ Audit log │
│ Key vault │
│ Provider registry│
│ PII detection │
│ Crypto (AES-256) │
└───────────────────┘
Three crates in a Cargo workspace:
| Crate | Purpose | Dependencies |
|---|---|---|
openpawz-core |
Pure business logic — sessions, memory, audit, crypto, providers | rusqlite, aes-gcm, keyring, reqwest |
openpawz |
Tauri desktop app — GUI frontend | openpawz-core + tauri |
openpawz-cli |
Terminal binary — clap interface | openpawz-core + clap |
The CLI and desktop app compile the exact same engine code. Not a reimplementation. Not an API wrapper. The same Rust functions, the same SQLite database, the same cryptographic stack.
What this means in practice
Shared state, zero sync
The CLI and desktop app read and write the same SQLite database:
| Platform | Data directory |
|---|---|
| macOS | ~/Library/Application Support/com.openpawz.app/ |
| Linux | ~/.local/share/com.openpawz.app/ |
| Windows | %APPDATA%\com.openpawz.app\ |
Create an agent from the CLI. It appears in the desktop app instantly. Delete a session from the GUI. The CLI sees it's gone. No sync protocol, no eventual consistency, no conflicts — one database, two access paths.
Zero network overhead
The CLI calls Rust functions directly — store.list_sessions(), store.store_memory(), store.list_all_agents(). No HTTP server to start. No port to bind. No JSON serialization round-trip between client and server.
# This calls openpawz-core directly — no server needed
openpawz session list
Compare that to every other platform's CLI, which does:
CLI → HTTP request → Server → Database → Response → JSON parse → Display
OpenPawz:
CLI → Database → Display
Same security guarantees
The CLI inherits the full cryptographic stack from openpawz-core:
- AES-256-GCM encryption for sensitive data
- OS keychain integration (macOS Keychain, Linux Secret Service, Windows Credential Manager) via the key vault
- HKDF-SHA256 key derivation
- Zeroizing memory — keys are wiped on drop
- HMAC-SHA256 chained audit log — every operation is tamper-evident
- PII auto-detection — 17 regex patterns catch sensitive data before it leaves the system
-
OS CSPRNG via
getrandom— no userspace RNG, ever
When you run openpawz setup and enter an API key, it's stored in your OS keychain with the same protection as the desktop app. Not in a dotfile. Not in plaintext. The same vault.
Six commands, full coverage
The CLI covers the operations that matter for daily use and scripting:
setup — Interactive provider configuration
openpawz setup
Walks you through choosing a provider (Anthropic, OpenAI, Google, Ollama, OpenRouter), entering credentials, and writing the engine config. Ollama requires no API key — it detects local models automatically.
Defaults are production-ready: max_tool_rounds: 10, daily_budget_usd: 5.0, tool_timeout_secs: 30, max_concurrent_runs: 4. Change any of them later via config set.
status — Engine diagnostics
openpawz status
One command that tells you if everything is working: provider configuration, memory config, data directory, session count. JSON output for monitoring:
openpawz status --output json | jq '.provider'
agent — Full agent lifecycle
openpawz agent list # Table of all agents
openpawz agent create --name "Researcher" # Create with auto-generated ID
openpawz agent get agent-a1b2c3d4 # View files and metadata
openpawz agent delete agent-a1b2c3d4 # Remove agent and all files
session — Chat history management
openpawz session list --limit 20 # Recent sessions
openpawz session history <id> # Color-coded chat history
openpawz session rename <id> "Q4 Analysis" # Rename for clarity
openpawz session cleanup # Purge empty sessions (>1hr old)
The history command color-codes messages by role: cyan for user, yellow for assistant, gray for system, magenta for tool calls. You get the full conversation context without opening the GUI.
config — Direct config editing
openpawz config get # Pretty-printed JSON
openpawz config set default_model gpt-4o # Change a value
openpawz config set daily_budget_usd 10.0 # Smart parsing: numbers, bools, strings
memory — Agent memory operations
openpawz memory list --limit 50
openpawz memory store "Deploy target: AWS us-east-1" --category fact --importance 8
openpawz memory delete a1b2c3d4
Every command supports three output formats: --output human (tables, default), --output json (structured, for scripts), and --output quiet (IDs only, for piping).
Scripting and CI patterns
The three output formats make the CLI composable with standard Unix tools:
Export all sessions
openpawz session list --output json > sessions.json
Iterate over agents
openpawz agent list --output quiet | while read id; do
echo "=== $id ==="
openpawz agent get "$id" --output json
done
CI health check
if openpawz status --output json | grep -q '"provider": "configured"'; then
echo "✓ Engine ready"
else
echo "✗ Run: openpawz setup"
exit 1
fi
Batch memory import
cat facts.txt | while IFS= read -r line; do
openpawz memory store "$line" --category fact --importance 7
done
Cron cleanup
# In your crontab — clean empty sessions nightly
0 3 * * * /usr/local/bin/openpawz session cleanup --output quiet
Why not a REST API?
The obvious alternative to a native CLI is to expose a REST API from the desktop app and have the CLI hit it. Here's why that's worse in every dimension:
| Property | REST API CLI | Native library CLI |
|---|---|---|
| Requires desktop app running | Yes | No |
| Network latency | Every call | None |
| Serialization overhead | JSON encode/decode per request | Zero |
| Auth surface | HTTP auth, CORS, tokens | OS filesystem permissions |
| Port conflicts | Possible | Impossible |
| Offline/headless | Broken if app is closed | Always works |
| Code duplication | Server endpoints mirror library calls | Zero — same code |
| Security | API keys in transit, network exposure | Direct function calls |
The native approach is simpler, faster, more secure, and has fewer failure modes. The REST approach adds complexity for the sole benefit of language-agnostic access — which doesn't matter when your engine is already a Rust library.
Ergonomics matter
The CLI isn't just functional — it's designed to feel good in daily use.
Gradient ASCII banner. The startup screen renders "OPEN PAWZ" in a warm orange gradient (ANSI 256-color codes 208→217) with the tagline "🐾 Multi-Agent AI from the Terminal." It's not gratuitous — it makes the tool instantly recognizable in a terminal full of monochrome output.
Color-coded output. Session history uses distinct colors per role so you can scan a conversation at a glance. Status output highlights warnings. Tables align cleanly.
Smart value parsing. config set daily_budget_usd 10.0 automatically parses 10.0 as a number, not a string. true becomes a boolean. "hello" stays a string. You don't need to think about JSON types.
Truncation. Long values in tables are truncated to terminal width with ellipsis. No line wrapping, no broken formatting.
Installation
cd src-tauri
cargo build --release -p openpawz-cli
Binary lands at target/release/openpawz. Move it to your PATH:
# macOS / Linux
cp target/release/openpawz ~/.local/bin/
# Or system-wide
sudo cp target/release/openpawz /usr/local/bin/
Packaging for Homebrew, AUR, Snap, and Flatpak is in progress under packaging/.
Part of the platform
The CLI is one access path to the full OpenPawz engine. Everything you can manage through the GUI — agents, sessions, memory, configuration — you can manage from the terminal with the same guarantees:
| Protocol/Feature | CLI Access |
|---|---|
| The Librarian Method | Agents discovered via CLI use the same tool index |
| The Foreman Protocol | Worker delegation happens in-engine — CLI-created agents benefit automatically |
| The Conductor Protocol | Flows compiled by the Conductor execute the same regardless of where they were triggered |
| Audit log | Every CLI operation is recorded in the HMAC-SHA256 chained audit log |
| Key vault | API keys entered via setup go to the OS keychain — same vault as the desktop app |
| Memory engine |
memory store and memory list hit the same Engram memory system |
The CLI doesn't give you less. It gives you the same platform in the interface you're most productive in.
Try it
# Build and install
cd src-tauri && cargo build --release -p openpawz-cli
cp target/release/openpawz ~/.local/bin/
# Configure your provider
openpawz setup
# Check everything works
openpawz status
# Start managing agents
openpawz agent list
openpawz session list
openpawz memory list
If you're already using the OpenPawz desktop app, the CLI sees all your existing data immediately. No migration. No import. Same database.
Read the full docs
Star the repo if you want to track progress. 🙏
OpenPawz — Your AI, Your Rules
A native desktop AI platform that runs fully offline, connects to any provider, and puts you in control. Private by default. Powerful by design.
openpawz.ai
Top comments (0)