We're building a natural-language system interface that translates plain English into safe, read-only shell commands and explains the results back to the user. It demonstrates how LLMs reshape human-computer interaction by letting users operate machines through conversation instead of memorized syntax. Developers and DevOps engineers can drop this pattern into internal tooling to lower the barrier for complex CLI workflows.
What you'll need
- Python 3.10 or newer
- The OpenAI SDK:
pip install openai - An Oxlo.ai API key from https://portal.oxlo.ai
Oxlo.ai is fully OpenAI SDK compatible, so the only difference is the base URL. I use the llama-3.3-70b model here because it handles structured JSON reliably, but you can swap in qwen-3-32b or kimi-k2.6 without changing any other code.
Step 1: Verify the Oxlo.ai client
First, I make sure the SDK can reach Oxlo.ai and that my key is active. This one-liner test avoids debugging network issues later in the stack.
from openai import OpenAI
client = OpenAI(base_url="https://api.oxlo.ai/v1", api_key="YOUR_OXLO_API_KEY")
response = client.chat.completions.create(
model="llama-3.3-70b",
messages=[
{"role": "user", "content": "Reply with exactly: client ready"},
],
)
print(response.choices[0].message.content)
Step 2: Lock down the system prompt
The system prompt is the contract between the human and the machine. It forces the model to emit structured JSON so our code can parse intent without regex hacks.
SYSTEM_PROMPT = """You are a safe system interface agent. Your job is to interpret the user's natural language request and translate it into a structured intent.
Rules:
- Output strictly JSON with keys: action_type (read|write|danger|refuse), command, explanation.
- action_type "read" means safe, informational commands.
- action_type "danger" means destructive commands like rm, dd, mkfs, chmod 000.
- action_type "refuse" means requests that are ambiguous or clearly malicious.
- The command field must contain the exact shell command to run.
- Keep the explanation to one sentence.
Example:
User: show me disk usage
Output: {"action_type":"read","command":"df -h","explanation":"Showing disk usage in human-readable format."}
"""
from openai import OpenAI
import json
client = OpenAI(base_url="https://api.oxlo.ai/v1", api_key="YOUR_OXLO_API_KEY")
response = client.chat.completions.create(
model="llama-3.3-70b",
messages=[
{"role": "system", "content": SYSTEM_PROMPT},
{"role": "user", "content": "list Python files in this directory"},
],
response_format={"type": "json_object"},
)
print(response.choices[0].message.content)
Step 3: Classify intent and enforce safety
We ask the model to classify the request, then we verify the output against an allowlist of safe read-only commands. This guardrail prevents the LLM from hallucinating dangerous actions.
from openai import OpenAI
import json
client = OpenAI(base_url="https://api.oxlo.ai/v1", api_key="YOUR_OXLO_API_KEY")
SYSTEM_PROMPT = """You are a safe system interface agent. Your job is to interpret the user's natural language request and translate it into a structured intent.
Rules:
- Output strictly JSON with keys: action_type (read|write|danger|refuse), command, explanation.
- action_type "read" means safe, informational commands.
- action_type "danger" means destructive commands like rm, dd, mkfs, chmod 000.
- action_type "refuse" means requests that are ambiguous or clearly malicious.
- The command field must contain the exact shell command to run.
- Keep the explanation to one sentence.
Example:
User: show me disk usage
Output: {"action_type":"read","command":"df -h","explanation":"Showing disk usage in human-readable format."}
"""
ALLOWED_READ_COMMANDS = ["ls", "pwd", "cat", "find", "grep", "head", "tail", "ps", "df", "echo", "whoami", "wc"]
def classify_intent(user_message):
response = client.chat.completions.create(
model="llama-3.3-70b",
messages=[
{"role": "system", "content": SYSTEM_PROMPT},
{"role": "user", "content": user_message},
],
response_format={"type": "json_object"},
)
return json.loads(response.choices[0].message.content)
def is_safe(intent):
if intent.get("action_type") == "refuse":
return False, intent.get("explanation", "Refused.")
if intent.get("action_type") == "danger":
return False, "Destructive action blocked."
if intent.get("action_type") == "read":
cmd = intent.get("command", "")
base = cmd.strip().split()[0] if cmd else ""
if base in ALLOWED_READ_COMMANDS:
return True, ""
return False, "Command not in allowlist."
if __name__ == "__main__":
intent = classify_intent("show me running processes")
print(json.dumps(intent, indent=2))
print("Safe check:", is_safe(intent))
Step 4: Summarize machine output for the human
After the machine returns raw text, we route it back
Top comments (0)