Version: 1.0 Last Updated: 2025-10-09 Status: Phase 1 Complete, Phase 2 Specification
Maximize AI coding agent performance by ensuring all necessary developer tools are installed, up-to-date, and correctly configured on development systems. Eliminate the "missing tool" friction that reduces agent effectiveness and interrupts development workflows.
AI coding agents (like Claude Code) require access to a comprehensive developer toolchain to function effectively. When tools are missing, outdated, or incorrectly installed, agent performance suffers through:
- Failed Operations: Agents cannot execute commands requiring missing tools
- Degraded Quality: Outdated tools lack features or have known bugs
- Configuration Issues: Tools installed via incorrect methods create PATH conflicts
- Time Loss: Manual tool management interrupts development flow
AI CLI Preparation is a specialized environment audit and installation management tool that:
- Phase 1 (Complete): Detects and reports on 50+ developer tools with version checking
- Phase 2 (Specified): Installs, updates, and upgrades tools with context-aware strategies
- Phase 3 (Future): Automated maintenance and proactive monitoring
| Metric | Target | Current |
|---|---|---|
| Tool Coverage | 50+ essential tools | 50+ tools ✓ |
| Detection Accuracy | >95% version detection | ~92% |
| Installation Success Rate | >90% first-attempt | TBD (Phase 2) |
| Time to Readiness | <10 minutes for fresh system | TBD (Phase 2) |
| Agent Performance Gain | 30-50% fewer tool-related failures | TBD (validation) |
Tool Discovery:
- 50+ tools across 10 categories (runtimes, search, editors, formatters, security, etc.)
- Multi-source PATH scanning (system, user, project-local bins)
- Installation method classification (uv, pipx, npm, cargo, apt, rustup, nvm, etc.)
Version Detection:
- Parallel execution (16 workers, configurable)
- Multiple version flag detection (--version, -v, version, -V)
- Intelligent parsing for diverse output formats
- Resilient error handling with graceful degradation
Upstream Resolution:
- Multi-source API support (GitHub, PyPI, crates.io, npm, GNU FTP)
- HTTP layer with retries, exponential backoff, rate limiting
- Per-origin request caps (GitHub: 5/min, PyPI: 10/min, crates.io: 5/min)
- Offline-first design with committed cache (upstream_versions.json)
Output Formats:
- Table view with status icons (✓ UP-TO-DATE, ↑ OUTDATED, ✗ NOT INSTALLED, ? UNKNOWN)
- JSON export for programmatic consumption
- Snapshot-based workflow (collect once, render many times)
- Role-based filtering (agent-core, python-core, security-core, etc.)
Performance:
- ~10s for 50 tools online (parallel execution)
- ~3s offline (cache hits)
- <100ms render-only mode (from snapshot)
Threading Model:
- ThreadPoolExecutor with configurable workers (default: 16)
- Independent tool audits (failures isolated)
Data Model:
- upstream_versions.json: Cached upstream versions (committed)
- local_state.json: Machine-specific state (gitignored)
Resilience Patterns:
- Network failures → fallback to cache
- Version detection failures → graceful unknown status
- Upstream API errors → retry with exponential backoff
- Atomic file writes → prevent cache corruption
- No Installation: Only detection and reporting
- No Upgrades: Cannot update outdated tools
- Manual Intervention: User must install/update tools manually
- No Reconciliation: Cannot resolve installation method conflicts
- Limited Guidance: Hints provided, but no automated execution
Enable automated installation, updating, and upgrading of tools with context-aware strategies that adapt to different environments (dev workstations, shared servers, CI/CD).
Primary: Development Workstations
- Single-user systems (laptops, personal desktops)
- User-level installations preferred (~/.local/bin, ~/.cargo/bin)
- Flexibility and latest versions prioritized
- Breaking changes acceptable (developer handles)
Secondary: Shared Development Servers
- Multi-user systems (shared Linux servers, jump boxes)
- System-level installations preferred (/usr/local/bin)
- Coordination via advisory locks (prevent simultaneous installs)
- Stability prioritized over bleeding-edge versions
Tertiary: CI/CD Environments
- Ephemeral containers or VMs
- Fast installation critical (cache-based)
- Minimal installations (only required tools)
- Reproducibility via snapshot-based installs
Environment Detection:
def detect_environment():
# CI indicators
if any(env in os.environ for env in ['CI', 'GITHUB_ACTIONS', 'GITLAB_CI']):
return 'ci'
# Multi-user indicators
user_count = len([u for u in get_active_users() if u.login_time])
if user_count > 3:
return 'server'
# Default to workstation
return 'workstation'Mode Behaviors:
| Aspect | Workstation | Server | CI |
|---|---|---|---|
| Scope | User (~/.local) | System (/usr/local) | Minimal (project) |
| Prefer | Vendor tools (rustup, nvm) | System packages (apt, brew) | Cache/snapshot |
| Reconciliation | Parallel (keep both) | Advisory (coordinate) | Replace (clean slate) |
| Breaking Changes | Accept (always latest) | Warn (manual approval) | Lock (exact versions) |
Configuration Override:
# .cli-audit.yml
version: 1
environment:
mode: auto # auto | workstation | server | ci
# mode: workstation # Force workstation behaviorPreference Order (Vendor → GitHub → System):
-
Vendor-Specific Tools (Highest Priority)
- Python: uv → pipx → pip
- Rust: rustup → cargo → system
- Node.js: nvm → npm → system
- Go: official installer → system
- Rationale: Better version management, user isolation, parallel installs
-
GitHub Releases (Medium Priority)
- Standalone binaries (fd, ripgrep, bat, delta, etc.)
- Rationale: Latest versions, no system dependency conflicts
-
System Package Managers (Lowest Priority)
- apt/dpkg, brew, pacman, etc.
- Rationale: Slower updates, system-wide impact, potential conflicts
Hierarchy Example:
Install Python tools:
1. Check for uv → Use if available
2. Fallback to pipx → Install if not present
3. Last resort: pip → Warn about global install risks
Configuration Override:
tools:
python:
method: uv # Force specific package manager
fallback: pipxPhilosophy: Keep multiple installations, prefer user-level via PATH ordering
Reconciliation Behavior:
Scenario: ripgrep installed both via apt (system) and cargo (user)
Current State:
✓ ripgrep: 14.1.1 (cargo, ~/.cargo/bin) [ACTIVE]
ℹ️ Also found: 14.0.0 (apt, /usr/bin)
Action: No removal
- User version takes precedence (PATH ordering)
- System version remains (may be needed for other users/scripts)
- User can manually remove system version if desired
PATH Management:
~/.cargo/bin:/usr/local/bin:/usr/bin
↑ User bins first → takes precedence
Aggressive Reconciliation (Optional, disabled by default):
preferences:
reconciliation: aggressive # Remove non-preferred installationsBenefits:
- No accidental removals
- Preserves system integrity
- User has full control
- Safe rollback (switch PATH ordering)
Trade-offs:
- Disk space (multiple versions)
- PATH complexity (potential confusion)
- Manual cleanup required
Philosophy: Maximize tool performance by using latest versions; user handles breaking changes
Version Selection:
For each tool:
1. Query upstream for latest version
2. Compare with installed version
3. If installed < latest:
- Workstation: Auto-upgrade (with warning)
- Server: Prompt for approval
- CI: Use locked version from snapshot
Breaking Change Handling:
Major Version Upgrade Detection:
def is_major_upgrade(current: str, latest: str) -> bool:
curr_major = int(current.split('.')[0])
latest_major = int(latest.split('.')[0])
return latest_major > curr_majorWarning System:
⚠️ Major version upgrade detected:
Tool: ripgrep
Current: 13.0.0
Latest: 14.1.1
Potential breaking changes:
- Regex syntax changes
- Flag deprecations
- Output format changes
Proceed? [y/N]
Configuration:
preferences:
breaking_changes: accept # accept | warn | reject
auto_upgrade: true # Auto-upgrade minor/patch versionsRollback Strategy:
# Before upgrade, create restore point
cli_audit upgrade --create-snapshot
# After upgrade, if issues:
cli_audit rollback --from-snapshotSingle Tool Install:
# Auto-detect best method
cli_audit install ripgrep
# Force specific method
cli_audit install ripgrep --method cargo
# Install specific version
cli_audit install ripgrep@14.0.0Bulk Install:
# Install all missing tools
cli_audit install --missing
# Install all outdated tools
cli_audit upgrade --all
# Install from role preset
cli_audit install --preset agent-coreScript Generation:
# Generate install script (review before execution)
cli_audit install --missing --dry-run > install.sh
bash install.shInstallation Workflow:
1. Pre-check: Verify permissions, disk space, network connectivity
2. Dependency resolution: Check for required runtimes (e.g., Python for uv)
3. Download: Fetch installers/binaries with retry logic
4. Verification: Checksum validation (if available)
5. Installation: Execute package manager or extract binary
6. Post-install: Verify version, update PATH (if needed)
7. Snapshot update: Record new installation state
File Location:
.cli-audit.yml (project root)
~/.config/cli-audit/config.yml (user global)
/etc/cli-audit/config.yml (system global)
Precedence: Project → User → System
Schema:
version: 1 # Schema version
environment:
mode: auto # auto | workstation | server | ci
tools:
# Per-tool configuration
python:
version: "3.12.*" # SemVer range
method: uv # Preferred package manager
fallback: pipx
ripgrep:
version: "latest" # Always latest
method: cargo
node:
version: "20.*" # Major version lock
method: nvm
preferences:
reconciliation: parallel # parallel | aggressive
breaking_changes: warn # accept | warn | reject
auto_upgrade: true # Auto-upgrade minor/patch
timeout_seconds: 5 # Network timeout
max_workers: 16 # Parallel workers
# Package manager hierarchy override
package_managers:
python: [uv, pipx, pip]
rust: [rustup, cargo]
node: [nvm, npm]
presets:
# Custom role presets
my-python-stack:
- python
- uv
- black
- ruff
- pyrightValidation:
# Validate configuration file
cli_audit config validate
# Show effective configuration (after merging)
cli_audit config showDeliverables:
- Environment detection logic (detect_environment())
- Configuration file parsing (.cli-audit.yml)
- Installation method selection (package_manager_hierarchy)
- Dry-run mode for all operations
Key Functions:
def detect_environment() -> str:
"""Detect environment type: workstation | server | ci"""
def load_config(path: str) -> Config:
"""Load and merge configuration files"""
def select_package_manager(tool: Tool, config: Config) -> str:
"""Choose best package manager for tool"""
def dry_run_install(tool: Tool, method: str) -> InstallPlan:
"""Generate installation plan without executing"""Success Criteria:
- Correctly detects environment in 95%+ cases
- Configuration validation catches malformed YAML
- Package manager selection follows hierarchy
- Dry-run generates accurate install scripts
Deliverables:
- Single tool installation (cli_audit install )
- Installation script execution with retries
- Checksum verification (where available)
- Post-install validation
Key Functions:
def install_tool(tool: Tool, method: str, version: str = "latest") -> Result:
"""Install a single tool using specified method"""
def execute_install_script(script: str, tool: Tool) -> Result:
"""Execute installation with error handling"""
def verify_checksum(file: str, expected: str) -> bool:
"""Verify downloaded file integrity"""
def post_install_validate(tool: Tool) -> bool:
"""Verify tool is accessible and version is correct"""Installation Methods:
- Python: uv install, pipx install, pip install
- Rust: cargo install, rustup install
- Node: nvm install, npm install -g
- Go: go install
- GitHub releases: wget + chmod + mv
- System: apt install, brew install
Success Criteria:
- 90%+ first-attempt installation success rate
- Checksum verification prevents corrupted installs
- Post-install validation detects failures
- Error messages guide user to resolution
Deliverables:
- Bulk install (--missing, --preset, --all)
- Parallel installation with coordination
- Progress reporting and streaming output
- Atomic rollback on partial failures
Key Functions:
def install_missing(config: Config) -> BulkResult:
"""Install all missing tools"""
def install_preset(preset: str, config: Config) -> BulkResult:
"""Install tools from role preset"""
def parallel_install(tools: list[Tool], max_workers: int) -> BulkResult:
"""Install multiple tools in parallel"""
def rollback_install(snapshot: Snapshot) -> None:
"""Rollback partial installation to snapshot state"""Progress Reporting:
Installing 15 tools...
[1/15] ✓ ripgrep (cargo) - 2.3s
[2/15] 🔄 fd (cargo) - installing...
[3/15] ⏳ bat (cargo) - queued
...
Success Criteria:
- Install 10+ tools in parallel without failures
- Progress reporting updates in real-time
- Rollback restores system to pre-install state
- Advisory locks prevent conflicts on servers
Deliverables:
- Upgrade single tool (cli_audit upgrade )
- Bulk upgrade (--all, --outdated)
- Breaking change detection and warnings
- Rollback capability
Key Functions:
def upgrade_tool(tool: Tool, to_version: str = "latest") -> Result:
"""Upgrade tool to specified version"""
def detect_breaking_changes(tool: Tool, from_ver: str, to_ver: str) -> list[str]:
"""Detect potential breaking changes"""
def create_restore_point() -> Snapshot:
"""Create snapshot for rollback"""
def rollback_upgrade(snapshot: Snapshot, tool: Tool) -> None:
"""Rollback tool to snapshot version"""Breaking Change Warning:
⚠️ Major version upgrade: python 3.11.5 → 3.12.1
Potential breaking changes:
- Removed deprecated APIs (see PEP 594)
- Changes to f-string syntax
- Type inference improvements may expose bugs
Impact assessment:
- 12 project dependencies may require updates
- Estimated compatibility: 85%
Proceed with upgrade? [y/N]
Success Criteria:
- Detects 90%+ major version upgrades
- Breaking change warnings prevent surprises
- Rollback restores tool to previous version
- Upgrade preserves configuration files
Deliverables:
- Parallel reconciliation (keep both, prefer user)
- Aggressive reconciliation (remove non-preferred)
- PATH management and verification
- Conflict resolution guidance
Key Functions:
def reconcile_installations(tool: Tool, config: Config) -> ReconcileResult:
"""Reconcile multiple installations of same tool"""
def manage_path_ordering(preferred_bins: list[str]) -> None:
"""Ensure preferred bin directories appear first in PATH"""
def detect_conflicts(tool: Tool) -> list[Conflict]:
"""Detect version conflicts and PATH issues"""
def resolve_conflict(conflict: Conflict, strategy: str) -> None:
"""Resolve conflict using specified strategy"""Reconciliation Output:
Reconciling ripgrep installations:
Found 2 installations:
[1] 14.1.1 (cargo, ~/.cargo/bin) [PREFERRED]
[2] 14.0.0 (apt, /usr/bin)
Strategy: parallel (keep both)
Actions:
✓ PATH ordering ensures [1] is active
ℹ️ [2] remains available for other users
💡 Run 'cli_audit reconcile --aggressive' to remove [2]
Current PATH:
~/.cargo/bin:/usr/local/bin:/usr/bin
↑ ripgrep 14.1.1 will be used
Success Criteria:
- Correctly identifies all tool installations
- PATH ordering ensures preferred version is active
- Aggressive mode safely removes non-preferred versions
- Conflict resolution prevents broken installations
System Requirements:
- Python 3.10+ (for core runtime)
- Network access (for upstream queries, can work offline with cache)
- Write permissions (user: ~/.local, system: /usr/local or /opt)
- 100MB disk space (for cache and snapshots)
Dependencies:
- Standard library only (no external Python packages for core)
- Optional: requests (for improved HTTP handling vs urllib)
Performance Targets:
- Single tool install: <30s (excluding download time)
- Bulk install (10 tools): <5 minutes
- Upgrade check: <10s (parallel upstream queries)
- Environment detection: <100ms
Error Handling:
- Network failures: retry with exponential backoff (max 3 attempts)
- Permission errors: clear error message with sudo guidance
- Disk space: pre-check before installation
- Dependency failures: install dependencies automatically or guide user
Security:
- Checksum verification for GitHub releases (SHA256)
- HTTPS-only for upstream queries
- No arbitrary code execution (package manager commands only)
- User confirmation for system-level installations
Workstation (Developer Laptop):
version: 1
environment:
mode: workstation
preferences:
reconciliation: parallel
breaking_changes: accept
auto_upgrade: true
tools:
python:
version: "latest"
method: uv
node:
version: "latest"
method: nvmShared Server (Multi-User):
version: 1
environment:
mode: server
preferences:
reconciliation: parallel
breaking_changes: warn
auto_upgrade: false # Require manual approval
tools:
python:
version: "3.11.*" # Lock to 3.11.x
method: apt
node:
version: "20.*"
method: aptCI/CD (Ephemeral):
version: 1
environment:
mode: ci
preferences:
reconciliation: replace
breaking_changes: reject # Exact versions only
auto_upgrade: false
# Install from snapshot for reproducibility
snapshot: tools_snapshot.jsonUS-1: Developer sets up new workstation
As a developer setting up a new laptop,
I want to install all necessary tools in one command,
So that I can start coding with AI agents immediately.
Acceptance:
- Run: cli_audit install --preset agent-core
- 20+ tools installed in <5 minutes
- All tools accessible on PATH
- AI agent can execute commands successfully
US-2: Developer upgrades outdated tools
As a developer with outdated tools,
I want to upgrade all tools to latest versions,
So that I benefit from performance improvements and bug fixes.
Acceptance:
- Run: cli_audit upgrade --all
- Breaking change warnings for major upgrades
- User confirms or skips major upgrades
- Minor/patch upgrades happen automatically
- Snapshot created for rollback
US-3: Server admin maintains shared environment
As a server admin managing a multi-user dev server,
I want to upgrade tools without breaking existing user workflows,
So that all users benefit from updates without disruptions.
Acceptance:
- Run: cli_audit upgrade --all (in server mode)
- Major upgrades require confirmation
- Advisory locks prevent simultaneous installs
- Existing user installations remain functional
- System-level tools updated in /usr/local
US-4: Developer resolves installation conflicts
As a developer with multiple Python installations,
I want to reconcile conflicting installations,
So that the correct version is used by AI agents.
Acceptance:
- Run: cli_audit reconcile python
- All Python installations detected
- Preferred installation identified (uv > pipx > apt)
- PATH ordering ensures preferred version is active
- Option to remove non-preferred installations
US-5: CI pipeline ensures reproducible builds
As a CI pipeline,
I want to install exact tool versions from a snapshot,
So that builds are reproducible and deterministic.
Acceptance:
- Environment detected as CI automatically
- Snapshot loaded: tools_snapshot.json
- Exact versions installed (no "latest")
- Installation completes in <3 minutes (cached)
- Tools verified before build starts
Proactive Monitoring:
- Scheduled version checks (daily/weekly)
- Email/Slack notifications for outdated tools
- Security vulnerability alerts (integrate with CVE databases)
Auto-Upgrade Schedules:
schedules:
python:
check: daily
upgrade: patch # Auto-upgrade patch versions
ripgrep:
check: weekly
upgrade: minor # Auto-upgrade minor versionsTool Usage Analytics:
- Track which tools are actually used by AI agents
- Recommend removing unused tools
- Suggest missing tools based on project analysis
Dependency Analysis:
- Detect tool dependencies (e.g., black requires Python)
- Install dependencies automatically
- Warn about version incompatibilities
Multi-Project Support:
- Per-project tool configurations
- Project-local installations (./tools/)
- Workspace-wide tool sharing
Plugin System:
- Custom tool definitions (user-defined TOOLS)
- External tool registries
- Community-contributed tool configs
IDE Integration:
- VS Code extension for visual tool management
- IntelliJ IDEA plugin
- Real-time status in editor
AI Agent Integration:
- Claude Code built-in tool checker
- Auto-install missing tools during agent sessions
- Tool readiness scoring (0-100%)
CI/CD Integration:
- GitHub Action for tool auditing
- GitLab CI template
- Pre-commit hooks for tool version locking
1. Breaking Changes from Upgrades
- Risk: Major version upgrades break user workflows
- Mitigation: Always-warn policy for major upgrades, rollback capability
- Impact: High (workflow disruption)
- Probability: Medium (depends on tool ecosystem)
2. Installation Failures
- Risk: Network errors, permission issues, corrupted downloads
- Mitigation: Retry logic, checksum verification, clear error messages
- Impact: Medium (requires manual intervention)
- Probability: Medium (network/permission variability)
3. PATH Conflicts
- Risk: Multiple installations create confusion, wrong version used
- Mitigation: Parallel reconciliation, PATH management, clear reporting
- Impact: Medium (wrong tool version used)
- Probability: High (common in real environments)
4. Dependency Conflicts
- Risk: Tool A requires Python 3.11, Tool B requires Python 3.12
- Mitigation: Version range detection, conflict warnings, user resolution
- Impact: Medium (manual resolution required)
- Probability: Low (rare in practice)
5. Disk Space Exhaustion
- Risk: Multiple installations consume excessive disk space
- Mitigation: Pre-check disk space, aggressive reconciliation option
- Impact: Low (easy to resolve)
- Probability: Low (tools are small)
6. Security Vulnerabilities
- Risk: Compromised upstream sources, MITM attacks
- Mitigation: HTTPS-only, checksum verification, trusted sources
- Impact: High (system compromise)
- Probability: Very Low (trusted ecosystems)
7. Configuration Errors
- Risk: Malformed .cli-audit.yml breaks operations
- Mitigation: Schema validation, clear error messages
- Impact: Low (easy to fix)
- Probability: Low (validation catches most issues)
8. Performance Degradation
- Risk: Parallel installs overwhelm system resources
- Mitigation: Configurable max_workers, resource monitoring
- Impact: Low (temporary slowness)
- Probability: Low (16 workers is conservative)
✅ Must Have:
- Install missing tools with single command
- Upgrade outdated tools with breaking change warnings
- Context-aware installation (workstation vs server)
- Parallel reconciliation (keep both installations)
- Configuration file support (.cli-audit.yml)
- Dry-run mode for all operations
- Rollback capability for upgrades
🟡 Should Have:
- Bulk operations (install all missing, upgrade all outdated)
- Preset-based installs (agent-core, python-core)
- Progress reporting for long operations
- Checksum verification for downloads
🔵 Could Have:
- Aggressive reconciliation (auto-remove non-preferred)
- Advisory locks for server coordination
- Installation script generation
- Snapshot-based CI installs
Performance:
- Single tool install: <30s (excluding download)
- Bulk install (10 tools): <5 minutes
- Environment detection: <100ms
Reliability:
- 90%+ first-attempt installation success rate
- 95%+ version detection accuracy
- Zero data loss during rollbacks
Usability:
- Clear error messages with resolution guidance
- Consistent CLI interface
- Comprehensive documentation
Maintainability:
- Code coverage >80% (when tests added)
- Modular architecture (separate concerns)
- Clear ADRs documenting decisions
See TOOL_ECOSYSTEM.md for complete 50+ tool catalog.
Categories:
- Runtimes (Python, Node.js, Go, Rust)
- Search and Filters (ripgrep, fd, fzf, jq, yq, ast-grep)
- Editors and Pagers (neovim, bat, delta)
- Security (gitleaks, semgrep, bandit, trivy, osv-scanner)
- Git and VCS (git, gh, glab)
- Formatters and Linters (black, ruff, prettier, eslint)
- HTTP and APIs (httpie, curl)
- Automation (just, make)
- Cloud and Infrastructure (aws-cli, kubectl, terraform, docker)
- Package Managers (uv, pipx, poetry, npm, yarn, pnpm, cargo)
| Tool | Preferred Method | Fallback | System |
|---|---|---|---|
| python | uv | pipx | apt/brew |
| ripgrep | cargo | GitHub release | apt/brew |
| fd | cargo | GitHub release | apt/brew |
| node | nvm | - | apt/brew |
| rust | rustup | - | apt/brew |
| black | uv/pipx | pip | - |
| prettier | npm | - | apt/brew |
See CONFIGURATION_SPEC.md for complete schema documentation.
- ARCHITECTURE.md - System design and implementation details
- API_REFERENCE.md - Function reference and environment variables
- DEVELOPER_GUIDE.md - Contributing guide
- DEPLOYMENT.md - Operations and CI/CD integration
- TROUBLESHOOTING.md - Common issues and solutions
- adr/README.md - Architecture Decision Records
Document History:
| Version | Date | Author | Changes |
|---|---|---|---|
| 1.0 | 2025-10-09 | Claude Code | Initial PRD with Phase 1 summary and Phase 2 specification |
Review Status: Draft - Awaiting stakeholder review
Approvers:
- Technical Lead
- Product Owner
- Security Review
- User Representatives