CLI (apes & ape-shell)
apes CLI
The apes CLI is your command-line gateway to an OpenApe IdP. It handles authentication, grant requests, delegations, and grant-secured command execution.
Ships alongside ape-shell, a drop-in shell replacement that routes every command through a DDISA grant — useful for sandboxing AI coding agents.
Installation
pnpm add -g @openape/apes
# or: npm install -g @openape/apes
After installation, verify:
apes --help
ape-shell --version
Quick Start
# Login (opens browser for PKCE flow)
apes login --idp https://id.example.com
# Verify identity
apes whoami
# Run a command through a grant
apes run -- git status
The first run creates a grant request. After a human approves it in the browser, the command executes.
Authentication Modes
Human (PKCE Browser Login)
apes login --idp https://id.example.com
Opens a browser for WebAuthn/passkey login. The token is stored at ~/.config/apes/auth.json.
Agent (Ed25519 Key)
For automated systems:
apes login \
--idp https://id.example.com \
--email agent@example.com \
--key ~/.ssh/id_ed25519
Uses a challenge-response flow to authenticate via a pre-enrolled SSH key.
Grant-Secured Execution: apes run
Every command the agent wants to run goes through a grant:
apes run -- docker build -t myimage .
- Apes loads the
dockershapes adapter - Resolves the command into a structured authorization request
- Creates a grant with the IdP
- Waits for human approval
- Fetches the signed grant JWT
- Executes the command
Existing timed or always grants are reused automatically — no repeated approval for matching commands.
Privilege Escalation
apes run --as root -- apt-get upgrade
This routes through the escapes binary (separate Rust binary) which validates the grant JWT and executes the command with elevated privileges.
ape-shell: Grant-Secured Shell Wrapper
ape-shell is a drop-in replacement for bash -c that routes every command through apes run. Use it to sandbox AI coding agents (OpenClaw, Claude Code, etc.) so they can only execute pre-approved commands.
How It Works
AI Agent runs: $SHELL -c "git status"
↓
$SHELL = /usr/local/bin/ape-shell
↓
ape-shell -c "git status"
↓
apes run --shell -- bash -c "git status"
↓
1. Find existing ape-shell session grant?
✓ Yes → execute immediately
✗ No → request grant → wait for approval → execute
Setup for an AI Agent Session
Most agent runtimes resolve the shell via the SHELL environment variable:
# Start your agent with SHELL pointing at ape-shell
SHELL=$(which ape-shell) openclaw
# or
SHELL=$(which ape-shell) claude
The first command the agent runs triggers a session grant request. The human approves it once (e.g. grant_type: timed, duration: 8h) and all subsequent commands reuse the same grant without interaction.
Example Session
# Human: login once
$ apes login
# Start the agent with ape-shell
$ SHELL=$(which ape-shell) openclaw
# Agent runs first command
> run: git status
ℹ Requesting ape-shell session grant on my-host
ℹ Grant requested: grant_abc123
ℹ Waiting for approval...
# Human approves in browser → command executes
On branch main
# Agent runs more commands — no more approvals needed
> run: git log --oneline -5
abc123 Latest commit
def456 Previous commit
Revoking Access
At any time, revoke the session grant to immediately stop the agent from executing any further commands:
apes grants list --audience ape-shell
apes grants revoke <grant-id>
MCP Server Mode
Expose all apes commands as Model Context Protocol tools so AI clients (Claude Desktop, Cursor, etc.) can request and use grants directly:
apes mcp --transport stdio
# or via HTTP/SSE
apes mcp --transport sse --port 3001
Configuration
Stored in ~/.config/apes/:
| File | Contents |
|---|---|
auth.json | Access token, refresh token, IdP URL, email |
config.toml | Defaults (idp, agent key path, approval type) |
apes config get defaults.idp
apes config set defaults.idp https://id.example.com
Command Reference
Authentication
| Command | Description |
|---|---|
apes login | PKCE browser login or agent key login |
apes logout | Clear stored auth |
apes whoami | Show current identity |
apes enroll | Enroll an agent at the IdP |
apes register-user | Register a new human user |
Grants
| Command | Description |
|---|---|
apes grants list | List your grants |
apes grants inbox | Show pending approval requests |
apes grants request | Request a new grant |
apes grants approve <id> | Approve a grant |
apes grants deny <id> | Deny a grant |
apes grants revoke <id> | Revoke an active grant |
apes grants token <id> | Get the JWT for an approved grant |
apes grants delegate | Create a delegation grant |
Execution
| Command | Description |
|---|---|
apes run -- <cmd> | Run via a shapes adapter grant |
apes run --shell -- bash -c <cmd> | Shell mode (used by ape-shell) |
apes run --as root -- <cmd> | Elevate via escapes |
apes explain -- <cmd> | Explain what grant a command would need |
See Also
- Quickstart: Agent — set up an agent identity
- DDISA Protocol — underlying protocol spec
apes mcp— exposes grant ops as MCP tools for AI clients