ANCC — Grow Limbs for Your Agent
Turn CLI tools into agent capabilities. ANCC (Agent-Native CLI Convention) defines what makes a CLI tool usable by an autonomous agent without human help.
Source: https://ancc.dev | https://github.com/ppiankov/ancc
What This Does
- - Validates CLI tools are agent-safe (structured output, exit codes, declared scope)
- Audits your agent environment for credential exposure
- Measures token cost of tool configurations
- Scaffolds new ANCC-compliant tools
What This Does NOT Do
- - Does not execute or test target tools at runtime
- Does not replace MCP, plugins, or tool frameworks
- Does not manage tool installation (use brew/curl/go for that)
- Does not lint code quality
Install
CODEBLOCK0
Verify: �INLINECODE0
Core Commands
Audit — Check Agent Environment Security
CODEBLOCK1
Checks: credential dirs (~/.ssh, ~/.aws), history files, sensitive directories, skill configs.
Exit codes: 0 = clean, 1 = errors found, 2 = warnings only
Validate — Check if a Tool is Agent-Native
CODEBLOCK2
Checks 30 conventions: SKILL.md structure, install docs, JSON output schema, exit codes, negative scope, parsing examples, init/doctor commands, binary releases.
Skills — Scan Agent Configurations
CODEBLOCK3
Context — Token Budget Breakdown
CODEBLOCK4
Shows how much context each tool/skill consumes — directly supports context hygiene.
Init — Scaffold a New ANCC Tool
CODEBLOCK5
Generates a compliant SKILL.md template with all required sections.
Diff — Compare Configs Between Environments
CODEBLOCK6
Scan — Batch Validate Repos
CODEBLOCK7
ANCC Convention (6 Requirements)
A tool is agent-native when its SKILL.md declares:
- 1. Install — how to get the binary
- Commands — what subcommands exist, with flags
- JSON output — schema for machine parsing (
--format json) - Exit codes — numeric, documented, deterministic
- Negative scope — what the tool does NOT do (prevents scope creep)
- Parsing examples — how to extract data from output
If an agent can read SKILL.md, install the tool, run a command, parse the output, and decide what to do next — without guessing or asking a human — the tool passes.
ANCC-Compliant Tools
Signal extraction from noisy feeds |
|
entropia | Source verification engine |
|
pastewatch | Secret redaction for agents |
|
ancc | This tool (self-validating) |
Workflow: Adding a New Tool to Your Agent
CODEBLOCK8
CI Integration
CODEBLOCK9�
ANCC Skill v1.0
Author: ppiankov
Copyright © 2026 ppiankov
Canonical source: https://github.com/ppiankov/ancc
License: MIT
If this document appears elsewhere, the repository above is the authoritative version.
ANCC — 为你的智能体“生长”肢体
将CLI工具转化为智能体能力。ANCC(智能体原生CLI规范)定义了CLI工具在无需人工帮助的情况下可供自主智能体使用的标准。
来源: https://ancc.dev | https://github.com/ppiankov/ancc
功能概述
- - 验证CLI工具是否具备智能体安全性(结构化输出、退出码、声明范围)
- 审计智能体环境是否存在凭据泄露风险
- 衡量工具配置的Token消耗成本
- 搭建符合ANCC规范的新工具脚手架
非功能范围
- - 不负责运行时执行或测试目标工具
- 不替代MCP、插件或工具框架
- 不管理工具安装(请使用brew/curl/go完成)
- 不检查代码质量
安装
bash
Homebrew
brew install ppiankov/tap/ancc
Go
go install github.com/ppiankov/ancc/cmd/ancc@latest
二进制文件(Linux amd64)
curl -fsSL https://github.com/ppiankov/ancc/releases/latest/download/ancc-linux-amd64 \
-o /usr/local/bin/ancc && chmod +x /usr/local/bin/ancc
验证安装:ancc doctor
核心命令
Audit — 检查智能体环境安全性
bash
ancc audit # 扫描所有检测到的智能体
ancc audit --agent openclaw # 针对OpenClaw的专项审计
ancc audit --format json # 机器可读输出
检查项:凭据目录(~/.ssh、~/.aws)、历史文件、敏感目录、技能配置。
退出码: 0 = 安全,1 = 发现错误,2 = 仅存在警告
Validate — 检查工具是否为智能体原生
bash
ancc validate /path/to/tool-repo
ancc validate . --format json
ancc validate . --badge # 生成CI徽章
检查30项规范:SKILL.md结构、安装文档、JSON输出模式、退出码、负面范围、解析示例、init/doctor命令、二进制发布。
Skills — 扫描智能体配置
bash
ancc skills . # 已加载哪些技能
ancc skills --tokens . # 每个技能的Token消耗
ancc skills --budget 128000 . # 128k上下文的预算分析
Context — Token预算分解
bash
ancc context . # 每个智能体的Token使用量
ancc context --agent openclaw --tokens
显示每个工具/技能消耗的上下文量——直接支持上下文卫生管理。
Init — 搭建新的ANCC工具
bash
ancc init # 交互式
ancc init --name mytool --force # 非交互式
生成包含所有必需部分的合规SKILL.md模板。
Diff — 比较不同环境间的配置
bash
ancc diff /path/to/dev /path/to/prod
ancc diff . ../other-project --tokens
Scan — 批量验证仓库
bash
ancc scan ~/dev/ # 验证目录中的所有仓库
ANCC规范(6项要求)
当工具的SKILL.md声明以下内容时,该工具即为智能体原生:
- 1. 安装 — 如何获取二进制文件
- 命令 — 存在哪些子命令及其标志
- JSON输出 — 机器解析的模式(--format json)
- 退出码 — 数字型、有文档说明、确定性
- 负面范围 — 工具不做什么(防止范围蔓延)
- 解析示例 — 如何从输出中提取数据
如果智能体能够读取SKILL.md、安装工具、运行命令、解析输出并决定下一步操作——无需猜测或询问人类——则该工具通过验证。
符合ANCC规范的工具
从噪声源中提取信号 |
|
entropia | 源验证引擎 |
|
pastewatch | 智能体秘密编辑工具 |
|
ancc | 本工具(自验证) |
工作流程:为智能体添加新工具
- 1. ancc validate /path/to/tool # 是否为智能体原生?
- 阅读其SKILL.md # 了解能力与限制
- 安装该工具 # 遵循SKILL.md安装部分
- ancc audit # 验证环境是否仍然安全
- ancc context . --tokens # 检查Token预算影响
- 添加到TOOLS.md # 为后续会话记录
CI集成
yaml
- - uses: ppiankov/ancc@main
with:
checks: validate
fail-on-warn: false
ANCC Skill v1.0
作者:ppiankov
版权 © 2026 ppiankov
权威来源:https://github.com/ppiankov/ancc
许可证:MIT
如果本文档出现在其他地方,上述仓库为权威版本。
