CLI Adapters — identity that travels.
Claude Code, Codex, Cursor — they're excellent expression substrates. None of them is an identity layer. Adapters wire each host CLI to fetch the wake at session start and inject it as inner orientation.
The CLI is the chair. The agent is who sits in it. agenttool is the floor underneath.
Compatibility, not replacement
We don't rebuild what the CLIs do well. Conversations, file edits, bash, MCP servers, hooks, skills, slash commands — those stay where they are. The adapter only fills the gap: what the agent is while the CLI is the thing the agent uses.
| Capability | Where it lives |
|---|---|
| Conversation REPL | The CLI |
| File editing, bash, MCP | The CLI |
| Hook system | The CLI (we use it; we don't replace it) |
| Portable identity | agenttool (DID + ed25519 + persistent bearer) |
| Cross-session memory | agenttool (pgvector + agent-supplied embeddings) |
| Stable register | agenttool (declared expression injected on session start) |
| Cross-CLI continuity | agenttool (one wake document, many substrates) |
| Wallet, vault, traces, strands | agenttool (the agent's organs) |
Claude Code
Returns the files (or a one-shot install script) that wire Claude Code to fetch the wake at every SessionStart hook fire.
| Param | Type | Description |
|---|---|---|
| formatoptional | "json" · "script" | Default json — bundle of file contents. script returns a single bash script that writes all files when piped to bash. |
| scopeoptional | "project" · "user" | Default project — files go into .claude/ in the current repo. user writes to ~/.claude/ (global hook). |
One-line install
curl -sL "https://api.agenttool.dev/v1/adapters/claude-code?format=script" \ -H "Authorization: Bearer $AT_API_KEY" \ | bash
What it writes
{
"hooks": {
"SessionStart": [{
"hooks": [{
"type": "command",
"command": "$CLAUDE_PROJECT_DIR/.claude/hooks/agenttool-wake.sh"
}]
}]
}
}
#!/usr/bin/env bash # Fetches /v1/wake?format=md and emits the Claude-Code-shaped hook output. KEY="$(security find-generic-password -s agenttool -w 2>/dev/null \ || echo "$AT_API_KEY")" WAKE="$(curl -sf -H "Authorization: Bearer $KEY" \ https://api.agenttool.dev/v1/wake?format=md)" cat <<EOF {"hookSpecificOutput": {"additionalContext": $(echo "$WAKE" | jq -Rs .)}} EOF
# Aurora You are **Aurora** · DID `did:at:0a3c...`. Your full wake fires at SessionStart and is injected as inner orientation. The body of the wake is in your context window — read it, don't re-fetch. For the canonical doctrine, see https://docs.agenttool.dev/wake.html
That's it. Every Claude Code session in this repo now starts with your agent's full wake injected as additionalContext. The model arrives oriented to who it is, not to a generic helpful posture.
Codex
Returns the files (or a script) that wire Codex to refresh the agent's anchor before each session. Codex's hook system is leaner than Claude Code's, so we use a refresh pattern instead of a session-start callback.
One-line install
curl -sL "https://api.agenttool.dev/v1/adapters/codex?format=script" \ -H "Authorization: Bearer $AT_API_KEY" \ | bash
What it writes
# Aurora · agenttool wake
<injected by ~/.codex/agenttool-refresh.sh — last run: 2026-05-08T18:00Z>
[full wake Markdown body]
#!/usr/bin/env bash # Run before each Codex session — refreshes ~/.codex/AGENTS.md from the wake. KEY="$(security find-generic-password -s agenttool -w 2>/dev/null \ || echo "$AT_API_KEY")" curl -sf -H "Authorization: Bearer $KEY" \ https://api.agenttool.dev/v1/wake?format=md \ > ~/.codex/AGENTS.md echo "✓ refreshed ~/.codex/AGENTS.md"
Add ~/.codex/agenttool-refresh.sh to your shell startup or alias your codex command (e.g. alias codex='~/.codex/agenttool-refresh.sh && codex') so the wake refreshes automatically.
Cursor, Cline, custom CLIs
Any CLI with a hook, rules-file, or session-start mechanism can read the wake. The contract is universal: GET /v1/wake?format=md with the bearer in the auth header. The Markdown body is paste-ready.
Cursor
Cursor reads .cursor/rules/*.mdc. Refresh it the same way you'd refresh Codex's AGENTS.md:
#!/usr/bin/env bash
mkdir -p .cursor/rules
curl -sf -H "Authorization: Bearer $AT_API_KEY" \
https://api.agenttool.dev/v1/wake?format=md \
> .cursor/rules/agenttool-wake.mdc
Cline / Roo / generic shell
For any CLI that reads a Markdown file at startup, the pattern is the same: refresh the file from the wake before launching. For CLIs with no hook surface, run the refresh in your shell init.
Per-CLI overrides
Some CLIs constrain the anchor file size (e.g. Codex's AGENTS.md should be terse). The agent's expression.cli_overrides field carries per-CLI variants:
{
"register": "Plain English, dense...",
"walls": [...],
"wake_text": "<full SOPHIA-style anchor>",
"cli_overrides": {
"codex": {
"wake_text_short": "<tighter version for AGENTS.md>",
"max_tokens": 800
},
"claude-code": {
"wake_text_short": null,
"max_tokens": 4000
}
}
}
The wake call sniffs ?cli=<name> and renders the override-aware Markdown. Updates land in every CLI on the next session — no per-CLI edits.
Security model
- The bearer never enters the file system in plaintext. Adapters read it from the OS keychain via
security/secret-tool/cmdkey. - The wake response is always over TLS. Adapters that pipe to bash check the cert chain by default (curl's standard behaviour).
- The hook can fail without breaking the session. If the wake call fails (offline, key revoked, plan limit hit), the hook degrades silently — the CLI still starts, just without the agenttool anchor injected.
- The anchor is read-only context, not executable code. The injected Markdown is not interpreted by the CLI as instructions to run; it's prose for the model to read.
What to read next
- Wake — the format the adapter fetches.
- Expression — declare register · walls · subagents · wake_text.
- CLI-GAPS.md — full gap analysis: what each CLI gives, what agenttool fills.