Many developers already use Claude Code or Codex CLI directly in the terminal. The new external-cli provider lets Undes Pro route selected pipeline roles through those installed CLIs without adding a provider API key for those roles.
1. Why CLI-backed agents
API providers remain the normal and most portable way to run Undes. But local coding CLIs are already part of many developer workflows. If a developer has signed in to Claude Code or Codex CLI, Undes Pro can now use that official local binary as a provider boundary for selected agents.
The useful part is not only cost or convenience. The CLI-backed answer still becomes an Undes artifact: evidence used, assumptions, rejected hypotheses, critique, open checks, and a trust verdict before the result is treated as safe to rely on.
2. The agent shape
An external CLI-backed agent omits apiUrl and key. Instead, it declares
provider: external-cli, a flavor, and the local command to run.
{
"provider": "external-cli",
"providerFlavor": "claude-code",
"command": "claude",
"args": ["-p"],
"authSource": "installed-cli-session"
}
The CLI must already be installed, logged in, and reachable on PATH. Undes does not
read or copy the CLI credential store. It runs the official command and records redacted receipt
metadata for the call.
3. Cross-model routing is the stronger setup
The strongest CLI setup uses two different models for different responsibilities. For example, Codex CLI can handle proposal and implementation roles, while Claude Code handles design review, critique, and risk analysis.
Codex proposal -> Claude Code critique -> Undes evidence and trust verdict
Single-CLI mode is possible, but weaker. When the same model proposes and reviews the work, it may share the same blind spots. Undes still records the process, but cross-model review gives a stronger trust signal.
4. Safety boundary
The external-cli provider is intentionally narrow. The prompt is passed as stdin data rather than interpolated into a shell command. The child process is bounded by timeout and output limits. The run records redacted receipts with metadata and digests rather than raw secret-bearing content.
This is still a data-leaving-machine provider because the vendor CLI may contact its own service. If the operator enables a no-network policy, CLI-backed agents are refused instead of silently running.
5. Gemini boundary
Gemini is supported through explicit API or Vertex-style provider paths. Undes does not document Gemini CLI as an external-cli flavor. That keeps the authorization boundary explicit for Gemini while still allowing Gemini-backed agents to participate in the same run through normal provider routing.
6. What this is not
This feature does not make a vendor CLI offline, and it does not replace provider APIs for teams that need centralized accounting, gateway control, or strict environment reproducibility. It is a local Pro workflow for developers who already use Claude Code or Codex CLI and want those tools inside a reviewable Undes artifact.
The setup details are in the public guide: Run Undes Pro through Claude Code and Codex CLI.