Agent Integration & Skills
CLI does not replace the agent. It gives the agent a stable command entrypoint.
HENGSHI CLI works for direct human use as well as agent integration. This page focuses on the second case: how to make CLI execution more stable and reviewable when you integrate it into OpenClaw or another agent runtime.
The recommended mental model looks like this:
| Layer | Purpose |
|---|---|
| Human | Provide intent, review results, confirm risk boundaries |
| Agent | Understand the request, break down steps, decide what capability to call |
| Skills | Encode domain knowledge into reusable standard workflows |
| HENGSHI CLI | Execute reads, previews, creates, updates, and authorization actions |
Why agents should go through CLI
- Stable structured output:
json/yamlworks well for machine read/write paths - Clear command boundaries: safer than letting the agent assemble private APIs
- Preview support: risky writes can go through
--dry-runfirst - Reusable everywhere: local terminals, CI, automation jobs, and agent runtimes share the same execution surface
- Auditable execution: the chain is easier to log, replay, and review
What official skills are for
HENGSHI CLI is delivered together with official bundled skills, including:
hbi-corehbi-datahbi-dashboardhbi-permissionhbi-workflow
The main value of skills is to encode:
- What to read before writing
- Which actions must go through
--dry-run - How results should be structured for humans or downstream systems
Recommended integration steps
1. Ensure the runtime is provisioned with the CLI
See Installation & Upgrade for the access path and post-install checks. For team or customer-facing agent runtimes, it is usually better to provision CLI through the HENGSHI delivery channel instead of asking each runtime owner to discover a download path separately.
2. Pin the instance and authentication
export HBI_API_URL="https://<your-everest-instance>"See Authentication & Connection for the available auth paths. For agent runtimes, it is usually better to pin HBI_CLIENT_ID / HBI_CLIENT_SECRET or HBI_TOKEN explicitly instead of depending on ad-hoc credential input.
3. Provision the bundled official skills
Official skills are now delivered together with the CLI package, so a separate pull from an external distribution surface is no longer the recommended path. If you are preparing runtimes for OpenClaw, Claude Code, GitHub Copilot, or similar agents, specify the target agents during delivery so the bundled skills land in the correct global skill directories from the start.
4. Constrain the agent’s default execution strategy
These rules should usually live in the agent prompt or runtime policy:
- Read state before writing
- Use
--dry-runwhenever possible - Prefer
--output jsonor--output yaml - Do not assemble private HENGSHI APIs manually
- For risky grants, deletes, or config changes, return the plan to a human before execution
A typical agent execution pattern
For example, if an agent is asked to “create a sales dashboard and grant access to a teammate”, the recommended order is usually:
- Read app and dataset context
- Confirm whether the target dashboard already exists
- Create the dashboard
- Add charts or other elements
- Preview the authorization with
--dry-run - Execute the real grant after human confirmation
This is exactly the kind of sequencing that skills are good at capturing.
Recommended practice
If you plan to make CLI a formal part of an agent runtime, these practices usually help the most:
- Pin the CLI version and the bundled-skill delivery path across environments
- Prefer
jsonoryamloutput by default to reduce downstream parsing cost - Keep
--dry-runin front of risky grants, deletes, and system configuration changes - Log
HBI_API_URL, the auth path, and the key command results for later review
What agents should return
When an agent uses CLI, ask it to summarize results in at least three buckets:
- What it did: which reads, previews, and writes were executed
- What it saw: what the important commands returned
- What is still missing: which steps did not continue because of permissions, missing context, or human confirmation
That gives teams something far more useful than a raw wall of terminal output.