Anvil-uplink-CLI brings agent-safe terminal access to Anvil.works apps
hoponthestack released `anvil-uplink-cli`, a thin CLI for Anvil.works' Server Uplink that keeps API keys out of AI agent transcripts via a `dotenv:` key reference scheme.
Score breakdown
Teams using AI coding agents like Claude Code against Anvil.works apps can adopt the `dotenv:` pattern to prevent credential leakage through agent transcripts and prompt-injection attacks.
- 01anvil-uplink-cli is a CLI wrapper over Anvil.works' Server Uplink library, connecting to Anvil apps via websocket.
- 02Provides five commands: `query`, `call`, `row`, `run`, and `repl`, replacing manual use of the web Server Console.
- 03Supports multi-app profiles, pretty and JSON output, and runs on Windows, macOS, Linux, and WSL.
`anvil-uplink-cli` is a thin command-line interface over Anvil.works' Server Uplink library, which allows an external Python process to connect to an Anvil app via websocket and act as a server module — enabling calls to server functions, queries against Data Tables, and more. The CLI surfaces five core commands — `query`, `call`, `row`, `run`, and `repl` — covering the operations developers would otherwise perform by pasting code into the Anvil web Server Console. It also supports multi-app profiles and both pretty-printed and JSON output, with consistent behavior across Windows, macOS, Linux, and WSL.
The project's central design concern is security in agentic coding workflows.
The project's central design concern is security in agentic coding workflows. The standard practice of passing credentials via inline environment variables (e.g., `KEY=... cmd`) works fine for human operators, but when an AI coding agent drives the CLI, that key lands in the agent's transcript. A malicious value in a database row could then instruct the agent to exfiltrate the key — a prompt-injection attack vector. The `dotenv:` key reference scheme addresses this by having the CLI itself read the Uplink key from a gitignored `.env` file, so the key is never passed as a call argument and never enters the agent's context window. hoponthestack built the tool while using Claude Code on their own Anvil apps and is seeking feedback on this security approach. The project is in early alpha and released under the MIT license.
Key facts
- 01anvil-uplink-cli is a CLI wrapper over Anvil.works' Server Uplink library, connecting to Anvil apps via websocket.
- 02Provides five commands: `query`, `call`, `row`, `run`, and `repl`, replacing manual use of the web Server Console.
- 03Supports multi-app profiles, pretty and JSON output, and runs on Windows, macOS, Linux, and WSL.
- 04A `dotenv:` key reference scheme keeps the Uplink key in a gitignored `.env` file, never in a tool-call argument or agent context.
- 05The scheme defends against prompt-injection attacks where a malicious database row could instruct an agent to exfiltrate an inline credential.
- 06Built by hoponthestack while using Claude Code on Anvil apps; currently early alpha, MIT-licensed.