Command line
Security
The CLI is a local command that sends requests to agentcentral. It does not copy your Amazon connection tokens or seller data onto your machine. A copied CLI binary is harmless without a valid API key, and each key is limited by the scope you set in the dashboard.
What lives locally
| On your machine | In agentcentral |
|---|---|
The ac_live_ API key, supplied by environment variable, prompt, stdin, config file, or OS keychain | Amazon connection credentials and refresh tokens |
| Command flags, output formatting, and exit-code handling | Seller data, sync jobs, tool execution, and marketplace checks |
Optional local filters such as --read-only and --domain | Dashboard key scopes, write permissions, preview checks, and duplicate-submit protection |
| Network retries and timeout behavior | Rate limits, account status checks, and write audit history |
Local filters are not access control
--read-only and --domain are useful local filters. They hide tools and reject matching calls in the CLI or bridge before the request leaves your machine. They do not change what the API key is allowed to do.
For a real read-only boundary, scope the key
Create a read-only key in the dashboard Keys tab. agentcentral rejects writes made with that key regardless of local flags. See scope your API keys.
Key handling
- The CLI never accepts a key as a flag value, because flags can leak through shell history and process listings.
- Keys can come from
AGENT_CENTRAL_API_KEY, a prompt, stdin, a locked-down config file, or the OS keychain. - Stored config files must be readable only by your user. The CLI refuses unsafe permissions.
- Commands never print the raw key. Diagnostics report presence or a redacted prefix only.
- No CLI telemetry is collected.
Paste-safe diagnostics
For support or issue reports, use doctor --redact. It produces a shareable report without raw keys, connector tokens, or seller data.
# paste-safe: no raw key, no connector token, no seller data agentcentral doctor --redact --format markdown
Every command also prints the resolved account and marketplace to stderr before it acts, so you can confirm which account a write will affect. For write behavior, see write safety.