Platform engineers used to run AI agents through a chat window. Now, those agents run right alongside them in the terminal. Here are the CLIs that matter in 2026 and give those agents a clean, scriptable way into your infrastructure:
Most lists like this one focus on one of two things.
Coding-agent roundups compare tools like Claude Code, Codex, Cursor CLI, and OpenCode on benchmarks, pricing, and developer experience.
Platform engineering roundups focus on tools like Backstage, Port, Crossplane, Spacelift, and Terraform, evaluating governance, self-service, and day-to-day operations.
But another question is becoming increasingly important: which CLIs are well-suited for automation?
Platform engineering has spent years making infrastructure easier to consume through Backstage catalogs, self-service portals, and golden paths. Those abstractions remain valuable, but the CLI has become just as important because automation increasingly depends on it.
A good infrastructure CLI doesn't just execute commands. It also needs to:
That's why platform teams are taking a fresh look at their CLI surface area. One comparison of 75 matched tasks across MCP-based and CLI-based agents found the CLI approach used roughly 10 to 32 times fewer tokens for equivalent work, with reliability close to 100% compared to a much rougher run for MCP.
With that in mind, here are ten CLIs every platform engineer should know in 2026.
As more infrastructure workflows become automated, the CLI is becoming more than a deployment tool. StackGen CLI gives you a single interface to configure, deploy, and manage infrastructure while connecting StackGen to tools like Claude Code, Cursor, and VS Code through MCP.
Instead of switching between your terminal, IDE, and the StackGen UI, you can work with the same interface across development, deployment, and day-to-day operations.
With the StackGen CLI, you can:
stackgen mcp, allowing supported IDEs to interact with StackGen through a standard interfaceThe result is less context switching. You use the same CLI to manage infrastructure from your terminal, automate deployments in CI/CD, and connect supported IDEs through MCP.
Kubernetes is still the operating system of platform engineering, and kubectl remains the CLI most teams rely on every day. It's also one of the easiest tools for AI agents to work with because of its predictable design.
A consistent command pattern runs across almost every resource type, from Pods to custom CRDs. Whether an agent needs to inspect, create, update, or remove a resource, the workflow stays familiar.
Some of the reasons it works well for agents include:
-o json or -o yaml, making it easy to parse without scraping terminal textThat consistency extends beyond Kubernetes itself. Teams building agent-ready internal platforms on top of kcp have found they can use kubectl to export, bind, and interact with APIs across the platform because every workspace behaves like a Kubernetes cluster.
Terraform's CLI remains the backbone of infrastructure as code, while OpenTofu has become a strong open-source alternative if you prefer to avoid licensing uncertainty.
Both are well-suited to AI-assisted workflows because they follow a predictable, reviewable execution model. For you, that means:
The plan-then-apply workflow allows an AI agent to generate a plan while a human or policy gate reviews it, keeping infrastructure changes transparent and auditable.
Whether you choose Terraform or OpenTofu, the workflow stays familiar. That's one reason both are widely regarded as foundational tools for platform engineering in 2026.
If your team is already Kubernetes-native, Crossplane helps you manage cloud infrastructure without switching between kubectl and a separate infrastructure-as-code tool. You define cloud resources using the same declarative YAML and workflows you already use for Kubernetes applications.
Crossplane extends Kubernetes so you can manage infrastructure such as:
It also introduces Compositions, which let platform teams combine multiple resources into a single, simplified API that works consistently across AWS, Azure, and GCP.
For AI agents, that consistency is one of Crossplane's biggest strengths. Instead of reasoning across multiple cloud-specific CLIs, an agent can interact with a single control plane and a consistent API surface.
GitOps is built on a simple idea: Git is the source of truth, and your cluster should always converge back to it. The Argo CD CLI carries that same approach into AI-assisted workflows.
When an agent opens a pull request that updates a manifest, the GitOps workflow provides a built-in review and deployment process instead of allowing changes to go directly into the cluster.
The CLI also makes it easy to:
For AI-assisted operations, that combination of visibility, review, and rollback makes Argo CD more than a deployment tool. It also provides a reliable safety net for both human operators and AI agents.
The more operational work you hand off to AI agents, the more important secrets management becomes. If an agent is running unattended, the way it receives credentials matters just as much as the tasks it's performing.
The Vault CLI helps you manage that access more securely by:
This approach also makes it easier to follow the principle of least privilege. Instead of giving an agent broad, persistent access, you can grant only the permissions it needs for a specific task.
If you're running Kubernetes, Vault also works well with tools like External Secrets Operator. Together, they let you keep secrets out of Git while giving your applications and AI agents a secure, programmatic way to request credentials when they're needed.
As you automate more operational workflows, this model lets you give AI agents the access they need without creating another set of long-lived secrets to manage.
If you're already using GitHub to manage your development workflow, the GitHub CLI (gh) can become one of the most useful tools in your platform engineering toolkit. As automation becomes more common in development workflows, much of their work, whether it's updating code, fixing configuration, or suggesting changes, eventually shows up as a pull request.
The GitHub CLI gives you and your AI agents a consistent way to work with GitHub from the terminal. You can:
If you use GitHub Copilot CLI, you also get access to GitHub context, such as pull request history, open issues, and gists, making it easier for an agent to understand the state of your repository without leaving GitHub.
Keeping these workflows in a single command-line interface makes automation much simpler. Instead of switching between browser tabs and dashboards, you can script, review, and automate common GitHub tasks through a predictable set of commands that work well for both you and your AI agents.
If you prefer writing infrastructure as code in a programming language instead of HCL or YAML, the Pulumi CLI is well worth considering. It lets you define and manage infrastructure using languages like TypeScript, Python, Go, and C#, while keeping the same infrastructure-as-code workflow.
That also makes Pulumi a natural fit for AI-assisted development. Large language models generally perform better when generating and reasoning about widely used programming languages than they do with declarative configuration languages.
The Pulumi CLI supports that workflow by giving you:
If you're introducing AI agents into your infrastructure workflows, that review step remains just as important. An agent can generate the proposed changes, while you or your policy controls decide whether they're ready to be applied.
Claude Code is a terminal-based coding tool that can inspect repositories, edit files, run shell commands, and work across large codebases from the command line.
For platform engineers, that makes it useful beyond application development. Infrastructure repositories often contain Terraform, Kubernetes manifests, Helm charts, deployment scripts, CI/CD pipelines, and internal tooling. Instead of switching between a chat window and your terminal, you can work on those resources from the same session.
Key capabilities include:
Skills are particularly useful for platform teams. Instead of rewriting the same instructions for recurring tasks, you can save them as markdown-based Skills. For example, you can document how to validate a Terraform plan, investigate a failed deployment, or troubleshoot a Kubernetes service. Claude Code can then follow the same workflow whenever that task comes up.
If much of your engineering work already begins in the terminal, Claude Code lets you stay there while working across your code, infrastructure, and connected tools.
Some platform teams prefer not to tie their engineering workflows to a single model provider. Model-flexible coding CLIs solve that by providing a consistent command-line interface while letting you choose which model powers it.
Two popular examples are:
The advantage is consistency. Your engineers learn one CLI while you retain the option to evaluate new models, switch providers, or meet compliance requirements without changing how your team interacts with the tool.
If you're evaluating coding CLIs today, choosing one that isn't tied to a single model provider gives you more flexibility as both your infrastructure and model requirements evolve.
Before adding another CLI to your platform, evaluate it against these criteria:
plan, diff, or dry-run commands before making changes.If a CLI checks most of these boxes, it's likely to be easier to standardize across your team and more reliable as you introduce AI-assisted workflows into your platform.
If you're already using infrastructure CLIs like kubectl, terraform, and gh, the StackGen CLI complements them rather than replacing them.
It gives you a single interface to work with StackGen across your terminal, CI/CD pipelines, and supported IDEs through MCP, so you can manage infrastructure and deployment workflows without changing the way you work.
You can get started with the StackGen CLI in a few minutes:
stackgen mcp to connect supported IDEs.Get started for free here, or book some time with our team to know more!
Do AI agents replace CLIs like kubectl and terraform?
No. AI agents use CLIs to execute actions on infrastructure. Tools like kubectl, terraform, aws, and gh remain the execution layer for provisioning, deployments, and operational workflows.
How is the StackGen CLI different from kubectl or terraform?
The StackGen CLI doesn't replace tools like kubectl or terraform. It provides a single interface for working with StackGen, including infrastructure management, deployment workflows, and MCP connectivity. You continue using your existing infrastructure tools while using the StackGen CLI to interact with StackGen services.
What makes a CLI automation-friendly?
Look for structured output (JSON or YAML), consistent command patterns, preview or dry-run support, predictable exit codes, idempotent operations, and authentication methods that integrate with your existing identity provider.
Should I standardize on one coding agent or use multiple?
It depends on your requirements. Many engineering teams use one primary coding agent for day-to-day development and keep a model-flexible CLI available for evaluating different model providers, meeting compliance requirements, or testing new capabilities.
How do I decide which CLIs to standardize on?
Prioritize CLIs with structured output, predictable command patterns, preview or dry-run support, secure authentication, stable exit codes, and good integration with your CI/CD and automation workflows. These characteristics make them easier to automate, govern, and maintain at scale.