Frontier CLI
Command-line interface for the Federal Frontier Platform — cluster management, AI assistant, and infrastructure operations from your terminal.
Overview
The Frontier CLI (frontier) is a Go-based command-line tool for managing the Federal Frontier Platform (FFP). It provides authenticated access to cluster lifecycle management, project administration, and an AI-powered infrastructure assistant — all from the terminal.
| Property | Value |
|---|---|
| Language | Go (Cobra framework) |
| Current Version | Set at build time via -ldflags |
| Auth | OAuth2/OIDC via Keycloak (PKCE) |
| API Backend | Trailboss API (API_SERVER_URL) |
| Source | gitlab.com/eupraxialabs/frontier-cli |
| Binary | frontier (single static binary) |
Command Summary
| Command | Role Required | Description |
|---|---|---|
frontier login |
None | Authenticate via Keycloak OIDC |
frontier logout |
Any authenticated | Clear stored credentials |
frontier version |
None | Print CLI version |
frontier chat |
None | AI assistant (interactive or one-shot) |
frontier get |
viewer+ | Retrieve clusters, machines, projects, kubeconfig, costs, users, addons |
frontier create |
clusteradmin+ | Create clusters (CAPO/OpenStack, EKS/AWS) and projects |
frontier delete |
clusteradmin+ | Delete clusters and projects |
frontier manage |
clusteradmin+ | Manage cluster replicas, add-ons, team access, users |
frontier batch |
clusteradmin+ | Create multiple clusters in parallel from YAML |
frontier fmc |
platformadmin | Direct access to the Field Management Cluster |
RBAC Model
Commands are gated by the role embedded in the user’s JWT token. Roles are extracted from both realm_access and resource_access claims.
| Role | Level | Access |
|---|---|---|
| platformadmin | Highest | All commands including fmc |
| projectadmin | Project | get, create, delete, manage, chat, batch |
| clusteradmin | Cluster | get, create, delete, manage, chat, batch |
| operator | Operations | get, chat |
| viewer | Read-only | get, chat |
The chat command is available to all users, including unauthenticated (for initial setup guidance).
Architecture
frontier (Go binary)
│
├── cmd/login/ OAuth2 PKCE → Keycloak → token stored in ~/.frontier/
├── cmd/chat/ AI assistant → POST /api/v1/chat (Trailboss)
├── cmd/get/ Read operations → GET /api/v1/* (Trailboss)
├── cmd/create/ Cluster/project creation → POST /api/v1/* (Trailboss)
├── cmd/delete/ Resource deletion → DELETE /api/v1/* (Trailboss)
├── cmd/manage/ Teams, replicas, add-ons → PUT /api/v1/* (Trailboss)
├── cmd/batch/ Parallel cluster creation from YAML manifest
├── cmd/fmc/ FMC kubectl operations (platformadmin only)
└── pkg/
├── api/handler HTTP request handling, TLS, auth headers
└── auth Token storage, refresh, JWT parsing
All commands communicate with the Trailboss API backend, which in turn interfaces with Kubernetes (CAPI), AWS, OpenStack, Keycloak, Gitea, and MCP servers.