Make CLI more agent-friendly (quick wins)

[strickvl]

Summary

This PR makes the ZenML CLI more reliable for automation, coding agents, and CI jobs while preserving the existing human-friendly table UX.

It improves machine-readable output, makes prompt-heavy flows safer in non-interactive environments, and adds dry-run previews for a focused set of mutating commands.

What changed

Machine-friendly CLI behavior

• adds ZENML_CLI_MACHINE_MODE
• adds a central is_machine_mode() helper
• makes commands that support --output default to JSON in machine mode
• auto-accepts confirmation prompts in machine mode
• fails fast on interactive prompt flows instead of hanging
• emits structured JSON errors for ZenML CLI-managed errors in machine mode

Structured output for single-item commands

Migrates the remaining Rich-only describe commands so they can produce structured output:

• zenml artifact version describe
• zenml authorized-device describe
• zenml service-account describe
• zenml service-account api-key describe
• zenml code-repository describe

These commands still preserve the existing key/value table presentation for normal table output.

Hardening prompt-heavy CLI flows

Wires machine-mode behavior through remaining prompt-heavy paths, including:

• service connector register/update flows
• stack import / cloud wizard flows
• stack component connector/resource selection
• login menu / API key entry
• optional analytics email prompt
• secret interactive flows
• user password prompts

Dry-run previews for mutating commands

Adds --dry-run support for:

• zenml stack register
• zenml stack update
• zenml stack delete
• zenml pipeline run
• zenml secret create
• zenml secret update

Dry-run behavior validates inputs and returns a structured preview without performing the mutation.

A few intentional safety details:

• secret values are always redacted in dry-run output
• stack environment variable previews only show set/remove intent, not raw values
• stack delete --dry-run skips destructive confirmation prompts because no side effects occur
• pipeline run --dry-run validates import/config/preparation and intentionally skips stack activation, snapshot creation, and submission

Tests and docs

• adds focused CLI regression coverage for:
  • JSON/YAML --columns filtering
  • machine-mode defaults and helper behavior
  • structured JSON error output
  • prompt blocking and auto-confirm behavior
  • dry-run previews for secret, stack, and pipeline commands
• documents ZENML_CLI_MACHINE_MODE in the environment variable docs
• updates the global settings docs to point users at machine mode for automation use cases

Why

ZenML already had a strong centralized output pipeline, but there were still a few places where the CLI was human-first in ways that make automation unreliable:

• some describe commands only rendered Rich tables
• prompt-heavy flows could block indefinitely
• error output was human-readable only
• machine-friendly defaults were not available as a single opt-in mode
• mutating commands had no safe preview path for validation before execution

Verification

Ran:

• bash scripts/format.sh --no-yamlfix ...
• uv run mypy src/zenml/cli/utils.py src/zenml/cli/secret.py src/zenml/cli/pipeline.py src/zenml/cli/stack.py
• bash scripts/docstring.sh "src/zenml/cli/utils.py src/zenml/cli/secret.py src/zenml/cli/pipeline.py src/zenml/cli/stack.py"
• uv run pytest tests/integration/functional/cli/test_utils.py tests/integration/functional/cli/test_secret.py tests/integration/functional/cli/test_stack.py tests/integration/functional/cli/test_pipeline.py

Result:

• 96 passed

Notes for reviewers

• The table UX for the migrated describe commands is intentionally preserved; structured output is used for non-table formats only.
• The dry-run implementation is deliberately scoped to the commands above rather than trying to introduce a broader preview API across the entire client/store stack in one go.

[github-actions]

✅ No broken links found!

[github-actions]

Documentation Link Check Results

✅ Absolute links check passed
✅ Relative links check passed
_{Last checked: 2026-04-08 15:53:29 UTC}

[github-actions]

⚠️ This PR has been inactive for 2 weeks and has been marked as stale.
Timeline:

• Week 2 (now): First reminder - PR marked as stale
• Week 4: PR will be automatically closed if no activity
  Please update this PR or leave a comment to keep it active. Any activity will reset the timer and remove the stale label.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ strickvl
❌ Alex Strick van Linschoten

---

Alex Strick van Linschoten seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}