A developer going by kamaludu just shipped Bash4LLM⁺, a single-file Bash wrapper that talks to LLM APIs without pulling in a single external dependency. According to Hacker News, where the Show HN post climbed to 166 points, the tool is a self-contained, readable script built first for Groq’s OpenAI-compatible Chat Completions endpoint, with hooks to extend to other providers. What stands out here is the pitch: download it, make it executable, export your API key, and you’re running. No package manager, no runtime, no install wizard.
The security-first framing is the real story. Most LLM CLIs lean on Python or Node and a stack of libraries you have to trust. Bash4LLM⁺ goes the other way, betting that a script you can actually read top to bottom is safer than one you can’t.
What it does
- Dynamic model lists: It pulls available models live from Groq’s `/v1/models` endpoint, so nothing is hardcoded. When a provider adds or retires a model, you don’t edit the script.
- Security by design: No use of `/tmp`, no `eval`, restrictive permissions, and provider validation. The author documents a real threat model: it targets single-user machines, never executes model output, and treats provider directories as trusted code you own.
- Streaming or full output: You can watch responses arrive token by token or wait for the complete answer.
- A JSON state system: The core constantly exposes metadata in atomic JSON, so you can wire it into a GUI or something like Home Assistant.
- Auto-save for long outputs: Anything past a configurable byte threshold (default 1000) gets written to disk automatically.
- Sessions and batching: It supports session IDs with a configurable context window, batch files where one line equals one prompt, templates, and JSON input in OpenAI format.
- Android-ready: It detects Termux and swaps `flock` (often flaky on Android due to kernel or SELinux limits) for a `mkdir`-based directory lock to keep concurrency safe.
How you use it
The workflow is plain shell. You can pass a prompt directly, pipe text in with `echo`, feed it a file, or use a heredoc for multi-line input. Flags cover the usual knobs: `-m` to pick a model per run, `–system` for a system prompt, `–temperature` (aliased, oddly, as `–ture`), and `–max` for token limits. A `–dry-run` flag simulates calls without hitting the API, which is handy for testing scripts before they cost you anything.
Groq is the default provider, but optional Extras add Gemini, Hugging Face, and Mistral, plus templates and security tools you install separately.
Where it runs and what it needs
Bash4LLM⁺ works across Unix-like environments: Linux, macOS, WSL, Cygwin, Termux on Android, and BSD. It expects a handful of standard tools on your PATH: `bash`, `coreutils`, `findutils`, `util-linux`, `gawk`, `curl`, and `jq`. So while it’s dependency-free in the package-manager sense, it does assume a normal Unix toolbox is present.
The caveats worth knowing
The author is upfront about limits. This is built for single-user setups: personal PCs, laptops, and private servers, not shared multi-tenant boxes. Providers are code that runs in your shell, so they have to live in directories you control. TOCTOU risks and the rough edges of parsing JSON and SSE streams in Bash are mitigated and documented rather than eliminated. That honesty is a good sign, but it also tells you the comfort zone.
This is significant because it pushes against the default assumption that working with LLMs means a heavyweight SDK. For anyone living in a terminal, automating prompts in cron jobs, or running models on a phone through Termux, a single auditable script is a genuinely different tradeoff. Whether it scales past hobbyist and personal-server use is the open question, but as a lightweight, inspectable entry point, it fills a real gap.
Full flags, the security writeup, and install steps are on the project’s GitHub, linked at the original source.