I don't think it falls on the side of bloat, and it's a pretty nifty option to sudo...
Index: doas.1 =================================================================== RCS file: /build/data/openbsd/cvs/src/usr.bin/doas/doas.1,v retrieving revision 1.10 diff -u -p -r1.10 doas.1 --- doas.1 21 Jul 2015 17:49:33 -0000 1.10 +++ doas.1 26 Jul 2015 11:13:52 -0000 @@ -21,7 +21,7 @@ .Nd execute commands as another user .Sh SYNOPSIS .Nm doas -.Op Fl s +.Op Fl ns .Op Fl C Ar config .Op Fl u Ar user .Ar command @@ -38,6 +38,10 @@ Parse and check the configuration file .Ar config , then exit. No command is executed. +.It Fl n +Non interactive mode, fail if +.Nm +would prompt for password. .It Fl s Execute the shell from .Ev SHELL Index: doas.c =================================================================== RCS file: /build/data/openbsd/cvs/src/usr.bin/doas/doas.c,v retrieving revision 1.21 diff -u -p -r1.21 doas.c --- doas.c 24 Jul 2015 06:36:42 -0000 1.21 +++ doas.c 26 Jul 2015 11:13:52 -0000 @@ -295,9 +295,10 @@ main(int argc, char **argv, char **envp) int ngroups; int i, ch; int sflag = 0; + int nflag = 0; uid = getuid(); - while ((ch = getopt(argc, argv, "C:su:")) != -1) { + while ((ch = getopt(argc, argv, "C:nsu:")) != -1) { switch (ch) { case 'C': setresuid(uid, uid, uid); @@ -307,6 +308,9 @@ main(int argc, char **argv, char **envp) if (parseuid(optarg, &target) != 0) errx(1, "unknown user"); break; + case 'n': + nflag = 1; + break; case 's': sflag = 1; break; @@ -361,7 +365,7 @@ main(int argc, char **argv, char **envp) } if (!(rule->options & NOPASS)) { - if (!auth_userokay(myname, NULL, NULL, NULL)) { + if (nflag || !auth_userokay(myname, NULL, NULL, NULL)) { syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed password for %s", myname); fail();