CLI Reference
The keel unified command-line tool provides all Keel development utilities in a single binary.
Installation
See Installation for setup instructions.
Commands
keel run
Execute a Keel file.
keel run script.kl
keel -f
Shorthand for keel run:
keel -f script.kl
keel repl
Start the interactive REPL.
keel repl
See Using the REPL for details.
keel fmt
Format source code.
keel fmt file.kl # Format in-place
keel fmt --check file.kl # Check without modifying
keel fmt --stdout file.kl # Print to stdout
keel fmt --width 80 file.kl # Custom line width
echo 'let x = 42' | keel fmt # Format from stdin
See the Formatter page for full documentation.
keel lsp
Start the Language Server Protocol server.
keel lsp
The server communicates over stdio. See Language Server & Editor Setup for editor configuration.
IO Security
File system IO is disabled by default for security.
| Variable | Values | Effect |
|---|---|---|
KEEL_IO_DISABLED | 0 or false | Enable file/directory IO |
KEEL_IO_READ_ONLY | 1 or true | Allow only read operations |
KEEL_IO_SANDBOX | /path/to/dir | Restrict to directory |
Examples
KEEL_IO_DISABLED=0 keel run script.kl # Enable IO
KEEL_IO_DISABLED=0 KEEL_IO_READ_ONLY=1 keel run script.kl # Read-only
KEEL_IO_DISABLED=0 KEEL_IO_SANDBOX=/tmp/sandbox keel run script.kl
Console operations (print, println, readLine) are always allowed.
HTTP Security
HTTP requests via the Http module are disabled by default.
| Variable | Values | Effect |
|---|---|---|
KEEL_HTTP_DISABLED | 0 or false | Enable HTTP requests |
KEEL_HTTP_ALLOWED_HOSTS | host1,host2 | Restrict to listed hosts |
Examples
KEEL_HTTP_DISABLED=0 keel run api-client.kl # Enable HTTP
KEEL_HTTP_DISABLED=0 KEEL_HTTP_ALLOWED_HOSTS=api.example.com keel run client.kl # Restrict hosts
Request construction (Http.get, Http.withHeader, etc.) is always allowed — only Http.send requires HTTP to be enabled.
DataFrame Security
DataFrame file operations (readCsv, readJson, readParquet, writeCsv, writeJson) are enabled by default but can be restricted.
| Variable | Values | Effect |
|---|---|---|
KEEL_DATAFRAME_DISABLED | 1 or true | Disable DataFrame file operations |
KEEL_DATAFRAME_SANDBOX | /path/to/dir | Restrict file I/O to directory |
KEEL_DATAFRAME_MAX_ROWS | 10000 | Limit rows loaded from files |
Examples
KEEL_DATAFRAME_SANDBOX=/data keel run analysis.kl # Restrict to /data
KEEL_DATAFRAME_MAX_ROWS=10000 keel run analysis.kl # Limit row count
KEEL_DATAFRAME_DISABLED=1 keel run untrusted.kl # Disable entirely
In-memory operations (select, filter, groupBy, etc.) are always allowed — only file I/O functions are affected by these controls.
For detailed information, see the IO Security Guide.
DateTime Security
DateTime operations can be disabled for untrusted code.
| Variable | Values | Effect |
|---|---|---|
KEEL_DATETIME_DISABLED | 1 or true | Disable DateTime operations |
Environment Variables
| Variable | Description |
|---|---|
NO_COLOR | Disable colored output |
KEEL_IO_DISABLED | 0 or false to enable file IO |
KEEL_IO_READ_ONLY | 1 or true for read-only IO |
KEEL_IO_SANDBOX | Restrict IO to a directory |
KEEL_HTTP_DISABLED | 0 or false to enable HTTP requests |
KEEL_HTTP_ALLOWED_HOSTS | Comma-separated list of allowed HTTP hosts |
KEEL_DATAFRAME_DISABLED | 1 or true to disable DataFrame operations |
KEEL_DATAFRAME_SANDBOX | Restrict DataFrame file I/O to a directory |
KEEL_DATAFRAME_MAX_ROWS | Limit rows loaded from files (e.g. 10000) |
KEEL_DATETIME_DISABLED | 1 or true to disable DateTime operations |
Exit Codes
| Code | Meaning |
|---|---|
| 0 | Success |
| 1 | Compilation error |
| 2 | Runtime error |