CLI Reference

The keel unified command-line tool provides all Keel development utilities in a single binary.

Installation

See Installation for setup instructions.

Commands

keel run

Execute a Keel file or project.

keel run script.kl   # Run a specific file
keel run             # Run keel.toml main (inside a project directory)

keel -f

Shorthand for keel run:

keel -f script.kl

keel repl

Start the interactive REPL.

keel repl

See Using the REPL for details.

keel fmt

Format source code.

keel fmt file.kl             # Format in-place
keel fmt --check file.kl     # Check without modifying
keel fmt --stdout file.kl    # Print to stdout
keel fmt --width 80 file.kl  # Custom line width
echo 'let   x  =  42' | keel fmt  # Format from stdin

See the Formatter page for full documentation.

keel check

Type-check a Keel file without executing it.

keel check script.kl

Exits with code 0 if no errors are found. Useful for CI or editor integrations that want type checking without running the program.

keel lsp

Start the Language Server Protocol server.

keel lsp

The server communicates over stdio. See Language Server & Editor Setup for editor configuration.

keel tui

Open the terminal user interface — an integrated REPL, environment inspector, and DataFrame viewer.

keel tui
keel tui --module-root ./src        # Set the project root directory
keel tui --gateway-port 3000        # Expose an HTTP gateway for editor connections
keel tui --connection-file conn.json  # Use an existing Jupyter connection file

keel init

Initialize a new Keel project.

keel init                         # Initialize in the current directory
keel init my-project              # Create and initialize a new directory
keel init my-project --template pipeline   # Use a specific template

Available templates:

Template	Description
`minimal`	Basic project with a single main file (default)
`pipeline`	Data pipeline with `run` and `task`
`analysis`	Scientific analysis with variables, imputation, and statistics

keel templates

List all available project templates.

keel templates

keel trace

Inspect compiler pipeline phases for a Keel file or inline source string — parsed AST, inferred types, bytecode, and VM execution trace.

The argument is treated as a file path if a file by that name exists; otherwise it is compiled directly as keel source.

keel trace "1 + 1"                # Inline source string
keel trace script.kl              # File path
keel trace script.kl --types      # Only inferred types
keel trace script.kl --bytecode --exec  # Bytecode and execution trace
keel trace "let x = 42" --focus "42"   # Narrow inline source to a fragment
keel trace script.kl --focus "3:1"     # Narrow to line 3, column 1

Flag	Output
`--ast`	Parsed AST as JSON
`--types`	Per-binding inferred types
`--bytecode`	Bytecode instruction table with source annotations
`--exec`	VM execution trace with register snapshots
`--focus <str>`	Narrow all output to a source fragment or `line:col` position

See Tracing and Debugging for full documentation.

IO Security

File system IO is disabled by default for security.

Variable	Values	Effect
`KEEL_IO_DISABLED`	`0` or `false`	Enable file/directory IO
`KEEL_IO_READ_ONLY`	`1` or `true`	Allow only read operations
`KEEL_IO_SANDBOX`	`/path/to/dir`	Restrict to directory

Examples

KEEL_IO_DISABLED=0 keel run script.kl                    # Enable IO
KEEL_IO_DISABLED=0 KEEL_IO_READ_ONLY=1 keel run script.kl # Read-only
KEEL_IO_DISABLED=0 KEEL_IO_SANDBOX=/tmp/sandbox keel run script.kl

Console operations (print, println, readLine) are always allowed.

HTTP Security

HTTP requests via the Http module are disabled by default.

Variable	Values	Effect
`KEEL_HTTP_DISABLED`	`0` or `false`	Enable HTTP requests
`KEEL_HTTP_ALLOWED_HOSTS`	`host1,host2`	Restrict to listed hosts

Examples

KEEL_HTTP_DISABLED=0 keel run api-client.kl                    # Enable HTTP
KEEL_HTTP_DISABLED=0 KEEL_HTTP_ALLOWED_HOSTS=api.example.com keel run client.kl  # Restrict hosts

Request construction (Http.get, Http.withHeader, etc.) is always allowed — only Http.send requires HTTP to be enabled.

DataFrame Security

DataFrame file operations (readCsv, readJson, readParquet, writeCsv, writeJson) are enabled by default but can be restricted.

Variable	Values	Effect
`KEEL_DATAFRAME_DISABLED`	`1` or `true`	Disable DataFrame file operations
`KEEL_DATAFRAME_SANDBOX`	`/path/to/dir`	Restrict file I/O to directory
`KEEL_DATAFRAME_MAX_ROWS`	`10000`	Limit rows loaded from files

Examples

KEEL_DATAFRAME_SANDBOX=/data keel run analysis.kl          # Restrict to /data
KEEL_DATAFRAME_MAX_ROWS=10000 keel run analysis.kl         # Limit row count
KEEL_DATAFRAME_DISABLED=1 keel run untrusted.kl            # Disable entirely

In-memory operations (select, filter, groupBy, etc.) are always allowed — only file I/O functions are affected by these controls.

For detailed information, see the IO Security Guide.

DateTime Security

DateTime operations can be disabled for untrusted code.

Variable	Values	Effect
`KEEL_DATETIME_DISABLED`	`1` or `true`	Disable DateTime operations

Environment Variables

Variable	Description
`NO_COLOR`	Disable colored output
`RUST_LOG`	Enable internal debug logging (e.g. `RUST_LOG=debug` for `keel trace --exec`)
`KEEL_IO_DISABLED`	`0` or `false` to enable file IO
`KEEL_IO_READ_ONLY`	`1` or `true` for read-only IO
`KEEL_IO_SANDBOX`	Restrict IO to a directory
`KEEL_HTTP_DISABLED`	`0` or `false` to enable HTTP requests
`KEEL_HTTP_ALLOWED_HOSTS`	Comma-separated list of allowed HTTP hosts
`KEEL_DATAFRAME_DISABLED`	`1` or `true` to disable DataFrame operations
`KEEL_DATAFRAME_SANDBOX`	Restrict DataFrame file I/O to a directory
`KEEL_DATAFRAME_MAX_ROWS`	Limit rows loaded from files (e.g. `10000`)
`KEEL_DATETIME_DISABLED`	`1` or `true` to disable DateTime operations

Exit Codes

Code	Meaning
0	Success
1	Compilation error
2	Runtime error