SettleMint
CLI

Getting started

Install the DALP CLI, connect it to a DALP instance, and verify your first authenticated command.

The DALP CLI (@settlemint/dalp-cli) gives operators and integrators terminal access to a DALP instance. Authenticate through the browser, store a platform API key locally, and run asset and identity commands. For automation, pass --format json to get machine-readable output for scripts or AI agents.

Prerequisites

Before you start, you need:

  • Node.js 20 or later, or Bun, on the machine where you run the CLI.
  • The base URL of the DALP instance you want to manage.
  • A user account that can sign in to that DALP instance and has access to the target organisation.

Installation

Install the CLI globally with npm or Bun. Both install the same dalp binary:

npm install -g @settlemint/dalp-cli
bun add -g @settlemint/dalp-cli

After installation, the dalp command is available in your terminal. Verify it with dalp --version.

Configure the platform URL

The login command needs a DALP instance URL. Pass it with --url each time, or save it once with dalp config set apiUrl so later logins need no flag. To override for one shell session only, export DALP_URL before logging in.

## One-off inline login
dalp login --url https://dalp.example.com

## Save to config for repeated use
dalp config set apiUrl https://dalp.example.com
dalp login

## Override for the current shell session
export DALP_URL=https://dalp.example.com
dalp login

Authenticate with device flow

The CLI uses the OAuth 2.0 Device Authorization Grant. You do not type your password into the terminal.

dalp login --url https://dalp.example.com

During login, the CLI:

  1. Requests a device code from the DALP instance.
  2. Opens the verification URL in your browser, or prints the URL and user code if the browser cannot open automatically.
  3. Polls the DALP instance until you approve or deny the device request.
  4. Uses the approved session to create a CLI API key.
  5. Stores the API key locally for later commands.

The device code can expire before you approve it. If that happens, run dalp login again.

Verify your session

Run whoami after login:

dalp whoami

The command calls the authenticated user endpoint and returns the current user and active organisation. If no credentials are stored, authenticated commands fail with NOT_AUTHENTICATED and tell you to run dalp login.

Credential storage

The CLI stores credentials differently by operating system:

PlatformStorageBehaviour
macOSSystem KeychainStores the API key under the dalp-cli service.
Linux and Windows~/.config/dalp/credentials.jsonWrites the credential file with 0600 permissions and refuses credentials with broader permissions.

To sign out, run dalp logout. The CLI revokes the API key on the DALP instance and removes the local credentials:

dalp logout

Configuration sources

The CLI resolves settings from four sources: CLI flags (highest priority), then environment variables, then a project .dalprc.json, then the global ~/.config/dalp/config.json. Use dalp config to read and write the global file:

PrioritySourceExample
1CLI flagsdalp login --url https://dalp.example.com
2Environment variablesDALP_URL, DALP_ORG
3Project config.dalprc.json in the current directory
4Global config~/.config/dalp/config.json
# View all config
dalp config get

# View a single key
dalp config get apiUrl

# Set values
dalp config set format json
dalp config set defaultOrg my-org-slug

Output formats

Every command accepts --format to control the shape of its response. The default is toon (human-readable tables). Use json for scripts, yaml for config review, and md for Markdown reports:

FormatFlagUse case
toon--format toonHuman-readable tables. Default.
json--format jsonMachine-readable output for scripts and jq.
yaml--format yamlConfiguration and review artifacts.
md--format mdMarkdown reports.

To avoid passing the flag each time, save a default format to your global config:

dalp config set format json

First commands to run

After login, start with read-only inspection before any write operations. These calls confirm the session, system state, and organisation context:

# View your user profile and active organisation
dalp whoami

# List tokens in the system
dalp tokens list

# List users
dalp users list

# View system information
dalp system list

# Search across the platform
dalp search-results "bond"

Pass --format json when piping into automation:

dalp tokens list --format json

Next steps

On this page