Concepts
Both Jorli CLIs share a small set of conventions. Knowing them up front makes every command page lighter.
The output contract: --json --no-color
Section titled “The output contract: --json --no-color”Every command supports two recursive global flags:
| Flag | Effect |
|---|---|
--json |
Write structured JSON output. Indented, camelCase property names. |
--no-color |
Disable ANSI colour output. |
Used together, they produce clean, parseable output that’s safe to feed to scripts or to another terminal agent:
kite auth status --json --no-colordhan orders list --json --no-colorWithout --json, the CLI renders Spectre.Console tables (rounded borders, colours) for
interactive use. Do not parse the table output — its shape can change between releases.
The third global flag: --verbose
Section titled “The third global flag: --verbose”--verbose prints detailed errors including raw broker error payloads and SDK stack
traces. Use it only when debugging API failures. Avoid it in shared transcripts or
logs — it can leak low-level error bodies.
dhan orders place --file order.json --dry-run --verbose --json --no-colorWhere do outputs go?
Section titled “Where do outputs go?”| Stream | Contents |
|---|---|
| stdout | Successful JSON payloads, table renders |
| stderr | Errors, warnings, raw payloads in --verbose |
Exit codes
Section titled “Exit codes”Each CLI uses a small, stable set of exit codes. They are part of the public API.
Kite CLI
Section titled “Kite CLI”| Code | Meaning |
|---|---|
0 |
Success |
1 |
CLI usage error, missing file, missing argument, invalid input |
2 |
Authentication problem or expired / invalid session |
3 |
Kite API error, permission error, network error, data error, rate-limit-style error |
4 |
Unexpected failure |
Dhan CLI
Section titled “Dhan CLI”| Code | Meaning |
|---|---|
0 |
Success |
2 |
Usage error (missing required option, --yes not passed, etc.) |
3 |
Auth failure (HTTP 401 / 403 from Dhan) |
4 |
API failure (any other non-2xx Dhan response) |
5 |
I/O / file error |
10 |
Unexpected runtime error |
In all cases, do not retry in a loop on API or auth errors. Stop, inspect stderr and the exit code, and ask the operator for direction if running as an agent.
Secret storage — your keyring, not a config file
Section titled “Secret storage — your keyring, not a config file”Both CLIs store credentials in the OS-native secret store with a tool-specific key prefix:
| OS / Environment | Store | Key prefix / location |
|---|---|---|
| Windows | Credential Manager | kite-cli:<key> or dhan-cli:<key> |
| macOS | Keychain | Service <tool>:<key>, Account <tool> |
| Linux (with Secret Service) | secret-tool (libsecret) |
Service <tool>, account <tool>:<key> |
| Linux headless / WSL fallback | AES-GCM encrypted file | ~/.config/<tool>/secrets.dat (Kite) — for Dhan, the same keyring fallback chain applies |
Stored keys per tool:
| Kite CLI | Dhan CLI |
|---|---|
kite-cli:api-key |
dhan-cli:client-id |
kite-cli:api-secret |
dhan-cli:access-token |
kite-cli:access-token |
Never commit or share these values. If you need to share a command transcript,
redact with placeholders such as <api_key>, <api_secret>, <request_token>,
<access_token>, <client_id>.
Non-secret preferences
Section titled “Non-secret preferences”Each CLI keeps a small, plain-text preferences file for non-secret values (e.g. broker base URL override, redirect port).
| CLI | Path (Windows) | Path (macOS / Linux) |
|---|---|---|
| Kite CLI | %AppData%\kite-cli\config.json |
~/.config/kite-cli/config.json |
| Dhan CLI | %AppData%\dhan-cli\config.json |
~/.config/dhan-cli/config.json |
Manage them with config set / config get per CLI.
The browser-login callback URL
Section titled “The browser-login callback URL”Both CLIs use a small local TcpListener on 127.0.0.1 to capture a broker-supplied
token after you complete a browser login. The default callback port is 17890.
- Configure your broker app’s redirect URL to
http://127.0.0.1:17890/. - Override the port with
--port <number>onauth login/auth partner-login(Dhan) orconfig set redirectPort <port>(Dhan). - If your machine cannot receive the callback (headless boxes, restricted WSL), skip the
waiting flow and use the broker’s out-of-band
request_token/tokenIdinstead — see each CLI’sauthpage.
Live-trading guardrails
Section titled “Live-trading guardrails”Each CLI refuses to silently mutate live trading state.
- Dhan CLI — every live-account-changing command (order placement, modification,
cancellation, kill switch, P&L-based exit, position conversion, IP set, etc.) requires
the explicit
--yesflag. Without--yes, the CLI refuses with exit code2. Use--dry-runfirst to inspect the parsed payload without sending it. Live action - Kite CLI — place / modify / cancel commands always read from an operator-supplied
JSON file (
--file). The CLI never invents quantities, prices, products, or symbols. There is no--yestoggle on Kite; the file is the confirmation. Live action
Static IP whitelisting (Dhan only)
Section titled “Static IP whitelisting (Dhan only)”Dhan requires you to whitelist the static public IP your machine uses for live trading
(order placement, modification, cancellation, and several control APIs). Without it,
these endpoints return an authorization error. See Dhan CLI › IP.
Instrument cache (both CLIs)
Section titled “Instrument cache (both CLIs)”Each CLI can download its broker’s full instrument master to a local cache and search it offline. Search returns at most 25 matches; quote and historical-data commands consume the broker’s numeric security IDs / instrument tokens from that cache.
| CLI | Cache location |
|---|---|
| Kite CLI | %LocalAppData%\kite-cli\instruments\ |
| Dhan CLI | %AppData%\dhan-cli\instruments\ |
If you see Instrument cache is missing, run instruments download first.