Skip to main content

Keld CLI — set up local telemetry for AI coding tools

Project description

keld

The Keld CLI configures your local AI coding tools (Claude Code, Codex, Gemini CLI) to send telemetry to Keld Atlas.

Install

Recommended (isolated, works on every platform):

pipx install keld

If you don't have pipx yet: python -m pip install --user pipx && python -m pipx ensurepath.

Alternatives: uvx keld / uv tool install keld (if you use uv), or pip install keld inside a virtual environment (a bare pip install into system Python fails with externally-managed-environment on modern distros).

Usage

keld login             # authenticate (also happens automatically on first `signal setup`)

keld signal setup      # detect tools, show changes, configure telemetry + install hook
keld signal status     # see what's configured
keld signal doctor     # diagnose problems
keld signal uninstall  # cleanly remove everything Keld added

Auth commands (login, logout, whoami) are top-level and shared across Keld product groups. Telemetry onboarding lives under the keld signal group.

keld signal setup flags: --tool claude_code,codex (target specific tools), --dry-run (show changes only), --yes (skip confirmation), --no-login (fail instead of opening a browser, for CI).

setup is interactive. By default it prints a concise summary of the changes to each config file; pass --diff to see the full unified diff. If a tool's config already has settings Keld can't safely merge (e.g. Codex with its own [otel] section), setup explains the conflict and lets you [s]kip that tool, [r]eplace just the conflicting section with Keld's (the rest of your config is preserved, and the diff is always shown for a replace), or [a]bort. Every file Keld modifies is first copied to ~/.keld/backups/<tool>/. Use --dry-run to preview without writing and --yes to skip prompts (conflicts are auto-skipped in that mode).

Local development

To point the CLI at a Keld server running locally, pass --api-url to keld login (or keld signal setup):

keld login --api-url http://localhost:8000   # auth against the local server
keld signal setup                            # remembered — uses the same server

The chosen URL is stored with your credentials, so subsequent commands target it automatically. --api-url overrides the KELD_API_URL environment variable, which does the same thing if you prefer setting it in your shell.

Authentication

keld signs you in with a browser-based device authorization flow — you approve the CLI from a normal signed-in Keld session, so your password is never typed into (or seen by) the terminal.

sequenceDiagram
    actor You
    participant CLI as keld CLI
    participant Browser
    participant Keld

    You->>CLI: keld login (or any `keld signal` command)
    CLI->>Keld: start device authorization
    Keld-->>CLI: verification URL + short code
    CLI->>Browser: open the verification URL
    You->>Browser: sign in to Keld and confirm the code
    Browser->>Keld: approve (from your authenticated session)
    loop until you approve (or the request expires)
        CLI->>Keld: check whether it's approved yet
        Keld-->>CLI: not yet… then: an access token
    end
    CLI->>CLI: save the token locally (your user only)
    Note over CLI,Keld: keld signal setup then uses that token to fetch your<br/>telemetry config and set up your local tools

Key points:

  • Lazy by default — you don't have to run keld login first. Any command that needs auth (e.g. keld signal setup) starts this flow automatically; on a CI box use --no-login to fail cleanly instead of opening a browser.
  • You approve, in the browser — the short code shown in your terminal is only meaningful to confirm inside an authenticated Keld session, and the approval is attributed to the signed-in person. The request stops working shortly after it is issued if left unapproved.
  • The token stays on your machine — it's written under ~/.keld with user-only file permissions (override the location with KELD_HOME). keld whoami shows who you're signed in as; keld logout removes it. Tokens are revocable from Keld, so a lost laptop can be cut off without rotating anything else.

Environment

  • KELD_HOME — where credentials, the hook, and the manifest live (default ~/.keld).
  • KELD_API_URL — Atlas base URL (default https://atlas.keld.co).

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

keld-0.1.0.tar.gz (13.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

keld-0.1.0-py3-none-any.whl (22.3 kB view details)

Uploaded Python 3

File details

Details for the file keld-0.1.0.tar.gz.

File metadata

  • Download URL: keld-0.1.0.tar.gz
  • Upload date:
  • Size: 13.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.5

File hashes

Hashes for keld-0.1.0.tar.gz
Algorithm Hash digest
SHA256 1ea0dec9bae1bea00f9f547f556ff1d2a72f3fa1e85e11a4cddcf24fd9b4d8bd
MD5 34a2c7f1c0fbd553383b2278954de1eb
BLAKE2b-256 45b306092a6296d0c2a233c3e2ba586e6350e6787c63799e22f3f3d2d127c319

See more details on using hashes here.

File details

Details for the file keld-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: keld-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 22.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.5

File hashes

Hashes for keld-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 fec428638078428deb31728a4c0847696d614b7ca87fb43abcf1f9c494a5f391
MD5 478030be199cae45c6f0d0bc165d8103
BLAKE2b-256 8790e99dea9f097fde57413fe13281aaabcbd7a4832607c897b60dd31cbefd72

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page