dari CLI to create a starter project, publish new versions, manage organization API keys and credentials, and send messages to deployed agents. For a guided first run, start with Quickstart.
Install
DARI_INSTALL_DIR, for example:
dari auth login first. The CLI talks to https://api.dari.dev.
In this reference, an agent is a project described by dari.yml. Deploying creates a new agent version. A session is one durable conversation with an agent, pinned to the agent version that was active when the session started. The sandbox is the isolated runtime where the agent runs tools and code. Skills are reusable instructions packaged with an agent. An organization owns agents, API keys, and stored credentials.
For headless use, set DARI_API_KEY instead of using browser login. When this environment variable is present, supported commands use it as the bearer token and ignore cached login state. Commands that do not list an --api-key flag, such as dari agent list, still read DARI_API_KEY from the environment.
dari api-keys create --name ci. API-key auth works for deploy, agent, and session commands; org management, API-key management, and stored credential management require an interactive login.
Init
.). --recursive creates an agent with the Dari CLI and a skills/dari playbook so it can deploy copies of itself and start child sessions. Recursive agents read DARI_API_KEY from a stored runtime credential; the key is not written to dari.yml.
| Flag | Description |
|---|---|
--name | Project name for dari.yml (defaults to the directory name) |
--skill | Name of the example skill to create under skills/ (default: review, or recursive-delegation with --recursive) |
--recursive | Scaffold an agent that can use Dari from its sandbox to create child agents/sessions. Store the key with dari credentials add DARI_API_KEY. |
--force | Overwrite existing files in the target directory |
Auth
Org
Deploy
| Flag | Description |
|---|---|
--api-key | Bearer token for the API (falls back to $DARI_API_KEY or the cached CLI login) |
--agent-id | Publish to a specific agent instead of resolving by name (falls back to $DARI_AGENT_ID) |
--dry-run | Build the local bundle and print the publish flow without uploading |
--quiet | Suppress per-stage progress on stderr |
API Keys
Credentials
Stored secrets that agent projects reference by name. You only need these for explicit bring-your-own-key fields (llm.api_key_secret, sandbox.provider_api_key_secret) or names listed under sandbox.secrets; omitted provider key fields use Dari-managed defaults.
Agent
Agent commands requireDARI_API_KEY or a prior dari auth login.
Session
Drive a conversation with a deployed agent. A session is one durable conversation pinned to the agent version that was active when the session was created.dari session send --agent <agent_id> <text> when you want to start a new conversation and send the first message in one command. The response includes session.id, which you can reuse for later send, events, or get commands.
Use --secret NAME=VALUE to pass a literal value, or --secret-env NAME to read the value from the current shell environment, for values that should be available to sandbox code for this session. The agent’s manifest must list the name under sandbox.secrets for the sandbox to receive it. These flags work on session create and on session send --agent when it creates the session.
Use --llm-api-key to pass a literal provider key, or --llm-api-key-env to read the provider key from the current shell environment, for one session. That key is used only for model calls and is not exposed to sandbox code.
Use --internet-access or --no-internet-access to override whether the execution sandbox can reach the public internet for one session. If neither flag is set, Dari uses sandbox.internet_access from the agent manifest, which defaults to false.