SAP Joule CLI Skill
You are an expert in the SAP Joule CLI (
), the command-line tool for building, deploying, testing, and managing SAP Joule digital assistants. Help users construct correct commands, automate multi-step workflows, and troubleshoot issues.
The CLI binary is available as both
and
(legacy alias). All examples here use
.
Installation
bash
npm install -g @sap/joule-cli # install
npm install -g -f @sap/joule-cli # force update
npm uninstall -g @sap/joule-cli # uninstall
Requires Node.js v20.12.0 – v24. On Linux,
(or compatible keyring) is needed for secure credential storage.
Global Options
These options apply to every command:
| Option | Description |
|---|
| Print CLI version |
| Show and store extra debug logs |
| Disable colorized output |
| Print usage info ( or ) |
Command Reference
Authentication
joule login
Authenticates with Joule on a global account level. Multiple authentication methods are supported.
Interactive login (recommended for first use):
The CLI prompts for auth URL interactively and opens a browser for authentication.
SSO login:
Opens browser for Single Sign-On via Identity Authentication Service (IAS) with PKCE.
Login with explicit URLs:
bash
joule login --authurl https://mytenant.authentication.eu10.hana.ondemand.com
The API URL is auto-determined from the auth URL for production landscapes. To override:
bash
joule login --authurl <AUTH_URL> --apiurl <API_URL>
Service key login (CI/CD):
bash
joule login --authurl <AUTH_URL> --clientid <ID> --clientsecret <SECRET> --username <USER> --password <PASS>
Login via environment variables:
bash
joule login --use-env # reads from .env in current directory
joule login --use-env path/to/.env # reads from specific file
SSO passcode login:
bash
joule login --sso-passcode <PASSCODE>
| Option | Description |
|---|
| Authentication URL (e.g., https://mytenant.authentication.eu10.hana.ondemand.com
|
| API URL (e.g., https://mytenant.eu10.sapdas.cloud.sap
|
| Service instance client ID |
-s, --clientsecret <secret>
| Service instance client secret |
| Username |
| Password |
| Use the default identity provider |
| Store secrets in local public store (not recommended) |
--sso-passcode [passcode]
| One-time passcode for login |
| Use Single Sign-On via IAS |
| Read credentials from environment variables / .env file |
| Enable password storage |
| Skip app_tid during IAS login |
Environment variables (for
or CI/CD):
,
,
,
,
,
,
,
,
.
Auth URL patterns:
- XSUAA:
https://<tenant>.authentication.<landscape>.hana.ondemand.com
- IAS:
https://<subdomain>.accounts[optional-suffix].<domain>
Session info: Sessions expire; use
to check. Credentials are stored securely via OS keychain (
) by default, or in a local config file if
is used.
Config location:
- macOS:
~/Library/Preferences/joule-cli/config.json
- Linux:
~/.config/joule-cli/config.json
- Windows:
%APPDATA%\joule-cli\config.json
joule logout
Clears all stored credentials and tokens.
joule status
Shows current login status (logged in/out), username, API URL, and auth URL.
Building & Deploying
joule compile
Compiles a designtime artifact (DTA) — your local capability source code — into a runtime artifact (DAAR file) that can be deployed.
bash
joule compile # compile current directory
joule compile ./my-capability # compile specific source folder
joule compile ./my-capability ./output # compile to specific target
joule compile --hide-warnings # suppress warnings
joule compile -b 5 # compile in batches of 5
| Option | Description |
|---|
| Source DTA folder (default: ) |
| Target folder for compiled (default: ) |
| Suppress compilation warnings |
| Number of capabilities to compile at once |
The source folder must contain a
file. The output is a
(Digital Assistant Archive) file.
joule link
Links an AI Assistant definition to create a linked archive (
file).
bash
joule link # link current directory
joule link ./my-assistant ./output # link with explicit paths
joule link --hide-warnings # suppress warnings
| Option | Description |
|---|
| AI Assistant source folder (default: ) |
| Target for linked (default: ) |
| Suppress warnings |
| Batch size for linking |
The source must contain an
file.
joule deploy
Deploys a digital assistant to the Joule service.
bash
joule deploy # deploy from current dir
joule deploy ./da.sapdas.yaml # deploy specific config
joule deploy --compile # compile + link + deploy
joule deploy -n my_assistant # set assistant name
joule deploy -i ./compiled-daars # use pre-compiled DAARs
joule deploy ./da.sapdas.yaml --compile -b 5 # compile in batches, then deploy
| Option | Description |
|---|
| Path to (default: ) |
| Target digital assistant name |
| Compile and link before deploying |
-i, --daars-input-dir <folder>
| Folder with pre-compiled files |
| Batch size for compilation |
Assistant name rules: 3–50 characters, alphanumeric and underscores only, must start and end with alphanumeric (
^[a-zA-Z0-9]\w*[a-zA-Z0-9]$
).
Deploy timeout: Up to 15 minutes. The CLI polls the job status every 5 seconds.
Managing Deployed Assistants
joule list
Lists all deployed digital assistants in the current tenant.
bash
joule list
joule list --sort name
| Option | Description |
|---|
| Sort by: , , , |
joule get
Retrieves details of a specific deployed assistant.
bash
joule get my_assistant
joule get my_assistant --capability my_cap
| Option | Description |
|---|
| Name of the deployed assistant |
| Show details for a specific capability |
joule launch
Opens the deployed assistant in the Joule Web Client in your default browser.
bash
joule launch my_assistant
joule delete
Deletes a deployed digital assistant.
bash
joule delete my_assistant
joule update
Updates a deployed assistant with new or modified capabilities (requires modular feature flag).
bash
joule update my_assistant --capability-file ./my-cap.daar
joule update my_assistant --capability-file ./capability.sapdas.yaml -b 3
joule update my_assistant --mcp-server-file ./mcp-server.json
| Option | Description |
|---|
| Name of the deployed assistant |
| Path to or (repeatable) |
| Path to MCP server metadata JSON (repeatable, beta) |
| Suppress warnings |
| Batch size for compilation |
joule remove
Removes specific capabilities from a deployed assistant (requires modular feature flag).
bash
joule remove my_assistant --capability com.example:my_capability
| Option | Description |
|---|
| Name of the deployed assistant |
--capability <namespace:name>
| Capability to remove (repeatable) |
Testing & Quality
joule test
Executes BDD (Cucumber) test scenarios against a deployed assistant.
bash
joule test my_assistant # run all tests
joule test my_assistant -t "@smoke" # filter by tag
joule test my_assistant --min-success 80 # allow up to 20% failures
joule test my_assistant --feature-path "tests/**/*.feature"
joule test my_assistant --use-env # auth from .env
joule test my_assistant -i ./my-cap.daar # include DAAR files
joule test my_assistant --timeout 60000 # 60s timeout
joule test --init # scaffold test setup
| Option | Description |
|---|
| Name of the deployed assistant |
| Initialize test setup scaffolding |
| Result formatter: (default), , |
| Cucumber tag expression to filter scenarios |
| Read credentials from env / .env file |
-i, --daar-input-file <files...>
| DAAR files to include |
| User profile for test execution |
| Path to cucumber config file |
| Minimum pass rate (0–100, default: 100) |
--feature-path [globs...]
| Glob patterns for files (default: tests/features/**/*.feature
|
| Download remote DAAR files from deployed assistant |
| Test execution timeout (also via env var) |
| Language for test execution |
Cucumber configuration is searched in this order:
,
,
,
,
,
.
Test step examples (Gherkin syntax):
gherkin
Given I am user "testuser@company.com"
And I log in
And I start a new conversation
When I say "Show my leave balance"
Then first message has type text
And first message content contains "balance"
And response has 2 messages
joule lint
Runs static lint checks on capability source files.
bash
joule lint # lint current directory
joule lint ./my-capability # lint specific path
joule lint "**/*.yaml" # lint with glob
joule lint -f json # JSON output
joule lint --severity-level error # only show errors
| Option | Description |
|---|
| Path or glob pattern to lint (default: current dir) |
| Output format: (default), , , |
| Minimum severity: , (default), |
Exits with code 1 if errors are found. Lint rules check for things like unique scenario descriptions, hardcoded URLs, annotation usage, OData pagination, and more.
joule scenario-testing-to-feature
Converts legacy YAML test scenario files into Gherkin
files for the Cucumber test framework.
bash
joule scenario-testing-to-feature
joule scenario-testing-to-feature --input-path "tests/scenarios/**/*.yaml"
| Option | Description |
|---|
| Glob for YAML scenario files (default: tests/scenarios/**/*.yaml
|
Configuration Files
da.sapdas.yaml (Digital Assistant Definition)
This is the main deployment descriptor. It defines which capabilities make up your assistant.
yaml
schema_version: "3.4.0"
name: my_assistant
capabilities:
# Local capability (from source)
- type: local
folder: ./capabilities/greeting
# Local pre-compiled capability
- type: local
path: ./compiled/greeting.daar
# Released capability from registry
- type: release
namespace: com.sap.example
name: greeting
version: "1.0.0"
# Milestone (pre-release) capability
- type: milestone
namespace: com.sap.example
name: greeting
version: "1.0.0-SNAPSHOT"
Name constraints: 3–50 characters, pattern
^[a-zA-Z0-9]\w*[a-zA-Z0-9]$
.
Namespace pattern: (no dots at start/end).
Version pattern: ^([0-9]+)\.([0-9]+)\.([0-9]+)(-)?( SNAPSHOT)?$
ai_assistant.sapdas.yaml (AI Assistant Definition)
Used with
to define an AI Assistant that orchestrates capabilities.
yaml
schema_version: "1.0.0"
metadata:
namespace: com.example
name: my_ai_assistant
version: "1.0.0"
display_name: "My AI Assistant"
description: "An assistant that helps with daily tasks"
business_knowledge: "This assistant operates in the HR domain..."
capabilities:
- namespace: com.example
name: leave_management
scenarios:
- check_balance
- request_leave
capability.sapdas.yaml
Each capability lives in its own folder and must have this file. It contains scenario definitions, dialog functions, hooks, and agents that define what the capability can do.
Common Workflows
Full development cycle
bash
# 1. Log in
joule login --sso
# 2. Compile your capability
joule compile ./capabilities/my-cap ./output
# 3. Deploy the assistant
joule deploy ./da.sapdas.yaml --compile
# 4. Launch in browser to verify
joule launch my_assistant
# 5. Run automated tests
joule test my_assistant -t "@smoke"
# 6. Iterate — update a single capability
joule update my_assistant --capability-file ./capabilities/my-cap/capability.sapdas.yaml
CI/CD pipeline
bash
# Login via env vars (no interactive prompts)
joule login --use-env
# Lint first
joule lint ./capabilities/ --severity-level error
# Compile + deploy in one step
joule deploy ./da.sapdas.yaml --compile -n my_assistant
# Run tests with a minimum pass threshold
joule test my_assistant --min-success 90 -f json --use-env
Update a single capability without redeploying everything
bash
joule update my_assistant --capability-file ./capabilities/updated-cap.daar
Remove a capability from a deployed assistant
bash
joule remove my_assistant --capability com.example:old_capability
Troubleshooting
Login Issues
| Symptom | Likely Cause | Fix |
|---|
| Login fails silently | Wrong auth URL | Double-check the URL pattern — XSUAA uses .authentication.<landscape>.hana.ondemand.com
|
| (error 17) | Browser didn't complete SSO | Retry with joule login --sso-passcode
|
| (error 14) | Invalid client credentials | Verify client ID and secret from your service key |
AUTH_UNSUPPORTED_AUTH_TYPE
| Unrecognized auth URL format | Ensure the auth URL follows the XSUAA or IAS pattern |
| Keytar errors on Linux | Missing libsecret | Install (Debian/Ubuntu) or (RHEL) — or use |
Compile/Deploy Issues
| Symptom | Likely Cause | Fix |
|---|
| (error 22) | No in folder | Check you're pointing to the right directory |
| (error 32) | No found | Ensure the file exists at the given path |
| (error 36) | Name doesn't match pattern | Use 3–50 chars, alphanumeric + underscores, must start/end with alphanumeric |
JOB_MAX_WAITING_TIME_EXCEEDED
| Deploy took > 15 minutes | Retry; if persistent, check service health or reduce capability count |
| (error 172) | No | Verify the AI assistant definition file exists |
Test Issues
| Symptom | Likely Cause | Fix |
|---|
| No tests found | Wrong feature path | Use with the correct glob (default: tests/features/**/*.feature
|
| Tests timeout | Long-running scenarios | Increase with or env var |
CUCUMBER_CONFIGURATION_ERROR
| Bad cucumber config | Check / syntax |
| Tests pass locally but fail in CI | Missing auth | Add and set environment variables |
General Debugging
- Add (debug) to any command for verbose logs — a debug file is written to the current directory
- Run to verify you're logged in and check which API/auth URLs you're targeting
- Use to inspect what's actually deployed
- Check Node.js version () — must be v20.12.0 – v24
Key Concepts
| Term | Meaning |
|---|
| DTA | Design Time Artifact — your capability source code (YAML, dialogs, scenarios, hooks) |
| DAAR | Digital Assistant Archive — compiled capability (output of ) |
| AIAAR | AI Assistant Archive — linked AI assistant (output of ) |
| RTA | Runtime Artifact — full deployment package uploaded during |
| Capability | A single unit of functionality, defined in |
| Digital Assistant | A deployed instance bundling capabilities, defined in |
| AI Assistant | Orchestration layer with business knowledge, defined in |