<img src="https://github.com/ScalableCapital/scalable-cli/raw/v0.5.0/docs/assets/sc-woodsmoke.svg" alt="Scalable CLI" width="80">
The official, agent-ready command line for the Scalable Broker.
Built for developers, local automation, and AI agents that need deterministic commands, structured JSON, and explicit confirmation for sensitive actions.
Releases · Quick start · Common commands · Help
Scalable CLI is a standalone CLI on top of the Scalable API. It is the local execution layer for Scalable Broker when you want something sturdier than Selenium, browser scraping, or brittle UI scripts.
sc--json for local scripts and agent workflows.bash
brew tap ScalableCapital/tapbash
brew install scalable-clix86_64 or aarch64) from the latest release.sc binary to a directory on your PATH.Official Scalable-distributed binaries are the release assets published by Scalable Capital on GitHub and the packages installed from the official Scalable Homebrew tap.
If you build this repository yourself, use a fork, install from a third-party package manager, pull a container image, or receive a redistributed binary from someone else, that binary is not distributed by Scalable Capital. Only use binaries whose source and provenance you trust, especially before logging in or running broker commands.
sc --version
sc --help
Scalable CLI is currently in beta and we do not offer active support.
Clients need to be allowlisted before they can log in.
Generate your installation code:
sc installation-code
sc installation-code works without login.
Then, send us an email to cli.beta@scalable.capital from the email address used for your Scalable account.
Use the subject Scalable CLI Allowlisting and include the installation code in
the message body.
After you have been allowlisted, authenticate and confirm the CLI can access your Scalable Broker account:
sc login
sc whoami
sc capabilities --json
sc broker overview --json
sc login uses an OAuth 2.0 device-code flow.
For security and reliability, complete login yourself rather than via an AI agent.
Optional local write guard:
sc login --local-read-only stores the session in a locally enforced read-only mode.sc broker context select continue to work, while write commands are blocked locally until you run sc login again without --local-read-only.Release assets include checksums and a minisign signature for the checksum
manifest. The examples below assume minisign and the GitHub CLI (gh) are
installed.
Each snippet below pins the current Scalable Capital minisign release signing
public key: RWRKuuSASIzbSYpuU5gdXeTkXirJBl5+XVXLP6E60hBUUKZ5HPIGjV8b.
tag="vX.Y.Z"
arch="x86_64" # or aarch64
repo="ScalableCapital/scalable-cli"
minisign_public_key="RWRKuuSASIzbSYpuU5gdXeTkXirJBl5+XVXLP6E60hBUUKZ5HPIGjV8b"
asset="sc-${tag}-linux-${arch}-gnu.tar.gz"
checksums="sc-${tag}-SHA256SUMS"
gh release download "${tag}" \
--repo "${repo}" \
--pattern "${asset}" \
--pattern "${checksums}" \
--pattern "${checksums}.minisig" \
--clobber
minisign -V \
-P "${minisign_public_key}" \
-m "${checksums}" \
-x "${checksums}.minisig"
set -o pipefail
grep -F " ${asset}" "${checksums}" | sha256sum -c -
tag="vX.Y.Z"
repo="ScalableCapital/scalable-cli"
minisign_public_key="RWRKuuSASIzbSYpuU5gdXeTkXirJBl5+XVXLP6E60hBUUKZ5HPIGjV8b"
asset="sc-${tag}-macos-universal2.pkg"
checksums="sc-${tag}-SHA256SUMS"
gh release download "${tag}" \
--repo "${repo}" \
--pattern "${asset}" \
--pattern "${checksums}" \
--pattern "${checksums}.minisig" \
--clobber
minisign -V \
-P "${minisign_public_key}" \
-m "${checksums}" \
-x "${checksums}.minisig"
set -o pipefail
grep -F " ${asset}" "${checksums}" | shasum -a 256 -c -
pkgutil --check-signature "${asset}"
spctl -a -vv --type install "${asset}"
tag="vX.Y.Z"
repo="ScalableCapital/scalable-cli"
minisign_public_key="RWRKuuSASIzbSYpuU5gdXeTkXirJBl5+XVXLP6E60hBUUKZ5HPIGjV8b"
asset="sc-${tag}-macos-universal2.zip"
checksums="sc-${tag}-SHA256SUMS"
gh release download "${tag}" \
--repo "${repo}" \
--pattern "${asset}" \
--pattern "${checksums}" \
--pattern "${checksums}.minisig" \
--clobber
minisign -V \
-P "${minisign_public_key}" \
-m "${checksums}" \
-x "${checksums}.minisig"
set -o pipefail
grep -F " ${asset}" "${checksums}" | shasum -a 256 -c -
rm -rf ./sc-homebrew-runtime
unzip -q "${asset}" -d ./sc-homebrew-runtime
codesign -dv --verbose=4 ./sc-homebrew-runtime/Sc.app
spctl -a -vv --type exec ./sc-homebrew-runtime/Sc.app
sc whoami
sc logout
sc broker overview
sc broker analytics
sc broker transactions
sc broker transaction details --transaction-id <TRANSACTION_ID>
sc broker holdings
sc broker chart --isin US0378331005 --timeframe 1m
sc broker quote --isin US0378331005
sc broker watchlist
sc broker search "apple"
sc broker derivatives search --underlying US0378331005 --type knockout --strategy long
sc broker security-news --isin US0378331005 --locale en_DE
sc broker derivatives search supports derivative discovery for a known
underlying ISIN. The selected derivative ISIN can then be quoted with
sc broker quote --isin .... The CLI also verifies trade buy phase-1 input
acceptance for derivative-style ISINs.
sc broker watchlist add --isin US0378331005
sc broker watchlist remove --isin US0378331005
sc broker price-alerts --active-only
sc broker price-alerts add --isin US0378331005 --price 180.00
sc broker price-alerts add --ticker BTC --price 45000.00
sc broker price-alerts remove --alert-id <ALERT_ID>
sc broker savings-plans
sc broker savings-plans add --isin US0378331005 --amount 100
sc broker savings-plans remove --isin US0378331005
sc broker context show
sc broker context select --portfolio-id <PORTFOLIO_ID>
Buy and sell flows are intentionally two-step.
Run the command once to preview the order and receive a confirmation ID:
sc broker trade buy --isin US0378331005 --amount 500 --order-type market
Submit the exact same order with --confirm to place it:
sc broker trade buy --isin US0378331005 --amount 500 --order-type market \
--confirm <CONFIRMATION_ID>
If phase 1 explicitly requires unsuitable acknowledgement for the buy order, --accept-unsuitable confirms that you are aware of the risks and still want to proceed.
The same confirmation model applies to sell orders:
sc broker trade sell --isin US0378331005 --shares 1 --order-type market
sc broker trade cancel --order-id <ORDER_ID>
Supported order types:
marketlimitstopTrade cancellation is a separate single-step command for pending orders. Use
the order_id returned by sc broker trade buy or sc broker trade sell; it
is the same ID shown in sc broker transactions.
Optional local trade controls can be configured in config.toml for CLI-based
trading:
allowed_isinsdenied_isinsmax_order_notionalThese controls are enforced locally by the CLI only. They do not change your account permissions or backend trading permissions.
sc capabilities --json exposes the supported machine-readable command surface.sc capabilities --json also exposes the parsed local trade-control state in
local_trade_controls.--json for compact structured output.sc login remains human-oriented in the current version.sc --help
sc broker --help
sc broker trade buy --help
config.toml is optional local runtime config for storage backends. The default
configuration is platform-specific.
Example:
[auth]
session_backend = "keyring"
signing_key_backend = "secure_enclave"
Configuration options:
keyring, file. Default is keyring on macOS/Linux.file, secure_enclave, pkcs11. Default is secure_enclave on macOS and file on Linux. secure_enclave is macOS-only. pkcs11 is Linux-only and opt-in.You can optionally define local trade controls for the CLI:
[trade_controls]
allowed_isins = ["US0378331005", "IE00B4L5Y983"]
denied_isins = ["US88160R1014"]
max_order_notional = "1000"
Trade-control behavior:
allowed_isins nor denied_isins is configured, ISIN controls are inactive.allowed_isins = [], no ISIN can be traded through the CLI.allowed_isins and denied_isins are configured, the effective set is allowed_isins - denied_isins.max_order_notional is checked against the prepared order notional before submission.These controls apply only when trading through sc.
PKCS#11 lets the CLI use an existing hardware token, smartcard, or HSM-backed key for its authentication signing key. The CLI does not create, import, rotate, delete, export, or store PKCS#11 private keys.
[auth]
signing_key_backend = "pkcs11"
[auth.pkcs11]
module_path = "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so"
key_uri = "pkcs11:token=YubiKey%20PIV;id=%01"
PKCS#11 options:
The URI must start with pkcs11: and identify exactly one EC P-256 private
key. Use id= or object= to identify the key; add token=, serial=,
manufacturer=, or model= if needed to make token selection unambiguous.
Percent-encode binary IDs and spaces.
If the token requires login, use either the token/provider protected
authentication path or set SC_PKCS11_PIN in the environment. The CLI does not
prompt for or store the PIN.
PKCS#11 failures do not fall back to file. Switching signing backends changes
the authentication key identity, so run sc login again after changing this
setting.
Config file locations:
Building from source is useful for inspection, local development, and advanced users. A locally built binary is self-built; it is not an official Scalable-distributed release artifact unless it was built and published by Scalable Capital through the official release process above.
Build the production-channel binary:
cargo build --locked --release --features channel-prod --bin sc
The binary is written to:
target/release/sc
Verify the build:
target/release/sc --version
target/release/sc --help
If another local service needs to invoke sc, it can be useful to run the CLI as
a separate Unix user with a narrowly scoped sudoers rule.
This lets the application use the CLI without gaining direct access to files
created by the CLI, such as session or configuration data owned by
scalable-cli-user. That separation is useful for limiting data exposure and
reducing the blast radius if the calling application account is compromised.
Create the dedicated account:
sudo useradd -m -s /bin/bash scalable-cli-user
If the user should not be able to log in interactively, use a non-login shell instead:
sudo useradd -m -s /usr/sbin/nologin scalable-cli-user
Verify that the user exists:
id scalable-cli-user
sudoersAssume the main application runs as Unix user app-user and should be allowed
to execute exactly the sc CLI as scalable-cli-user.
Create a dedicated sudoers file such as /etc/sudoers.d/app-cli with:
app-user ALL=(scalable-cli-user) NOPASSWD: /usr/local/bin/sc
This means:
app-user may use sudo without a password.scalable-cli-user./usr/local/bin/sc is allowed.Set the required permissions on the file:
sudo chmod 440 /etc/sudoers.d/app-cli
Validate the sudoers configuration:
sudo visudo -cf /etc/sudoers.d/app-cli
With that setup, app-user can run:
```bash sudo -
$ claude mcp add scalable-cli \
-- python -m otcore.mcp_server <graph>