Skip to main content

octo-cli

octo-cli is the command-line interface for managing and administering OctoMesh. It provides commands for configuring services, managing tenants, users, identity providers, and more.

Installation

See Prerequisites for installation instructions.

Quick install:

# Windows (winget)
winget install -e --id meshmakers.octo-cli

# Windows (chocolatey)
choco install octo-cli

Alternatively, download from the Download Center.

Usage

octo-cli -c <Command> [arguments]

Arguments can be specified with short (-x) or long (--argument) form. Argument names are case-insensitive.

Configuration

Before using octo-cli, configure the service endpoints:

octo-cli -c Config \
  -isu "https://localhost:5003/" \
  -asu "https://localhost:5001/" \
  -bsu "https://localhost:5009/" \
  -csu "https://localhost:5015/" \
  -tid "meshtest"
ShortLongDescription
-isu--identityServicesUriURI of Identity Services (required)
-asu--assetServicesUriURI of Asset Repository Services
-bsu--bobServicesUriURI of Bot Services
-csu--communicationServicesUriURI of Communication Services
-rsu--reportingServicesUriURI of Reporting Services
-apu--adminPanelUriURI of Admin Panel
-tid--tenantIdDefault tenant ID

Authentication

Interactive Login

octo-cli -c LogIn -i

Opens a browser for device authentication.

ShortLongDescription
-i--interactiveUse interactive browser-based authentication

Check Authentication Status

octo-cli -c AuthStatus

No parameters required.

General Commands

CommandDescription
ConfigConfigure service endpoints
LogInAuthenticate with Identity Services
AuthStatusCheck authentication status
SetupInitial setup of Identity Services

Setup

Initial setup for Identity Services with admin credentials:

octo-cli -c Setup -e "admin@example.com" -p "SecurePassword123"
ShortLongDescription
-e--emailAdmin email address (required)
-p--passwordAdmin password (required)

Identity Services

Clients

Clients are applications that can authenticate with OctoMesh.

List Clients

octo-cli -c GetClients

No parameters required.

Add Authorization Code Client

For web applications with user login:

octo-cli -c AddAuthorizationCodeClient \
  -id "my-web-app" \
  -n "My Web Application" \
  -u "https://myapp.example.com/" \
  -ru "https://myapp.example.com/callback"
ShortLongDescription
-id--clientIdUnique client identifier (required)
-n--nameDisplay name (required)
-u--clientUriClient URI (required)
-ru--redirectUriRedirect URI for login callback

Add Client Credentials Client

For service-to-service authentication:

octo-cli -c AddClientCredentialsClient \
  -id "my-service" \
  -n "My Background Service" \
  -s "MySecretKey123"
ShortLongDescription
-id--clientIdUnique client identifier (required)
-n--nameDisplay name (required)
-s--secretClient secret (required)

Add Device Code Client

For devices without browser support:

octo-cli -c AddDeviceCodeClient \
  -id "my-device" \
  -n "My IoT Device" \
  -s "DeviceSecret123"
ShortLongDescription
-id--clientIdUnique client identifier (required)
-n--nameDisplay name (required)
-s--secretClient secret (required)

Update Client

octo-cli -c UpdateClient -id "my-web-app" -n "Updated App Name"
ShortLongDescription
-id--clientIdClient identifier (required)
-n--nameNew display name
-u--clientUriNew client URI
-ru--redirectUriNew redirect URI

Delete Client

octo-cli -c DeleteClient -id "my-web-app"
ShortLongDescription
-id--clientIdClient identifier to delete (required)

Add Scope to Client

Grant API access to a client:

octo-cli -c AddScopeToClient -id "my-web-app" -n "assetSystemAPI.full_access"
ShortLongDescription
-id--clientIdClient identifier (required)
-n--nameScope name to add (required)

Client Secrets

Create Client Secret

octo-cli -c CreateApiSecretClient \
  -cid "my-client" \
  -e "2025-12-31" \
  -d "Production secret"
ShortLongDescription
-cid--clientIdClient identifier (required)
-e--expirationExpiration date (YYYY-MM-DD)
-d--descriptionSecret description

List Client Secrets

octo-cli -c GetApiSecretsClient -cid "my-client"
ShortLongDescription
-cid--clientIdClient identifier (required)

Update Client Secret

octo-cli -c UpdateApiSecretClient \
  -cid "my-client" \
  -s "sha256-encoded-value" \
  -e "2026-12-31"
ShortLongDescription
-cid--clientIdClient identifier (required)
-s--secretSHA256-encoded secret value (required)
-e--expirationNew expiration date (YYYY-MM-DD)
-d--descriptionNew description

Delete Client Secret

octo-cli -c DeleteApiSecretClient -cid "my-client" -s "sha256-encoded-value"
ShortLongDescription
-cid--clientIdClient identifier (required)
-s--secretSHA256-encoded secret value (required)

Identity Providers

List Identity Providers

octo-cli -c GetIdentityProviders

No parameters required.

Add Azure Entra ID Provider

octo-cli -c AddAzureEntryIdIdentityProvider \
  -n "Azure AD" \
  -t "your-tenant-id" \
  -cid "your-client-id" \
  -cs "your-client-secret" \
  -e true
ShortLongDescription
-n--nameProvider display name (required)
-t--tenantIdAzure tenant ID (required)
-cid--clientIdAzure application client ID (required)
-cs--clientSecretAzure application client secret (required)
-e--enabledEnable provider (true/false)

Add OAuth Provider

Supports Google, Microsoft, Facebook:

octo-cli -c AddOAuthIdentityProvider \
  -n "Google Login" \
  -t "google" \
  -cid "your-client-id" \
  -cs "your-client-secret" \
  -e true
ShortLongDescription
-n--nameProvider display name (required)
-t--typeProvider type: google, microsoft, facebook (required)
-cid--clientIdOAuth client ID (required)
-cs--clientSecretOAuth client secret (required)
-e--enabledEnable provider (true/false)

Add Active Directory Provider

octo-cli -c AddAdIdentityProvider \
  -n "Corporate AD" \
  -h "ldap.example.com" \
  -p 389 \
  -e true
ShortLongDescription
-n--nameProvider display name (required)
-h--hostLDAP server hostname (required)
-p--portLDAP server port (required)
-e--enabledEnable provider (true/false)

Add OpenLDAP Provider

octo-cli -c AddOpenLdapIdentityProvider \
  -n "OpenLDAP" \
  -h "ldap.example.com" \
  -p 389 \
  -ubdn "cn=users,dc=example,dc=com" \
  -uan "uid" \
  -e true
ShortLongDescription
-n--nameProvider display name (required)
-h--hostLDAP server hostname (required)
-p--portLDAP server port (required)
-ubdn--userBaseDnBase DN for user searches (required)
-uan--userAttributeNameAttribute name for user identifier (required)
-e--enabledEnable provider (true/false)

Update Identity Provider

octo-cli -c UpdateIdentityProvider \
  -id "provider-id" \
  -n "Updated Name" \
  -e true \
  -cid "new-client-id" \
  -cs "new-client-secret"
ShortLongDescription
-id--idProvider ID (required)
-n--nameNew display name
-e--enabledEnable/disable provider (true/false)
-cid--clientIdNew client ID
-cs--clientSecretNew client secret

Delete Identity Provider

octo-cli -c DeleteIdentityProvider -id "provider-id"
ShortLongDescription
-id--idProvider ID to delete (required)

API Resources & Scopes

List API Resources

octo-cli -c GetApiResources

No parameters required.

Create API Resource

octo-cli -c CreateApiResource \
  -n "myAPI" \
  -dn "My Custom API" \
  -d "API for custom functionality" \
  -s "myAPI.read,myAPI.write"
ShortLongDescription
-n--nameAPI resource name (required)
-dn--displayNameDisplay name
-d--descriptionAPI description
-s--scopesComma-separated list of scopes

Update API Resource

octo-cli -c UpdateApiResource -n "myAPI" -dn "Updated API Name"
ShortLongDescription
-n--nameAPI resource name (required)
-dn--displayNameNew display name
-d--descriptionNew description

Delete API Resource

octo-cli -c DeleteApiResource -n "myAPI"
ShortLongDescription
-n--nameAPI resource name to delete (required)

List API Scopes

octo-cli -c GetApiScopes

No parameters required.

Create API Scope

octo-cli -c CreateApiScope \
  -n "myAPI.admin" \
  -dn "Admin Access" \
  -d "Full administrative access" \
  -e true
ShortLongDescription
-n--nameScope name (required)
-dn--displayNameDisplay name
-d--descriptionScope description
-e--enabledEnable scope (true/false)

Update API Scope

octo-cli -c UpdateApiScope -n "myAPI.admin" -nn "myAPI.superadmin"
ShortLongDescription
-n--nameCurrent scope name (required)
-nn--newNameNew scope name
-dn--displayNameNew display name
-d--descriptionNew description

Delete API Scope

octo-cli -c DeleteApiScope -n "myAPI.admin"
ShortLongDescription
-n--nameScope name to delete (required)

API Resource Secrets

Create API Resource Secret

octo-cli -c CreateApiSecretApiResource -n "myAPI" -e "2025-12-31" -d "API secret"
ShortLongDescription
-n--nameAPI resource name (required)
-e--expirationExpiration date (YYYY-MM-DD)
-d--descriptionSecret description

List API Resource Secrets

octo-cli -c GetApiSecretsApiResource -n "myAPI"
ShortLongDescription
-n--nameAPI resource name (required)

Update API Resource Secret

octo-cli -c UpdateApiSecretApiResource -n "myAPI" -s "sha256-value" -e "2026-12-31"
ShortLongDescription
-n--nameAPI resource name (required)
-s--secretSHA256-encoded secret value (required)
-e--expirationNew expiration date (YYYY-MM-DD)
-d--descriptionNew description

Delete API Resource Secret

octo-cli -c DeleteApiSecretApiResource -n "myAPI" -s "sha256-value"
ShortLongDescription
-n--nameAPI resource name (required)
-s--secretSHA256-encoded secret value (required)

Users

List Users

octo-cli -c GetUsers

No parameters required.

Create User

octo-cli -c CreateUser \
  -un "john.doe" \
  -e "john.doe@example.com" \
  -p "SecurePassword123"
ShortLongDescription
-un--userNameUsername (required)
-e--emailEmail address (required)
-p--passwordPassword (required)

Update User

octo-cli -c UpdateUser -un "john.doe" -e "new.email@example.com"
ShortLongDescription
-un--userNameUsername (required)
-e--emailNew email address

Reset Password

octo-cli -c ResetPassword -un "john.doe" -p "NewPassword456"
ShortLongDescription
-un--userNameUsername (required)
-p--passwordNew password (required)

Delete User

octo-cli -c DeleteUser -un "john.doe"
ShortLongDescription
-un--userNameUsername to delete (required)

Roles

List Roles

octo-cli -c GetRoles

No parameters required.

Create Role

octo-cli -c CreateRole -n "DataAnalyst"
ShortLongDescription
-n--nameRole name (required)

Update Role

octo-cli -c UpdateRole -n "DataAnalyst" -nn "SeniorDataAnalyst"
ShortLongDescription
-n--nameCurrent role name (required)
-nn--newNameNew role name (required)

Delete Role

octo-cli -c DeleteRole -n "DataAnalyst"
ShortLongDescription
-n--nameRole name to delete (required)

Add User to Role

octo-cli -c AddUserToRole -un "john.doe" -r "DataAnalyst"
ShortLongDescription
-un--userNameUsername (required)
-r--roleRole name (required)

Remove User from Role

octo-cli -c RemoveUserFromRole -un "john.doe" -r "DataAnalyst"
ShortLongDescription
-un--userNameUsername (required)
-r--roleRole name (required)

Asset Repository Services

Tenant Management

Create Tenant

octo-cli -c Create -tid "newtenant" -db "newtenant_db"
ShortLongDescription
-tid--tenantIdTenant identifier (required)
-db--databaseDatabase name (required)

Delete Tenant

octo-cli -c Delete -tid "newtenant"
ShortLongDescription
-tid--tenantIdTenant identifier to delete (required)

Attach Database to Tenant

octo-cli -c Attach -tid "newtenant" -db "existing_db"
ShortLongDescription
-tid--tenantIdTenant identifier (required)
-db--databaseDatabase name to attach (required)

Clean Tenant

Reset tenant to factory defaults:

octo-cli -c Clean -tid "newtenant"
ShortLongDescription
-tid--tenantIdTenant identifier to clean (required)

Clear Tenant Cache

octo-cli -c ClearCache -tid "newtenant"
ShortLongDescription
-tid--tenantIdTenant identifier (required)

Update System CK Model

Update system construction kit model to latest version:

octo-cli -c UpdateSystemCkModel -tid "newtenant"
ShortLongDescription
-tid--tenantIdTenant identifier (required)

Import & Export

Import Construction Kit

octo-cli -c ImportCk -f "./my-ck-model.yaml" -w
ShortLongDescription
-f--filePath to CK file (required)
-w--waitWait for job completion

Import Runtime Model

octo-cli -c ImportRt -f "./runtime-data.json" -w -r
ShortLongDescription
-f--filePath to RT file (required)
-w--waitWait for job completion
-r--replaceReplace existing entities

Export Runtime Model by Query

octo-cli -c ExportRtByQuery -f "./export.zip" -q "query-id"
ShortLongDescription
-f--fileOutput file path (required)
-q--queryIdQuery ID to use for export (required)

Export Runtime Model by Deep Graph

octo-cli -c ExportRtByDeepGraph \
  -f "./export.zip" \
  -id "rtId1;rtId2;rtId3" \
  -t "MyNamespace/MyType-1"
ShortLongDescription
-f--fileOutput file path (required)
-id--rtIdsSemicolon-separated list of runtime entity IDs (required)
-t--ckTypeIdConstruction Kit type ID filter

Stream Data

Enable Stream Data

octo-cli -c EnableStreamData

No parameters required.

Disable Stream Data

octo-cli -c DisableStreamData

No parameters required.

Fixup Scripts

Create Fixup Script

octo-cli -c CreateFixupScript \
  -n "Migration Script" \
  -f "./migration.js" \
  -o 10 \
  -e true
ShortLongDescription
-n--nameScript name (required)
-f--fileScript file path (required)
-o--orderNumberExecution order (required)
-e--enabledEnable script (true/false, required)
-r--replaceReplace existing script with same name

Run Fixup Scripts

octo-cli -c RunFixupScripts -w
ShortLongDescription
-w--waitWait for job completion

Bot Services

Backup & Restore

Dump Tenant

Create a backup of a tenant:

octo-cli -c Dump -tid "mytenant" -f "./backup.tar.gz"
ShortLongDescription
-tid--tenantIdTenant identifier (required)
-f--fileOutput backup file path (required)

Restore Tenant

Restore a tenant from backup:

octo-cli -c Restore \
  -tid "mytenant" \
  -db "mytenant_db" \
  -f "./backup.tar.gz" \
  -w
ShortLongDescription
-tid--tenantIdTarget tenant ID (required)
-db--databaseDatabase name (required)
-f--fileBackup file path (required)
-oldDb--oldDatabaseNameOriginal database name (if different)
-w--waitWait for completion

Service Hooks

Service hooks allow triggering external services based on entity changes.

List Service Hooks

octo-cli -c GetServiceHooks

No parameters required.

Create Service Hook

octo-cli -c CreateServiceHook \
  -n "Status Change Hook" \
  -ck "MyNamespace/MyType-1" \
  -f "'State' Equals '2'" \
  -u "https://api.example.com" \
  -a "/webhook/status-change" \
  -k "my-api-key" \
  -e true
ShortLongDescription
-n--nameHook name (required)
-ck--ckIdConstruction Kit type ID (required)
-f--filterFilter expression (required)
-u--uriBase URI for webhook
-a--actionAction path appended to URI
-k--apiKeyAPI key for authentication
-e--enabledEnable hook (true/false, required)

Filter Operators:

  • Equals, NotEquals
  • LessThan, LessEqualThan, GreaterThan, GreaterEqualThan
  • In, NotIn
  • Like, MatchRegEx
  • AnyEq, AnyLike

Update Service Hook

octo-cli -c UpdateServiceHook -id "hook-id" -e false
ShortLongDescription
-id--idHook ID (required)
-n--nameNew hook name
-f--filterNew filter expression
-u--uriNew base URI
-a--actionNew action path
-k--apiKeyNew API key
-e--enabledEnable/disable hook (true/false)

Delete Service Hook

octo-cli -c DeleteServiceHook -id "hook-id"
ShortLongDescription
-id--idHook ID to delete (required)

Communication Services

Enable Communication

octo-cli -c EnableCommunication

No parameters required.

Disable Communication

octo-cli -c DisableCommunication

No parameters required.

Reporting Services

Enable Reporting

octo-cli -c EnableReporting

No parameters required.

Disable Reporting

octo-cli -c DisableReporting

No parameters required.

DevOps

Generate Operator Certificates

Generate certificates for OctoMesh Kubernetes operator:

octo-cli -c GenerateOperatorCertificates \
  -o "./certs" \
  -s "octo-mesh-op1-communication-operator" \
  -n "octo-operator-system"
ShortLongDescription
-o--outputOutput directory (required)
-s--serverNameService/server name (required)
-n--namespaceKubernetes namespace (required)

Diagnostics

Reconfigure Log Level

Adjust logging levels for troubleshooting:

octo-cli -c ReconfigureLogLevel \
  -n "AssetRepository" \
  -ln "Meshmakers.*" \
  -minL "Debug" \
  -maxL "Error"
ShortLongDescription
-n--serviceNameService name: Identity, AssetRepository, Bot, CommunicationController, AdminPanel, Reporting (required)
-ln--loggerNameLogger pattern: Microsoft.*, Meshmakers.*, Masstransit.*, * (required)
-minL--minLogLevelMinimum level: Trace, Debug, Info, Warn, Error, Fatal, Off (required)
-maxL--maxLogLevelMaximum level: Trace, Debug, Info, Warn, Error, Fatal, Off (required)

Common Workflows

Initial Setup

# 1. Configure endpoints
octo-cli -c Config -isu "https://localhost:5003/" -asu "https://localhost:5001/" -tid "meshtest"

# 2. Login
octo-cli -c LogIn -i

# 3. Create tenant
octo-cli -c Create -tid "myproject" -db "myproject_db"

# 4. Import construction kit
octo-cli -c ImportCk -f "./my-model.yaml" -w

Add Web Application Client

# 1. Create client
octo-cli -c AddAuthorizationCodeClient \
  -id "my-webapp" \
  -n "My Web App" \
  -u "https://myapp.com/" \
  -ru "https://myapp.com/auth/callback"

# 2. Add required scopes
octo-cli -c AddScopeToClient -id "my-webapp" -n "assetSystemAPI.full_access"
octo-cli -c AddScopeToClient -id "my-webapp" -n "identityAPI.full_access"

Backup and Restore

# Backup
octo-cli -c Dump -tid "production" -f "./backup-$(date +%Y%m%d).tar.gz"

# Restore to new tenant
octo-cli -c Restore -tid "staging" -db "staging_db" -f "./backup-20241213.tar.gz" -w