CLI Reference
Server Flags
Section titled “Server Flags”Networking and Security
Section titled “Networking and Security”| Flag | Environment | Meaning |
|---|---|---|
--bind | VAYLIX_BIND | Bind address. Default 127.0.0.1. |
--port | VAYLIX_PORT | Listener port. Default 9173. |
--max-connections | VAYLIX_MAX_CONNECTIONS | Maximum concurrent sessions. |
--ssl | VAYLIX_SSL | Enable TLS for server transport. Disabled by default. |
--tls-cert | VAYLIX_TLS_CERT | PEM certificate chain, required when TLS is enabled. |
--tls-key | VAYLIX_TLS_KEY | PEM private key, required when TLS is enabled. |
--tls-client-ca | VAYLIX_TLS_CLIENT_CA | PEM CA bundle used to require and verify client certificates for mTLS. |
--user | VAYLIX_USER | Bootstrap/admin username. Default vaylix. |
--password | VAYLIX_PASSWORD | Bootstrap/admin password. Default vaylix. |
--disable-auth | VAYLIX_DISABLE_AUTH | Disable auth for trusted local testing only. |
Persistence and Maintenance
Section titled “Persistence and Maintenance”| Flag | Environment | Meaning |
|---|---|---|
--data-dir | VAYLIX_DATA_DIR | Persistent data directory. |
--backup-dir | VAYLIX_BACKUP_DIR | Server-local directory for logical backup files. |
--wal-sync | VAYLIX_WAL_SYNC | WAL durability mode: buffered, flush, or sync. |
--wal-segment-size-bytes | VAYLIX_WAL_SEGMENT_SIZE_BYTES | Max size of one WAL segment before rotation. |
--wal-retain-segments | VAYLIX_WAL_RETAIN_SEGMENTS | Number of sealed WAL segments retained after pruning. |
--snapshot-interval-seconds | VAYLIX_SNAPSHOT_INTERVAL_SECONDS | Periodic background snapshot interval. |
--expiration-sweep-interval-seconds | VAYLIX_EXPIRATION_SWEEP_INTERVAL_SECONDS | Background TTL sweeper interval. |
--idle-timeout-seconds | VAYLIX_IDLE_TIMEOUT_SECONDS | Disconnect idle clients after this many seconds. |
--audit-log-path | VAYLIX_AUDIT_LOG_PATH | Override audit log file path. |
--slow-command-threshold-ms | VAYLIX_SLOW_COMMAND_THRESHOLD_MS | Threshold for slow-command audit events. Use 0 to disable. |
Guardrails and Transaction Controls
Section titled “Guardrails and Transaction Controls”| Flag | Environment | Meaning |
|---|---|---|
--disable-compression | VAYLIX_DISABLE_COMPRESSION | Disable default outbound zstd frame compression. |
--max-request-payload-bytes | VAYLIX_MAX_REQUEST_PAYLOAD_BYTES | Max accepted post-framing payload size. |
--max-key-bytes | VAYLIX_MAX_KEY_BYTES | Max key size. |
--max-value-bytes | VAYLIX_MAX_VALUE_BYTES | Max value size in bytes. |
--max-keys-per-batch | VAYLIX_MAX_KEYS_PER_BATCH | Max key count in multi-key commands. |
--max-transaction-queue-len | VAYLIX_MAX_TRANSACTION_QUEUE_LEN | Max queued commands inside MULTI. |
--requests-per-second | VAYLIX_REQUESTS_PER_SECOND | Sustained per-connection request rate. |
--request-burst | VAYLIX_REQUEST_BURST | Burst budget for the token-bucket limiter. |
--transaction-max-seconds | VAYLIX_TRANSACTION_MAX_SECONDS | Maximum open transaction lifetime before automatic discard. |
--auth-failure-window-seconds | VAYLIX_AUTH_FAILURE_WINDOW_SECONDS | Rolling auth failure window. |
--auth-failure-limit | VAYLIX_AUTH_FAILURE_LIMIT | Maximum failures before lockout. |
--auth-lockout-seconds | VAYLIX_AUTH_LOCKOUT_SECONDS | Lockout duration after exceeding the auth failure limit. |
HA and Replication
Section titled “HA and Replication”| Flag | Environment | Meaning |
|---|---|---|
--replication-role | VAYLIX_REPLICATION_ROLE | Node role: standalone, leader, or follower. |
--node-id | VAYLIX_NODE_ID | Stable node identifier used in cluster and replication metadata. |
--replication-group-id | VAYLIX_REPLICATION_GROUP_ID | Stable cluster or replication group identifier. |
--replication-advertise-addr | VAYLIX_REPLICATION_ADVERTISE_ADDR | Peer-reachable address advertised by this node. |
--replication-upstream | VAYLIX_REPLICATION_UPSTREAM | Initial upstream source used by followers for catch-up. |
--replication-user | VAYLIX_REPLICATION_USER | Username used by peer replication traffic. |
--replication-password | VAYLIX_REPLICATION_PASSWORD | Password used by peer replication traffic. |
--write-ack-mode | VAYLIX_WRITE_ACK_MODE | Client-visible durability mode: local, replica / majority, or all. |
--replication-ack-timeout-ms | VAYLIX_REPLICATION_ACK_TIMEOUT_MS | Maximum wait for quorum/follower acknowledgement. |
--replication-poll-interval-ms | VAYLIX_REPLICATION_POLL_INTERVAL_MS | Follower catch-up polling interval. |
--replication-fetch-batch-size | VAYLIX_REPLICATION_FETCH_BATCH_SIZE | Maximum WAL entries fetched per replication round trip. |
--replication-stale-after-seconds | VAYLIX_REPLICATION_STALE_AFTER_SECONDS | Lag threshold before follower health degrades. |
--replication-heartbeat-interval-ms | VAYLIX_REPLICATION_HEARTBEAT_INTERVAL_MS | Leader heartbeat interval. |
--replication-election-timeout-min-ms | VAYLIX_REPLICATION_ELECTION_TIMEOUT_MIN_MS | Lower bound for election timeout. |
--replication-election-timeout-max-ms | VAYLIX_REPLICATION_ELECTION_TIMEOUT_MAX_MS | Upper bound for election timeout. |
--cluster-peers | VAYLIX_CLUSTER_PEERS | Static peers in node_id@host:port form; repeated or comma-delimited. |
Offline Server Subcommands
Section titled “Offline Server Subcommands”Storage Maintenance
Section titled “Storage Maintenance”vaylix storage verify --data-dir /var/lib/vaylixvaylix storage migrate --data-dir /var/lib/vaylixstorage verifyvalidates current persisted storagestorage migrateupgrades legacy monolithicwal.logstorage into the segmented WAL layout
PITR-Oriented Offline Restore
Section titled “PITR-Oriented Offline Restore”vaylix pitr inspect --data-dir /var/lib/vaylix
vaylix pitr restore \ --source-dir /var/lib/vaylix \ --target-dir /tmp/vaylix-restore \ --to-sequence 1234You can target either --to-sequence or --to-timestamp-ms.
Client Flags
Section titled “Client Flags”| Flag | Meaning |
|---|---|
--url | Full connection string, for example vaylix://user:password@127.0.0.1:9173. |
--host | Host when --url is not used. Default 127.0.0.1. |
--port | Port when --url is not used. Default 9173. |
--ssl | Enable TLS. Plain TCP is used by default. |
--tls-ca-cert | Custom CA bundle for server verification. |
--tls-client-cert | Client certificate chain used for mTLS. Requires TLS and --tls-client-key. |
--tls-client-key | Client private key used for mTLS. Requires TLS and --tls-client-cert. |
--user | Username override. |
--password | Password override. |
--disable-auth | Skip automatic AUTH on connect. |
--output | plain, table, or json. |
--disable-compression | Disable default outbound zstd frame compression. |
Connection String
Section titled “Connection String”vaylix://user:password@127.0.0.1:9173?ssl=true&output=json&compression=zstdSupported URL query parameters:
ssl=trueoutput=plain|table|jsonca_cert=/path/to/ca.pemclient_cert=/path/to/client.crtclient_key=/path/to/client.keyauth=falsecompression=none|zstd
CLI flags override values parsed from the URL.