CLI reference
z4j ships a CLI named z4j. Runs inside the container or from a local pip install.
z4j --helpServing
Section titled “Serving”z4j serve [--host 0.0.0.0] [--port 7700] [--workers 1]Starts the FastAPI application via Uvicorn. This is the container entrypoint.
Health and diagnostics
Section titled “Health and diagnostics”z4j checkValidates config and DB connectivity and confirms Alembic is at head. Non-destructive. Exit 0 = healthy.
doctor
Section titled “doctor”z4j doctorRuns a full health and configuration audit: env-var coverage, DB reachability, Alembic head, registry backend probe, metrics-token resolution, scheduler trigger reachability if configured, mTLS cert validity. Verbose by design; pair with --json for machine output.
status
Section titled “status”z4j statusPrints a summary of current brain state: version, Alembic head, environment, database URL, and row counts (users, projects, agents, tasks, active sessions, audit rows).
version
Section titled “version”z4j versionPrints the installed z4j version.
First-boot setup
Section titled “First-boot setup”z4j initScaffolds ~/.z4j/config.env with the required Z4J_* variables for a local install (database URL, secrets, public URL). Idempotent; refuses to overwrite an existing file unless --force is supplied.
bootstrap-admin
Section titled “bootstrap-admin”z4j bootstrap-admin --email you@example.com --display-name "You"Creates the initial admin user and the default project. First-boot only.
createsuperuser
Section titled “createsuperuser”z4j createsuperuser --email you@example.com --display-name "You" --password-stdinDjango-friendly alias for bootstrap-admin. Use --password-stdin to pipe the password in from a secret manager.
changepassword
Section titled “changepassword”z4j changepassword you@example.com --password-stdinChanges a user’s password. Intended for admin recovery / CLI-only ops when the user cannot reach the dashboard reset flow.
reset-mfa
Section titled “reset-mfa”z4j reset-mfa user@example.comz4j reset-mfa user@example.com --confirm # skip the interactive promptOperator escape hatch for the lost-phone-AND-lost-recovery-codes case. Clears the user’s MFA secret, recovery codes, and trusted devices in one transaction; writes a user.mfa_reset_by_admin audit row attributed to the OS user running the CLI. Shell-only by design — there is no REST surface so an attacker who has only the dashboard cannot trigger it. See Multi-factor authentication for context.
Configuration
Section titled “Configuration”config show
Section titled “config show”z4j config showPrints the resolved effective settings (post-env-var, post-defaults, post-~/.z4j/config.env). Secrets are masked. Mirrors the GET /api/v1/admin/settings endpoint.
config validate
Section titled “config validate”z4j config validateLoads the settings and reports any validation failure (missing required field, out-of-range value, malformed URL) without booting the rest of the app. Exit 0 = valid.
Backups
Section titled “Backups”backup
Section titled “backup”z4j backup --output /var/backups/z4j-$(date +%Y-%m-%d).dbSnapshots the brain database to a single file. On SQLite, a VACUUM INTO clone; on Postgres, a pg_dump --format=custom plus a manifest. The destination is overwritten if it exists; pass --no-clobber to refuse.
restore
Section titled “restore”z4j restore /var/backups/z4j-pre-upgrade.db --forceRestores from a backup file produced by z4j backup. Refuses to run while another brain has the DB open unless --force is given.
Maintenance and upgrades
Section titled “Maintenance and upgrades”migrate
Section titled “migrate”z4j migrate upgrade headz4j migrate currentz4j migrate historyz4j migrate downgrade <revision>Runs an Alembic command against the brain database.
upgrade
Section titled “upgrade”z4j upgradez4j upgrade --checkChecks PyPI for newer releases of z4j and any installed z4j-* adapters; --check prints what would change without installing. Mirrors POST /api/v1/admin/system/versions/check on the API side. The actual install path defers to the operator (running pip / Helm / Docker pull); the command surfaces the manifest so the operator can plan the upgrade.
Allowed hosts
Section titled “Allowed hosts”allowed-hosts list / add / remove / path
Section titled “allowed-hosts list / add / remove / path”z4j allowed-hosts listz4j allowed-hosts add z4j.example.comz4j allowed-hosts remove old-host.example.comz4j allowed-hosts pathManages the persistent Host header allow-list (Z4J_ALLOWED_HOSTS). path prints the file the brain reads from so operators can edit it directly. See allowed hosts.
Audit log
Section titled “Audit log”audit verify
Section titled “audit verify”z4j audit verifyWalks the full HMAC-chained audit log. Exit 0 on success, 1 on broken chain.
Tokens and certs
Section titled “Tokens and certs”metrics-token
Section titled “metrics-token”z4j metrics-token # print the active tokenz4j metrics-token rotate # mint a new token; old one stops workingManages the bearer that gates /metrics. Resolution order: Z4J_METRICS_AUTH_TOKEN, ~/.z4j/secret.env, auto-minted on first boot.
mint-scheduler-cert
Section titled “mint-scheduler-cert”z4j mint-scheduler-cert --cn scheduler-prod-1 --out /etc/z4j/pki/Mints a fresh mTLS client certificate for a z4j-scheduler instance to authenticate to the brain. Adds the CN to the Z4J_SCHEDULER_GRPC_ALLOWED_CNS allow-list if requested with --allow-list. See production hardening.
Destructive
Section titled “Destructive”reset-setup
Section titled “reset-setup”z4j reset-setupWipes pending first-boot tokens and recent setup audit rows. Refuses if an admin user already exists; use reset for a full wipe.
z4j reset # refuses without --forcez4j reset --forceWipes every runtime table (users, sessions, projects, agents, tasks, events, schedules, audit, …). Schema stays; Alembic does not re-run. Leaves z4j in a pre-first-boot state.
Global flags
Section titled “Global flags”| Flag | Description |
|---|---|
-h, --help | Show help for the command |
Per-command flags surface with z4j <command> --help.
z4j-scheduler CLI
Section titled “z4j-scheduler CLI”When you run the standalone scheduler service, the z4j-scheduler CLI ships these commands. See z4j-scheduler for deployment context.
z4j-scheduler serve # run the scheduler processz4j-scheduler version # print installed versionz4j-scheduler check --brain-grpc-url ... # one-line pass/fail healthz4j-scheduler status # introspection (not yet implemented; stub)z4j-scheduler info # resolved settings (not yet implemented; stub)z4j-scheduler doctor # comprehensive diagnosticsz4j-scheduler restart # informational stub (delegates to systemd / k8s)z4j-scheduler import --from <tool> ... # migrate from celery-beat / rq / apscheduler / cronz4j-scheduler export --to <tool> ... # reverse-exportz4j-scheduler schedules add / list / trigger / disable / enable / edit / history ...All commands accept --help. Most read configuration from Z4J_SCHEDULER_* env vars; explicit flags win where provided.
Framework adapter CLIs
Section titled “Framework adapter CLIs”Each framework adapter ships its own doctor plus a few helpers under python -m z4j_<framework>:
python -m z4j_bare doctor # canonical implementationpython -m z4j_flask doctor # same checks; reads Flask app.config or envpython -m z4j_fastapi doctor # same checks; reads envpython -m z4j_django doctor # equivalent Django management command: ./manage.py z4j_doctorAll four implement doctor with the same probes (buffer dir writable, brain DNS / TCP / TLS, WebSocket upgrade) and accept the same flags (--no-websocket, --json). See frameworks/bare for the canonical reference.