TypeDB Admin Tool
typedb admin is a CLI tool bundled with every TypeDB distribution.
It connects to the server’s local-only admin endpoint to inspect server status and run administrative commands such as resetting a user’s password.
The admin endpoint is a Unix domain socket on Linux and macOS, and a Named Pipe on Windows.
Access is enforced by the operating system: the socket file is created with mode 0600 (owner-only) on Unix, and the Named Pipe carries a DACL that grants access only to the server’s owner, LOCAL SYSTEM, and BUILTIN\Administrators on Windows.
The admin tool must run on the same host as the server.
Connect
The admin endpoint is off by default.
Start the server with the admin endpoint enabled — see Server configuration / Admin endpoint.
By default, the endpoint is at <data-directory>/admin.sock on Linux/macOS and \\.\pipe\typedb-admin on Windows; both can be overridden with server.admin.socket-path.
Point the admin tool at that path (providing the socket path is required to choose the server to connect to):
# Linux/macOS
typedb admin --socket-path /var/lib/typedb/data/admin.sock
# Windows
typedb admin --socket-path \\.\pipe\typedb-adminModes
The admin tool supports three modes.
Interactive (REPL)
Run with no --command or --script to enter an interactive REPL.
typedb admin --socket-path /var/lib/typedb/data/admin.sockThe REPL prints the connected server’s distribution and version, then accepts commands one at a time. Use help to list available commands, and exit to quit.
One-shot commands
Pass one or more --command (-c) flags to execute commands and exit. Useful in scripts and CI checks.
typedb admin --socket-path /var/lib/typedb/data/admin.sock --command "server status"
typedb admin --socket-path /var/lib/typedb/data/admin.sock -c "server version" -c "server status"The exit code is non-zero if any command fails.
Commands
Built-in commands |
|
|
Print the running server’s distribution name and version. |
|
Print every endpoint the server is serving and advertising (gRPC, HTTP, admin, monitoring). |
|
Reset the password of an existing user. If the new password is omitted, the tool prompts for it interactively (no echo) or reads one line from |
|
List all available commands. |
|
Leave the REPL. |
Examples
Inspect server status
$ typedb admin --socket-path /var/lib/typedb/data/admin.sock --command "server status"
Status: running
Serving:
gRPC: 0.0.0.0:1729
HTTP: 0.0.0.0:8000
Admin: /var/lib/typedb/data/admin.sock (Unix socket)
Monitoring: http://127.0.0.1:4104/diagnostics (Prometheus scrape)
http://127.0.0.1:4104/diagnostics?format=json (JSON)Connection errors
The admin tool verifies the socket file before connecting on Unix. Common errors:
|
The server is not listening on the given path, or the path is for a different server instance. |
|
The path does not exist or is unreadable to the user running |
|
The path resolves to a regular file or directory rather than a socket. The server is either not running or wrote to the wrong path. |
|
The socket file’s permission bits were changed after the server created it. Restart the server to recreate the socket with the correct mode. |
On Windows, access checks are performed by the kernel when opening the pipe; permission errors surface as connection failures ([ADM1]).