Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Configuration

AeorDB is configured through CLI flags at startup and through configuration files stored inside the database itself.

CLI Flags

aeordb start [OPTIONS]
FlagDefaultDescription
--port, -p3000HTTP listen port
--database, -Ddata.aeordbPath to the database file (created if it does not exist)
--authself-containedAuth provider URI (see Auth Modes)
--hot-dirdatabase parent dirDirectory for write-ahead hot files (crash recovery journal)
--corsdisabledCORS allowed origins (see CORS)
--log-formatprettyLog output format: pretty or json

Examples

# Minimal: local development with no auth
aeordb start --database dev.aeordb --port 8080 --auth false

# Production: custom port, explicit hot directory, CORS for your frontend
aeordb start \
  --database /var/lib/aeordb/prod.aeordb \
  --port 443 \
  --hot-dir /var/lib/aeordb/hot \
  --cors "https://myapp.com,https://admin.myapp.com" \
  --log-format json

Auth Modes

The --auth flag controls how authentication works:

ValueBehavior
false (or null, no, 0)Auth disabled – all requests are allowed without tokens. Use for local development only.
(omitted)Self-contained mode (default). AeorDB manages its own users, API keys, and JWT tokens. A root API key is printed on first startup.
file:///path/to/identity.jsonExternal identity file. AeorDB loads cryptographic keys from the specified file. A bootstrap API key is generated on first use.

Self-Contained Auth (Default)

On first startup, AeorDB creates an internal identity store and prints a root API key:

Root API key: aeor_ak_7f3b2a1c...

Use this key to create additional users and API keys via the admin API. If you lose the root key, use aeordb emergency-reset to generate a new one.

Obtaining a JWT Token

# Exchange API key for a JWT token
curl -X POST http://localhost:3000/auth/token \
  -H "Content-Type: application/json" \
  -d '{"api_key": "aeor_ak_7f3b2a1c..."}'

# Use the token for subsequent requests
curl http://localhost:3000/engine/users/ \
  -H "Authorization: Bearer eyJhbG..."

CORS

Global CORS via CLI

The --cors flag sets allowed origins for all routes:

# Allow all origins
aeordb start --cors "*"

# Allow specific origins (comma-separated)
aeordb start --cors "https://myapp.com,https://admin.myapp.com"

Without --cors, no CORS headers are sent and cross-origin browser requests will fail.

Per-Path CORS

For fine-grained control, store a /.config/cors.json file in the database:

curl -X PUT http://localhost:3000/engine/.config/cors.json \
  -H "Content-Type: application/json" \
  -d '{
    "rules": [
      {
        "path": "/public/",
        "origins": ["*"],
        "methods": ["GET", "HEAD"],
        "headers": ["Content-Type"]
      },
      {
        "path": "/api/",
        "origins": ["https://myapp.com"],
        "methods": ["GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS"],
        "headers": ["Content-Type", "Authorization"]
      }
    ]
  }'

Per-path rules are checked first. If no rule matches the request path, the global --cors setting applies.

Index Configuration

Indexes are configured per-directory by storing a .config/indexes.json file under the directory path. When this file changes, the engine automatically triggers a background reindex of all files in that directory.

{
  "indexes": [
    {"name": "title", "type": "string"},
    {"name": "age", "type": "u64"},
    {"name": "email", "type": ["string", "trigram"]},
    {"name": "created", "type": "timestamp"}
  ]
}

Index Types

TypeDescriptionUse Case
u64Unsigned 64-bit integerCounts, IDs, sizes
i64Signed 64-bit integerTemperatures, offsets, balances
f6464-bit floating pointCoordinates, measurements, scores
stringExact string matchCategories, statuses, enum values
timestampUTC millisecond timestampDate ranges, temporal queries
trigramTrigram-based fuzzy textTypo-tolerant search, substring matching
phoneticPhonetic matching (Soundex)Name search (“Smith” matches “Smyth”)
soundexSoundex encodingAlternative phonetic matching
dmetaphoneDouble MetaphoneMulti-cultural phonetic matching

Multi-Strategy Indexes

A single field can have multiple index types. Specify type as an array:

{"name": "title", "type": ["string", "trigram", "phonetic"]}

This creates three index files (title.string.idx, title.trigram.idx, title.phonetic.idx) from the same source field. Use the appropriate query operator to target each index type.

Source Resolution

By default, the index name is used as the JSON field name. For nested fields or parser output, use the source array:

{
  "parser": "pdf-extractor",
  "indexes": [
    {"name": "title", "source": ["metadata", "title"], "type": "string"},
    {"name": "author", "source": ["metadata", "author"], "type": ["string", "trigram"]},
    {"name": "page_count", "source": ["metadata", "pages"], "type": "u64"}
  ]
}

See Indexing & Queries for the full indexing reference.

Cron Configuration

Schedule recurring background tasks by storing /.config/cron.json:

curl -X PUT http://localhost:3000/engine/.config/cron.json \
  -H "Content-Type: application/json" \
  -d '{
    "schedules": [
      {
        "id": "weekly-gc",
        "task_type": "gc",
        "schedule": "0 3 * * 0",
        "args": {},
        "enabled": true
      },
      {
        "id": "nightly-reindex",
        "task_type": "reindex",
        "schedule": "0 2 * * *",
        "args": {"path": "/data/"},
        "enabled": true
      }
    ]
  }'

The schedule field uses standard 5-field cron syntax: minute hour day_of_month month day_of_week. Cron schedules can also be managed via the HTTP API at /admin/cron.

Compression

AeorDB uses zstd compression automatically when configured. To enable compression for a directory, add the compression field to the index config:

{
  "compression": "zstd",
  "indexes": [
    {"name": "title", "type": "string"}
  ]
}

Auto-Detection

When compression is enabled, the engine applies heuristics to decide whether to actually compress each file:

  • Files smaller than 500 bytes are stored uncompressed (header overhead negates savings)
  • Already-compressed formats (JPEG, PNG, MP4, ZIP, etc.) are stored uncompressed
  • Text, JSON, XML, and other compressible types are compressed with zstd

Compression is transparent – reads automatically decompress. The content hash is always computed on the raw uncompressed data, so deduplication works regardless of compression settings.