REFERENCE · CLI

`meridian-nip` CLI reference

Command-line interface to Meridian. Installed as /usr/local/bin/meridian-nip; delegates to the app's Click handlers inside the Meridian venv.

Top-level

meridian-nip --help
meridian-nip version              # release + fingerprint + install uuid
meridian-nip doctor               # pre-flight check (DB, keys, logs)

Users

meridian-nip users create \
  --username <name> \
  --email <addr> \
  --role {super_admin|admin|analyst|viewer} \
  --temp-password <pw> \
  [--force-change-at-login]

meridian-nip users list
meridian-nip users disable --username <name>
meridian-nip users enable  --username <name>
meridian-nip users reset-password --username <name>  # prints new temp pw
meridian-nip users set-concurrent-sessions --username <name> --max <N>

Jobs

meridian-nip jobs list
meridian-nip jobs run <name>
meridian-nip jobs history <name> [--limit N]
meridian-nip jobs disable <name>
meridian-nip jobs enable <name>
meridian-nip jobs edit <name>      # opens $EDITOR with the job's YAML

Integrity

meridian-nip integrity scan [--verbose]
meridian-nip integrity verify-row --table <t> --id <id>
meridian-nip integrity rotate-hmac-key    # generates new row_hmac.key; re-hashes the chain

Secrets vault

meridian-nip secrets list
meridian-nip secrets get <name>    # prints the plaintext; audit-logged
meridian-nip secrets set <name> --category {api_key|password|token|...}
meridian-nip secrets rotate-master # re-encrypts everything under a new master key

Audit

meridian-nip audit export --since "24h ago" [--output file.json]
meridian-nip audit tail             # live follow (like journalctl -f)
meridian-nip audit search --action "ad.user.reset_password" --limit 100

Backup + restore

meridian-nip backup create [--include-keys] [--output /path/]
meridian-nip backup list
meridian-nip backup verify <bundle>
meridian-nip backup restore <bundle>  # confirms before acting
# Equivalent shell wrappers: /opt/meridian/scripts/backup.sh · restore.sh

OSS / SBOM

meridian-nip oss scan               # refresh oss_components
meridian-nip oss sbom --format cyclonedx_json > sbom.json
meridian-nip oss compliance-report  # diff vs last scan

Upgrade

meridian-nip upgrade check          # what's available
meridian-nip upgrade plan           # dry-run with diff
meridian-nip upgrade apply          # with pre-snapshot + rollback on failure
meridian-nip upgrade rollback       # to the last pre-snapshot

Exit codes

Code	Meaning
0	Success
1	Generic failure (command-specific)
2	Invalid arguments
3	Permission denied (missing permission or approval required)
4	License error (expired, invalid, revoked)
5	Integrity mismatch detected
6	Network/vendor-server unreachable (when required)
127	venv missing (run install.sh)

Environment variables

Name	Default	Purpose
`MERIDIAN_CONFIG`	`/etc/meridian/meridian.conf`	Path to the main config file
`MERIDIAN_DB_NAME`	`meridian`	DB name override for backup/restore scripts
`MERIDIAN_DB_USER`	`meridian`	DB role override

MERIDIAN 1.0.0 · DOCUMENTATION

meridiannip.com ↗

meridian-nip CLI reference

Top-level

Users

Jobs

Integrity

Secrets vault

Audit

Backup + restore

OSS / SBOM

Upgrade

Exit codes

Environment variables

`meridian-nip` CLI reference