Server Configuration
Configure the Traverse server with CLI arguments, environment variables, or a TOML config file.
Configuration Priority
Settings are resolved in order of precedence (highest to lowest):
- CLI arguments
- Environment variables
- TOML config file (
traverse.tomlin CWD, or--config) - Default values
CLI Arguments
| Flag | Description | Default |
|---|---|---|
--config, -c <PATH> | Path to TOML config file | traverse.toml (CWD) |
--listen <ADDR> | Bolt protocol listen address | 0.0.0.0:7690 |
--http-listen <ADDR> | HTTP API + Studio listen address. Set to "none", "off", "false", or "disabled" to disable. | 0.0.0.0:7691 |
--data <PATH> | Path to a .tvdb file or directory of .tvdb files | — |
--default-db <NAME> | Default database name | traverse |
--memory-limit <SIZE> | Memory limit (e.g., 4GB, 512MB, or raw byte count) | 90% of system RAM |
--auth <USER:PASS> | Seed admin credentials | — |
--query-timeout <MS> | Query timeout in milliseconds | Unlimited |
--slow-query-threshold <MS> | Slow-query log threshold (ms) | — |
--allowed-ips <CIDR> | Comma-separated CIDR allowlist | All allowed |
--allow-drop-database | Allow DROP DATABASE via HTTP/Studio | Disabled |
--api-key <KEY> | HTTP API key (must start with tvs_) | Auto-generated |
--license-key <KEY> | License key (tskey_ prefix) | — |
--api-base <URL> | License API base URL | https://api.truespar.com |
--tls-cert <PATH> | TLS certificate file | — |
--tls-key <PATH> | TLS private key file | — |
--grpc-listen <ADDR> | gRPC listen address | 0.0.0.0:50051 |
--service-install | Install as Windows service | — |
--service-uninstall | Uninstall Windows service | — |
Environment Variables
Every CLI flag has a corresponding environment variable:
| Variable | CLI Equivalent |
|---|---|
TRAVERSE_LISTEN | --listen |
TRAVERSE_HTTP_LISTEN | --http-listen |
TRAVERSE_DATA | --data |
TRAVERSE_DEFAULT_DB | --default-db |
TRAVERSE_MEMORY_LIMIT | --memory-limit |
TRAVERSE_AUTH | --auth |
TRAVERSE_QUERY_TIMEOUT | --query-timeout |
TRAVERSE_SLOW_QUERY_THRESHOLD | --slow-query-threshold |
TRAVERSE_ALLOWED_IPS | --allowed-ips |
TRAVERSE_ALLOW_DROP_DATABASE | --allow-drop-database (set to "true" or "1") |
TRAVERSE_API_KEY | --api-key |
TRAVERSE_API_BASE | --api-base |
TRAVERSE_LICENSE_KEY | --license-key |
TRAVERSE_TLS_CERT | --tls-cert |
TRAVERSE_TLS_KEY | --tls-key |
TRAVERSE_GRPC_LISTEN | --grpc-listen |
TOML Config File
Place a traverse.toml in the working directory, or specify a path with --config:
listen = "0.0.0.0:7690"
http_listen = "0.0.0.0:7691"
data = "/var/lib/traverse/data"
default_db = "traverse"
memory_limit = "4GB"
auth = "admin:s3cret"
query_timeout = 30000
slow_query_threshold = 1000
allowed_ips = ["192.168.1.0/24", "10.0.0.0/8"]
allow_drop_database = false
api_key = "tvs_your_api_key_here"
api_base = "https://api.truespar.com"
license_key = "tskey_your_key_here"
# TLS (optional)
tls_cert = "/etc/traverse/cert.pem"
tls_key = "/etc/traverse/key.pem"
# gRPC (optional)
grpc_listen = "0.0.0.0:50051"Note: TOML field names use underscores (http_listen) while CLI flags use hyphens (--http-listen).
Data Storage
Traverse is an in-memory database. Data is loaded from .tvdb files on startup and persisted back on graceful shutdown.
- Directory mode:
--data /path/to/dir— scans all*.tvdbfiles; each file stem becomes the database name - File mode:
--data /path/to/file.tvdb— loads a single database named with the--default-dbvalue
Important: Use directory mode when you need to create new databases (e.g., via Studio imports). In file mode, newly created databases have no file path and cannot be saved.
Persisting Data
Data is auto-saved on graceful shutdown. Two ways to trigger:
- SIGTERM/SIGINT (Ctrl+C) — preferred. Do not use
kill -9ortaskkill /Fas these skip the save step. - HTTP API:
POST /api/save— saves all databases immediately.
Authentication
Seeding an Admin User
Use --auth to create an initial admin user on startup:
traverse-server --auth admin:s3cret --data ./dataUser Roles
| Role | Permissions |
|---|---|
ADMIN | Full access: queries, writes, schema, user management, database management |
EDITOR | Queries and writes, no user or database management |
READER | Read-only queries |
Managing Users
Via Cypher (in the CLI or through a Bolt driver):
CREATE USER alice SET PASSWORD 'hunter2' SET ROLE EDITOR;
ALTER USER alice SET ROLE ADMIN;
DROP USER alice;
SHOW USERS;Users can also be managed via the HTTP API (GET/POST/PUT/DELETE /api/users). Passwords are hashed with bcrypt (cost factor 12) and persisted in the .tvdb metadata of the default database.
API Key
The HTTP API and Studio require an API key for authentication. A random key (tvs_ prefix + 32 hex characters, 128-bit entropy) is auto-generated on startup unless you specify one:
traverse-server --api-key tvs_your_custom_key_hereIf you provide a custom key, it must start with the tvs_ prefix.
Clients authenticate with one of:
Authorization: Bearer tvs_...headerX-API-Key: tvs_...header?token=tvs_...query parameter
IP Filtering
Restrict connections by IP address using CIDR notation:
traverse-server --allowed-ips "192.168.1.0/24,10.0.0.0/8"Both IPv4 and IPv6 ranges are supported. When not set, all IPs are allowed. Applied at connection acceptance.
TLS
Enable encrypted connections by providing a certificate and private key:
traverse-server --tls-cert /path/to/cert.pem --tls-key /path/to/key.pemOnce TLS is enabled, Bolt clients connect via bolt+s:// and the HTTP API is served over HTTPS.
Memory Limit
By default Traverse uses up to 90% of system RAM. Override with:
traverse-server --memory-limit 4GBAccepts TB, GB, MB, KB suffixes (case-insensitive), or raw byte counts.
Query Timeout
Set a cooperative query timeout to prevent long-running queries:
traverse-server --query-timeout 30000 # 30 secondsQueries exceeding the timeout are cancelled via a thread-local deadline mechanism.
Slow Query Logging
Log queries that exceed a time threshold:
traverse-server --slow-query-threshold 1000 # log queries taking > 1 secondWindows Service
On Windows, Traverse can be installed as a system service:
REM Install the service (name: TraverseServer, display: "Traverse Graph Database")
traverse-server --service-install
REM Start/stop via sc or net
sc start TraverseServer
sc stop TraverseServer
REM Uninstall
traverse-server --service-uninstallThe service starts automatically on boot (AutoStart), runs as LocalSystem. Configuration is read from traverse.toml in the executable's directory or from environment variables. Logs are written to the Windows Event Viewer.
License
Set a license key to activate Traverse Enterprise and remove trial restrictions:
traverse-server --license-key tskey_your_key_hereLicense features control limits on: maximum databases, maximum nodes/edges per database, maximum concurrent connections, user management, and Graph Assistant (an AI-powered assistant that helps you write Cypher queries and explore your graph data).
License status levels:
- Trial — 30-day trial period
- Active — valid subscription
- Grace Period — 7 days after expiry (cached license data)
- Expired — no active license, no cache