Curiosity CLI

Common Options

Most curiosity-cli commands share the same handful of arguments. Rather than repeating them on every page, this page is the canonical reference.

--server / -s

The URL of your workspace, for example https://my-workspace.example.com/. The CLI is lenient about the suffix:

  • https://host/ and https://host/api/ both work.
  • Backslashes are auto-converted to forward slashes.
  • The CLI always normalizes the URL to end with /api/ before calling the workspace.

--token / -t

A Library Token issued by your workspace under Manage → Tokens → Library.

Special value: pass --token auto to read an encrypted token previously stored with store-token for this same server URL.

Avoid putting raw tokens on the command line for non-interactive use — they end up in shell history and process lists. Prefer environment variables (-t "$CURIOSITY_TOKEN") or --token auto.

--timeout

Per-request HTTP timeout, in seconds. Defaults to 90. Bump it when uploading very large files over a slow link, or when running long-running graph operations.

Does not apply to wait-for — that command has its own --max-timeout.

--ignore-certificate-errors / -i

Disable TLS certificate validation for the HTTP client. Local development only — never use against a production workspace. Available on: upload-front-end, serve, wait-for, git-sync.

Mutual TLS

When your workspace requires mTLS, set these environment variables before invoking the CLI — every command picks them up:

Variable Purpose
CURIOSITY_CLI_MUTUAL_TLS_CERTIFICATE_PATH Path to the client certificate (PEM/PFX).
CURIOSITY_CLI_MUTUAL_TLS_PRIVATE_KEY_PATH Path to the matching private key, if the certificate doesn't embed one.

When set, the CLI configures both the HTTP client (for REST calls) and the WebSocket client used by git-sync to present the certificate.

--upload-to and --target-uid

Used by ingestion commands (upload-folder, monitor, ingest-pst) to decide where uploaded content lives.

--upload-to Meaning --target-uid required?
Public Visible to everyone with access to the workspace. Default. No
Group Restricted to a workspace group. Yes — group UID.
UserPublic Owned by a user, but discoverable by others if ACLs allow. Yes — user UID.
UserPrivate Owned by a user, private to them. Yes — user UID.

For file-level ACLs from Active Directory, use upload-folder-with-permissions / monitor-with-permissions instead — those commands force --upload-to Custom and use the ACL cache.

Logging

All commands accept the same logging-control arguments via the underlying Logging helper:

  • --log-level <Trace|Debug|Information|Warning|Error|Critical|None> — set the console log level.
  • --logs-path <path> — also write logs to a file.

Logs are flushed before the process exits, so capture is safe in CI.

Exit codes

  • 0 — success.
  • 1 — a command-line parsing error (an option was missing or had the wrong type).
  • 2 — the command threw at runtime; the exception is logged.

CI scripts can branch on these directly without parsing stdout.

Bandwidth throttling

Ingestion commands accept --bandwidth <Mbps> to cap the read rate. The CLI converts this into bytes/second and applies it via ThrottledReadStream. Use this when ingesting from a network share that's also serving production traffic.

Referenced by

© 2026 Curiosity CLI. All rights reserved.