> ## Documentation Index > Fetch the complete documentation index at: https://docs.coreflux.org/llms.txt > Use this file to discover all available pages before exploring further. # Broker Commands > Complete reference for Coreflux MQTT Broker commands ## Overview The Coreflux MQTT broker provides a rich set of commands that you can use to manage users, rules, models, actions, routes, and more. These commands are published to the `$SYS/Coreflux/Command` topic to control and configure the broker. ## Why Use Broker Commands? Instead of editing configuration files and restarting the broker, you can manage everything at runtime through MQTT messages. Add users, deploy LoT Actions, configure Routes—all without downtime. **Think of broker commands as a remote control for your broker.** You send a message to a special topic, and the broker immediately responds—no SSH, no restarts, no manual file editing. *** ## In This Page | Section | Description | | ------------------------------------------------------- | -------------------------------------------------- | | [Command Format](#command-format) | How to structure commands | | [User Management](#user-management-commands) | Add, remove, and configure users | | [LoT Commands](#lot-commands) | Manage Rules, Models, Actions, and Routes | | [Environment & Secrets](#environment--secrets-commands) | Manage environment variables and encrypted secrets | | [Python Integration](#python-integration-commands) | Add and manage Python scripts | | [System Commands](#system-commands) | Trace logging and diagnostics | *** ## Command Format Commands are sent to the broker via MQTT messages published to the `$SYS/Coreflux/Command` topic. The general format is: ```bash theme={null} -commandName ``` For example: ```bash theme={null} -addAction DEFINE ACTION MyAction ON EVERY 10 SECONDS DO PUBLISH TOPIC "test" WITH "hello" ``` Command responses are published to `$SYS/Coreflux/Command/Output`. Subscribe to this topic to receive feedback from your commands. ## User Management Commands Manage broker users and their credentials. ### Adding a User Create a new user with a username and password: ```bash theme={null} -addUser ``` **Example:** ```bash theme={null} -addUser operator SecurePass123! ``` Response: `User operator added successfully!` ### Removing a User Remove an existing user from the broker: ```bash theme={null} -removeUser ``` **Example:** ```bash theme={null} -removeUser operator ``` Response: `User operator removed successfully!` ### Changing User Password Update a user's password: ```bash theme={null} -changeUserPassword ``` **Example:** ```bash theme={null} -changeUserPassword operator NewSecurePass456! ``` Response: `Password for user operator changed successfully!` ### Changing User Settings Modify specific settings for a user: ```bash theme={null} -changeUserSettings ``` Response: `Settings for user updated successfully!` *** ## LoT Commands Commands for managing LoT (Language of Things) entities. ### Rules Rules define access control and permissions for the broker. See the [Rules documentation](/lot-language/rules/overview) for complete syntax reference. Rules are LoT code and can also be deployed directly from a [LoT Notebook](/quick-start/vscode) by running the cell containing your rule definition. #### Adding a Rule ```bash theme={null} -addRule DEFINE RULE WITH PRIORITY FOR [TO TOPIC ""] IF THEN ALLOW ELSE DENY ``` **Example — Restrict Action creation to admins:** ```bash theme={null} -addRule DEFINE RULE AllowActionCreation WITH PRIORITY 1 FOR ActionManagementCreation IF USER IS "root" OR USER IS "admin" THEN ALLOW ELSE DENY ``` Response: `Rule 'AllowActionCreation' added successfully` **Example — Control topic access:** ```bash theme={null} -addRule DEFINE RULE RestrictSensorPublish WITH PRIORITY 1 FOR Publish TO TOPIC "sensors/#" IF USER HAS SensorPermission THEN ALLOW ELSE DENY ``` Response: `Rule 'RestrictSensorPublish' added successfully` #### Removing a Rule ```bash theme={null} -removeRule ``` **Example:** ```bash theme={null} -removeRule AllowActionCreation ``` Response: `Rule 'AllowActionCreation' removed successfully` *** ### Models Models define data structures for topic payloads. #### Adding a Model ```bash theme={null} -addModel DEFINE MODEL ``` **Example:** ```bash theme={null} -addModel DEFINE MODEL TemperatureSensor WITH TOPIC "sensors/+/temperature" ADD FIELD temperature WITH TYPE Float ADD FIELD unit WITH TYPE String ADD FIELD timestamp WITH TYPE DateTime ``` Response: `Model 'TemperatureSensor' added successfully` #### Removing a Model ```bash theme={null} -removeModel ``` **Example:** ```bash theme={null} -removeModel TemperatureSensor ``` Response: `Model 'TemperatureSensor' removed successfully` #### Removing All Models ```bash theme={null} -removeAllModels ``` Response: `All models removed successfully` This command removes ALL models from the broker. Use with caution. *** ### Actions Actions define automated behaviors triggered by events or schedules. #### Adding an Action ```bash theme={null} -addAction DEFINE ACTION ``` **Example - Time-based Action:** ```bash theme={null} -addAction DEFINE ACTION Heartbeat ON EVERY 10 SECONDS DO PUBLISH TOPIC "system/heartbeat" WITH TIMESTAMP "UTC" ``` **Example - Topic-based Action:** ```bash theme={null} -addAction DEFINE ACTION EchoMessage ON TOPIC "input/data" DO PUBLISH TOPIC "output/echo" WITH PAYLOAD ``` Response: `Action 'Heartbeat' added successfully` #### Removing an Action ```bash theme={null} -removeAction ``` **Example:** ```bash theme={null} -removeAction Heartbeat ``` Response: `Action 'Heartbeat' removed successfully` #### Running an Action Manually Trigger an action to run immediately: ```bash theme={null} -runAction ``` **Example:** ```bash theme={null} -runAction Heartbeat ``` Response: `Action 'Heartbeat' executed successfully` #### Removing All Actions ```bash theme={null} -removeAllActions ``` Response: `All actions removed successfully` *** ### Routes Routes configure connections to external systems and data pipelines. #### Adding a Route ```bash theme={null} -addRoute DEFINE ROUTE WITH TYPE ``` **Example - MQTT Bridge:** ```bash theme={null} -addRoute DEFINE ROUTE CloudBridge WITH TYPE MQTT_BRIDGE ADD SOURCE_CONFIG WITH BROKER SELF ADD DESTINATION_CONFIG WITH BROKER_ADDRESS "iot.cloudprovider.com" WITH BROKER_PORT '8883' WITH USE_TLS true ADD MAPPING sensorData WITH SOURCE_TOPIC "sensors/#" WITH DESTINATION_TOPIC "factory1/sensors/#" WITH DIRECTION "out" ``` Response: `Route 'CloudBridge' added successfully` #### Removing a Route ```bash theme={null} -removeRoute ``` **Example:** ```bash theme={null} -removeRoute CloudBridge ``` Response: `Route 'CloudBridge' removed successfully` #### Listing All Routes Get a list of all registered routes: ```bash theme={null} -listRoutes ``` Response: List of all registered routes with their status #### Getting Route Template Code Retrieve a template for a specific route type: ```bash theme={null} -routeCode ``` **Example:** ```bash theme={null} -routeCode POSTGRESQL ``` Response: Template code with all available parameters for the route type #### Removing All Routes ```bash theme={null} -removeAllRoutes ``` Response: `All routes removed successfully` *** ### Diagnostics Commands for troubleshooting and debugging LoT entities. #### Running LoT Diagnostic Run diagnostics on a specific entity: ```bash theme={null} -lotDiagnostic ``` **Example:** ```bash theme={null} -lotDiagnostic action MyAction ``` Response: Diagnostic information for the specified entity #### Getting Pending Status Check the status of pending models and actions: ```bash theme={null} -getPendingStatus ``` Response: Status of all pending models and actions *** ## Environment & Secrets Commands **Version Requirement:** Environment variable and secret commands are available from **Coreflux Broker v1.9.3** and above. Manage environment variables and encrypted secrets at runtime. Environment variables are stored in plain text in the `.env` file. Secrets are encrypted with AES-256-GCM and stored in `secrets.json`. See [Environment Variables & Secrets](/mqtt-broker/secrets-and-env) for full details. ### Setting an Environment Variable ```bash theme={null} -setEnv NAME=value ``` Persists the variable to the managed `.env` file. **Example:** ```bash theme={null} -setEnv DB_HOST=postgres.example.com ``` Response: `Environment variable 'DB_HOST' set successfully` ### Removing an Environment Variable ```bash theme={null} -removeEnv NAME ``` **Example:** ```bash theme={null} -removeEnv OLD_CONFIG ``` Response: `Environment variable 'OLD_CONFIG' removed successfully` ### Listing Environment Variables ```bash theme={null} -listEnv ``` Response: List of all managed environment variables and their values *** ### Setting a Secret ```bash theme={null} -setSecret NAME=value ``` Encrypts the value with AES-256-GCM and persists it to `secrets.json`. **Example:** ```bash theme={null} -setSecret DB_PASSWORD=my_secure_password ``` Response: `Secret 'DB_PASSWORD' set successfully` ### Removing a Secret ```bash theme={null} -removeSecret NAME ``` **Example:** ```bash theme={null} -removeSecret OLD_API_KEY ``` Response: `Secret 'OLD_API_KEY' removed successfully` ### Listing Secrets ```bash theme={null} -listSecrets ``` Response: List of secret names (values are never displayed) Secret values are never shown in command output, logs, or any broker interface. Only secret names are listed. *** ## Python Integration Commands Manage Python scripts within the broker for custom data processing. ### Adding a Python Script ```bash theme={null} -addPython


```

**Example:**

```bash theme={null}
-addPython Calculator
# Script Name: Calculator

def add(a, b):
    return a + b

def multiply(a, b):
    return a * b
```


  Response: `Python script 'Calculator' added successfully`



  Python scripts must start with `# Script Name: YourScriptName` to be recognized by the system. The script name is used when calling Python functions from LoT actions using the `CALL PYTHON` syntax.


### Removing a Python Script

```bash theme={null}
-removePython 
```

**Example:**

```bash theme={null}
-removePython Calculator
```


  Response: `Python script 'Calculator' removed successfully`


### Installing Python Packages

Install additional Python packages via pip:

```bash theme={null}
-installPythonPackage 
```

**Example:**

```bash theme={null}
-installPythonPackage numpy
```


  Response: `Package 'numpy' installed successfully`


### Listing Installed Packages

View all installed Python packages:

```bash theme={null}
-listPythonPackages
```


  Response: List of all installed Python packages


### Removing All Python Scripts

```bash theme={null}
-removeAllPythonScripts
```


  Response: `All Python scripts removed successfully`


***

## System Commands

### Trace Logging Commands

Trace logging allows you to capture and monitor specific log events in the Coreflux system.

#### Adding a Trace Log Point

```bash theme={null}
-addTraceLog level=,lifetime=,messageContains=,topic=
```

**Parameters:**

| Parameter         | Description                                                    |
| ----------------- | -------------------------------------------------------------- |
| `level`           | Log level: `Debug`, `Information`, `Warning`, `Error`, `Fatal` |
| `lifetime`        | Duration in seconds before the trace point expires             |
| `messageContains` | Filter logs containing this substring                          |
| `topic`           | MQTT topic where matching logs will be published               |

**Example:**

```bash theme={null}
-addTraceLog level=Information,lifetime=3600,messageContains=sensor,topic=logs/sensors
```

This creates a trace point that:

* Captures logs at Information level or higher
* Automatically expires after 3600 seconds (1 hour)
* Only captures logs containing "sensor"
* Publishes matching logs to `logs/sensors`


  Response: `Trace log point added successfully`


#### Listing Trace Log Points

View all active trace points:

```bash theme={null}
-listTraceLogs
```


  Response: List of all active trace log points


#### Removing a Trace Log Point

Remove a specific trace point by topic:

```bash theme={null}
-removeTraceLog 
```

**Example:**

```bash theme={null}
-removeTraceLog logs/sensors
```


  Response: `Trace log point removed successfully`


#### Removing All Trace Log Points

```bash theme={null}
-removeAllTraceLogs
```


  Response: `All trace log points removed successfully`


***

### Connection Status

View the status of all database connections and their recovery patterns:

```bash theme={null}
-connectionStatus
```


  Response: Status of all database connections


### Update Data

Trigger a refresh of broker data:

```bash theme={null}
-updateData
```


  Response: `Data refresh triggered successfully`


***

## Command Authorization

Commands are subject to authorization rules defined in the broker. Not all users may have permission to execute all commands. See the [Rules documentation](/lot-language/rules/overview) for information on setting up access control.


  Always ensure proper access control is configured before exposing the command topic to untrusted clients.


***

## Next Steps


  
    Learn how to create automated behaviors
  

  
    Structure and transform your MQTT data