Community
Free — 1 device
Neo4j backend, CLI + basic topology; no license key required
Installation
Run Network Discovery locally using Python.
Prerequisites
- Python 3.10+ (for local execution)
- Neo4j Database (Community Edition or Aura Free)
Option 1: Docker Installation (Recommended)
The easiest way to run MeshOptixIQ is via our official Docker image.
docker pull meshoptixiq/discovery-agent:latestRun with Docker
docker run -d \
-e NEO4J_URI="bolt://host.docker.internal:7687" \
-e NEO4J_PASSWORD="your-password" \
-v $(pwd)/configs:/app/configs \
meshoptixiq/discovery-agent:latestEnterprise Image
Enterprise plan customers have access to the enterprise-latest image, which adds secrets management (Vault, AWS, Azure, GCP), OIDC authentication, SIEM audit logging, and APM observability.
docker pull meshoptixiq/discovery-agent:enterprise-latestOption 2: Binary Installation (CLI Only)
If you only need the meshq CLI tool for ingestion or querying without the full Docker stack:
- Download the latest release from GitHub Releases.
- Make it executable:
chmod +x meshq - Move to path:
sudo mv meshq /usr/local/bin/ - Verify:
meshq version
Option 3: Source Installation
Configure Environment
Set your Neo4j credentials:
export NEO4J_URI="bolt://localhost:7687"
export NEO4J_USER="neo4j"
export NEO4J_PASSWORD="your-password"Run Ingestion
# Example: Ingest from a directory of config files
python -m network_discovery.ingest --source ./configsLicense Activation
The license key is set only on the API server. The CLI (meshq) and MCP server read the plan from the local API via MESHOPTIXIQ_API_URL — they do not need the key themselves.
Obtaining a License
Purchase a license at: https://meshoptixiq.com/pricing
Starter
1 installation, up to 100 devices
Neo4j backend, REST API included
Pro
Up to 750 devices
Neo4j or PostgreSQL, firewall queries, MCP server, Redis clustering
Enterprise
Unlimited devices
OIDC/SSO, HA cluster support, SOAR webhooks, dedicated support
Method 1: Environment Variable (Docker — API server)
Set the license key on the API server container. The CLI does not need it.
export MESHOPTIXIQ_LICENSE_KEY="mq-prod-xxxxxxxxxx"
# API server (needs the key)
docker run -e MESHOPTIXIQ_LICENSE_KEY \
-e API_KEY="changeme" \
-e NEO4J_URI="bolt://host.docker.internal:7687" \
-e NEO4J_PASSWORD="your-password" \
-p 8000:8000 \
meshoptixiq/discovery-agent:latest
# CLI (points to the API server — no license key needed)
docker run -e MESHOPTIXIQ_API_URL="http://host.docker.internal:8000" \
meshoptixiq/discovery-agent:latest meshq ingest --source /app/configs/inventory.yamlMethod 2: License File (Persistent — API server host)
Recommended for VM or bare-metal API server installations:
# On the API server host
mkdir -p ~/.meshoptixiq
echo "mq-prod-xxxxxxxxxx" > ~/.meshoptixiq/license.key
chmod 600 ~/.meshoptixiq/license.keyVerification
After activating your license on the API server, verify it is active:
# Via CLI (delegates to API)
meshq license
# Direct API query (no auth required)
curl http://localhost:8000/health/license
# {"plan":"pro","expires":"2027-12-31","days_remaining":310,"demo_mode":false}Offline Operation & Grace Period
The API server includes a 72-hour grace period for offline operation. If it cannot reach the remote license server, it continues working for 72 hours. The CLI and MCP server are unaffected as long as the local API is reachable. Once connectivity is restored, validation resumes automatically.
Troubleshooting
If you encounter license-related issues, see the Troubleshooting Guide for solutions to:
- Cannot reach local API (CLI/MCP)
- License expired (API server)
- Device limit exceeded
- Grace period activation