Agents / Operator

Supervise from
one surface.

Dashboard for approvals and policy. CLI for automation. Every gated action routes through the same queue — no bypass via native shell tools.

Dashboard (:7800)

Approval queue

When an agent triggers approval_required, it appears here. Approve or reject. The agent receives the result asynchronously.

Activity feed

Real-time stream of all capability invocations. Also available via WebSocket on port 7701.

Audit viewer

Hash-chained CBOR log. Filter by agent, capability, tier, time range. Tamper-evident and replayable.

Policy editor

Visual and YAML editor for rules at /data/kruxos/policies/. Four tiers per pattern. Changes hot-reload without restart.

Settings

SectionWhat you control
TokensCreate, rotate, revoke User API Bearer tokens
ModelsAnthropic, OpenAI, OpenRouter, Gemini, local (Ollama/vLLM)
AgentsCreate, configure, schedule agents
VaultManage secrets (use-not-read contract)
WorkspaceAgent working directory

CLI & User API (:7703)

kruxos ships on the appliance at /opt/kruxos/bin/kruxos. User API is loopback HTTP on port 7703 with krx_user_* bearer auth:

$ export KRUXOS_USER_TOKEN=krx_user_... $ kruxos agent list $ kruxos agent create --name <name> $ kruxos user-token create --label ops $ kruxos config show policy $ kruxos audit query --last 1h $ kruxos approve list

Agent scheduling

Five-field cron schedules, one-shot delays, or manual trigger via kruxos agent run <name>. Inter-agent communication via topic-based broker.

Model configuration

Dashboard → Models. Supports Anthropic, OpenAI (+ Codex), OpenRouter (200+ models), Google Gemini, and local inference. Per-agent model assignment.

References: Policy docs · Developer guide · auth.md