Open https://localhost:7800. User API (:7703) is loopback-only — no port mapping needed.
Code Sessions not supported in Docker. The dashboard /code page needs cgroup v2 delegation that Docker cannot reliably provide. Use a VM or bare-metal image for code-session workloads. All other features — gateway, dashboard, agents, capabilities, vault, audit — work normally.
Create VM: Linux → Other Linux (64-bit), 2048 MB RAM
Attach .vmdk as boot disk
Forward ports 7700, 7701, 7800 to the host
Start VM — console banner shows dashboard URL
Boot with Vagrant (x86_64)
$vagrant box addkruxos ./kruxos-x86_64.box$vagrant initkruxos && vagrant up
Default VM firewall accepts TCP 22, 7700, 7701, 7702, 7800. Open https://<vm-ip>:7800.
Verify from VM console: kruxos verify and kruxos sandbox diagnose
Bare metal
Write the raw disk image directly to USB, SSD, or NVMe. Best for dedicated agent infrastructure, maximum sandbox performance, and air-gapped deployments.
$gunzipkruxos-x86_64.img.gz# Replace /dev/sdX with your target device — this erases the disk$sudo ddif=kruxos-x86_64.img of=/dev/sdX bs=4M status=progress conv=fsync$sync
Double-check the target device.dd overwrites the entire disk. Use lsblk or diskutil list to confirm /dev/sdX before writing.
Boot and access
Boot the machine from the USB/SSD (UEFI or legacy BIOS)
Console banner shows the dashboard URL — typically https://<host-ip>:7800
Ensure firewall allows inbound 7700 (agents) and 7800 (operators) on your management network
Keep 7701 (supervision) restricted to localhost or a management VLAN
Verify: kruxos verify from the console (vault passphrase unlocks console root).