---
title: Operator Guide — KruxOS
description: How operators supervise agents via the dashboard, CLI, and policy editor.
---

# Operator Guide

## Dashboard (:7800)

HTTPS with self-signed cert by default. Login uses bcrypt passphrase from vault wizard step.

- **Approval queue** — approve/reject `approval_required` calls
- **Activity feed** — real-time invocations (also via WS :7701)
- **Audit viewer** — hash-chained CBOR log
- **Policy editor** — visual + YAML at `/data/kruxos/policies/`
- **Settings** — tokens, models, agents, vault, workspace

## CLI

Ships on appliance at `/opt/kruxos/bin/kruxos`. Docker: `docker exec kruxos kruxos <cmd>`.

```bash
export KRUXOS_USER_TOKEN=krx_user_...

kruxos agent list
kruxos agent create --name <name>
kruxos agent revoke <name>
kruxos user-token create --label <label>
kruxos config show policy
kruxos audit query --last 1h
kruxos approve list
```

## User API {#user-api}

Loopback HTTP on port 7703. Bearer auth with `krx_user_*` token:

```http
GET http://127.0.0.1:7703/api/user/files
Authorization: Bearer krx_user_...
```

## Token management

- **Agent keys**: `kruxos agent create` / `rotate` / `revoke` / `restore`
- **User tokens**: `kruxos user-token create` / `revoke` or Dashboard → Settings → Tokens

## References

- [CLI guide](https://docs.kruxos.com/quickstart/cli/)
- [Dashboard guide](https://docs.kruxos.com/quickstart/dashboard/)
- [Policy docs](https://docs.kruxos.com/guides/policies/)
- [auth.md](https://kruxos.com/auth.md)