Skip to main content
Version: MVP

Local Dashboard

5 min readFor operatorsUpdated 2026-05-22

What you'll do

Launch Craik's authenticated local dashboard, inspect runtime status, and use browser pages for providers, sessions, runs, handoffs, receipts, approvals, gateway logs, skill proposals, and model state.

Local first, authenticated always.

The dashboard binds to 127.0.0.1 by default. Every route requires either a dashboard bearer token or an active operator session; non-local binds require an explicit unsafe-bind acknowledgement.

Launch

Use the dashboard command from a terminal:

craik dashboard

For automation or tests, inspect launch metadata without starting the server:

craik dashboard --dry-run

You can provide a dashboard token through --auth-token or CRAIK_DASHBOARD_TOKEN. The dry-run output reports that token mode is active but does not echo the token value. If no dashboard token is configured, requests must include X-Craik-Operator-Session with the active operator session token.

Pages

Status

Readiness state, selected model, missing setup, and operator posture.

Config · Providers · Auth

Local dashboard posture, visible provider profiles, and auth requirement state.

Sessions · Runs

Persistent agent session and task-run counts from local state.

Handoffs · Receipts

Read-only artifact counts with redacted output boundaries.

Approvals

The dashboard queue surface for approval lifecycle work.

Gateway Logs

The configured gateway log location and runtime status entrypoint.

Skill Proposals

Learning-loop proposal counts and operator action links.

Models

The active model picker state used by the shell and TUI.

Actions

The dashboard exposes a shared action route for slash commands:

POST /api/actions
Authorization: Bearer <dashboard-token>

{"command": "/status"}

Read-only actions return the same slash-command result text as the agent shell and TUI. Browser-origin POSTs must come from the local dashboard origin, and mutating slash-command families such as auth, provider login, model selection, and session resume are rejected by the dashboard action route. Those flows stay governed by their own CLI/runtime handlers and receipt requirements.

Binding

Use the default local-only bind whenever possible:

craik dashboard --host 127.0.0.1 --port 8787

Non-local binds are blocked unless explicitly acknowledged:

craik dashboard --host 0.0.0.0 --allow-unsafe-dashboard-bind --auth-token "$CRAIK_DASHBOARD_TOKEN"

Only use this behind local network controls or a trusted TLS termination layer.

What's next

GuideTerminal UIThe keyboard-first shell that shares the dashboard action registry.SecurityDashboard securityAuthentication, binding, and redaction requirements for local dashboard use.ReferenceSlash commandsThe shared command registry used by shell, TUI, dashboard, and tests.