Skip to main content

Dashboard

The dashboard is served by agent-core on port 8080. Authentication uses session cookies; the admin user is configured via DASHBOARD_USER / DASHBOARD_PASSWORD. For public-facing deployments, put your own reverse proxy (nginx, Caddy, Cloudflare Tunnel) in front of port 8080 for TLS.

151 HTTP endpoints across the dashboard, organized into five sidebar sections plus a handful of utility surfaces.

Authentication

Sign in at /login. Sessions are signed by DASHBOARD_SECRET (the installer generates 64 random hex chars). Logout at /auth/logout.

CSRF tokens are session-bound — the validator compares the stored token with the session ID, not just the token value. Argon2 password hashing; login rate-limited to 5 attempts per 5 minutes.

If DASHBOARD_USER / DASHBOARD_PASSWORD are not set on first boot, a temporary password is generated and printed once to stderr — wasp logs | grep dashboard.credentials to retrieve it.

Sections

Dashboard

PageURLPurpose
Overview/overviewTop-level snapshot — active goals, recent traces, queue depths
Chat/chatInteractive chat (SSE streaming via POST /chat/stream)
Cmd/cmdCommand palette — search across pages

Configurations

PageURLPurpose
Identity/identityAgent name, born_at, total_xp, level, persona
Config Center/configprime.md editor + 12 feature flags + runtime parameters
Skills/skillsInstalled skills, capability levels, custom skill files
Models/modelsProviders, default model, full catalog (no health-gating)
Integrations/integrations40+ connectors with circuit-breaker state

System

PageURLPurpose
Scheduler/schedulerRecurring tasks, custom tasks, monitor list
Agents/agentsSub-agent CRUD, status, message log
Goals/goalsActive and historical goals with TaskGraph visualization
Subscriptions/subscriptionsRSS feeds and price alerts
Health/healthCPI, memory, queues, model liveness

Governance

PageURLPurpose
Self-Improve/self-improvePending AI proposals — diff viewer, Apply/Reject, applied history
Behavioral Rules/behavioral-rulesLearned rules — view, filter, toggle, delete
Audit/auditPer-action AuditLog with keyset pagination
Reset/resetPanic Reset (hard confirmation gate)

Observability

PageURLPurpose
Traces/tracesPer-response forensic trace
Live/liveSSE feed of real-time events
Metrics/metricsLatency histograms, error rates, token usage
Cognitive/cognitiveSelf-model, epistemic state, integrity report
Memory/memoryMemory tree browser
Knowledge Graph/knowledge-graphForce-directed canvas of entities and relations
World Model/world-modelTemporal observations, entity timelines
Vector Memory/vector-memorySemantic similarity search
Brain/brainStats and persona overview
Tasks/tasksTask execution log
Skill Evolution/skill-evolutionComposite skill candidates + capability evolution
Opportunities/opportunitiesDetected automation opportunities
State/stateCurrent execution state

Streaming chat (SSE)

POST /chat/stream opens a Server-Sent Events stream. Each event is a JSON object:

event: progress
data: {"step": 1, "skill": "web_search", "status": "running"}

event: chunk
data: {"text": "Found 12 results. Reading top 3..."}

event: done
data: {"final": "..."}

The chat UI (/chat) consumes the stream and renders progress + final text incrementally.

Decision Trace forensics

/traces is the dashboard's most valuable forensic page. Every response — fast-path, Decision Layer route, or full LLM loop — emits a trace. The page lists traces with filters (chat_id, time range, request tier) and clicking a row shows the full guard chain output.

See Audit Logs → Decision Trace for the schema.

Self-Improve workflow

  1. The agent (or you, manually) proposes a patch via self_improve(action="propose").
  2. The proposal lands at /self-improve with a diff viewer.
  3. You review the diff. If acceptable, click Apply:
    • ast.parse() validates Python syntax.
    • Soft Safety Gate checks for critical-path weakening.
    • Timestamped backup is created at /data/src_patches/backup_*.
    • File is written.
    • The change persists across rebuilds via apply_persisted_patches() at startup.
  4. Or click Reject — proposal is dismissed.
  5. After Apply, rebuild and recreate agent-core for the change to take effect.

Reset workflow

/reset requires hard confirmation:

  • Operator types RESET WASP exactly into a readonly input (paste blocked at the DOM level).
  • Submit → progress console streams each step:
    1. Truncate 17 cognitive tables.
    2. Wipe 12+ Redis key patterns.
    3. Reset agent identity (born_at → now, total_xp → 0).
    4. Reset self-model to empty {}.
    5. Run VACUUM FULL.
    6. Write AuditLog entry.
  • On completion: green-bordered result card + WaspToast notification.

What survives: API keys, custom Python skills, /data/src_patches/ backups, prime.md, subscriptions.

Health page

The single most important page for daily operation. See Monitoring → /health page.

See also