Getting started
The AcasoOS management console is a static web client for any AcasoOS instance. Connect once with a long-lived API key, exchange it for a short-lived session, then manage agents, users, roles, context, audit, and tenants from the browser.
How it works
The console runs entirely in your browser. There is no console-side backend, no proxy, no shared identity store. Every request goes from your tab to the AcasoOS instance you connected to.
See Architecture for the data path and Security model for how credentials are handled.
Before you connect
You need three things.
A reachable instance URL
For example http://localhost:8001 for local dev, or your production deployment.
A long-lived admin API key
Mint one on the AcasoOS host:
make mint-keyThis mints an admin key for the default tenant, owned by the Management Console Application. To target a different tenant, set the slug in the environment first:
ACASO_BOOTSTRAP_TENANT_SLUG=acme make mint-keyThe CLI prints the key value once. Store it in your password manager. End-user identity is supplied per request (the X-Acaso-User-Id header), not baked into the key.
An origin entry in ACASO_CONSOLE_ORIGINS
The console's origin must be listed in the AcasoOS instance's ACASO_CONSOLE_ORIGINS env var. For local dev that is http://localhost:3000; for production it is https://os.aca.so.
Your first connection
Open the console and submit the Connect form with the URL, a friendly label, and your long-lived key. The console calls POST {url}/v1/auth/session, receives a session token, and routes you to /agents.
After the exchange, only the session token and your resolved user identity sit in sessionStorage. The long-lived key is wiped from memory. Closing the tab clears the session entirely; opening a fresh tab requires you to paste the key again.
Tip: You can save several connections (production, staging, localhost) and switch between them from the top-left switcher. Each switch re-mounts data fetches against the chosen instance.