ConfigurationDashboard

Dashboard

Kyber includes a secure local web dashboard for viewing and editing configuration.

Starting the dashboard

kyber dashboard

Runs at http://127.0.0.1:18890 by default. On first run, a bearer token is generated automatically and saved to your .env file.

💎 Kyber dashboard running at http://127.0.0.1:18890
  Token: abc123…wxyz  (run with --show-token to reveal)

Revealing the token

kyber show-dashboard-token

Or start the dashboard with the token visible:

kyber dashboard --show-token

The token is stored in ~/.kyber/.env as KYBER_DASHBOARD__AUTH_TOKEN.

Configuration

Non-sensitive dashboard settings live in config.json:

{
  "dashboard": {
    "host": "127.0.0.1",
    "port": 18890,
    "allowedHosts": []
  }
}
FieldTypeDefaultDescription
hoststring127.0.0.1Bind address
portnumber18890Port
allowedHostsarray[]Extra allowed Host headers (required for non-local binding)

The authToken is stored in ~/.kyber/.env, not in config.json.

CLI flags

FlagDescription
--hostOverride bind address
--portOverride port
--show-tokenPrint the full auth token on startup

Security

The dashboard refuses to bind to a non-local address unless allowedHosts is configured. This prevents accidental exposure on public interfaces.

If you need remote access (e.g., on a VPS), the recommended approach is an SSH tunnel. This keeps the dashboard bound to localhost and avoids exposing it publicly.

If you need to bind to a public interface instead, set the host and add your domain:

{
  "dashboard": {
    "host": "0.0.0.0",
    "allowedHosts": ["kyber.example.com"]
  }
}

Use a reverse proxy (nginx, Caddy) with HTTPS in front of it.

Dashboard sections

The web UI has a sidebar with sections for:

  • Providers — API keys and model dropdowns. Each provider card fetches available models from the provider’s API after you enter your key. Custom OpenAI-compatible providers can be added here.
  • Agent — chat and task provider selection (dropdown of configured providers), workspace, temperature, token limits
  • Channels — Discord, Telegram, WhatsApp
  • Tools — web search, shell execution settings
  • Gateway — host and port
  • Skills — install and manage skill packages
  • Cron Jobs — schedule recurring or one-time tasks
  • Security Center — environment security scans, vulnerability findings, malware detection results, and scan history. See the Security Center guide for details.
  • Tasks — view running background tasks and recent results
  • Raw JSON — direct config editor

The topbar includes Restart Gateway and Restart Dashboard buttons for quick service restarts. When you save changes through the dashboard, secrets (API keys, tokens) are automatically written to ~/.kyber/.env and non-sensitive settings go to config.json. The gateway is restarted automatically on save.

Agent SettingsGateway