Skip to main content
Captain is MeepaGateway’s built-in web dashboard. It runs at http://localhost:63372 when the gateway is started. Everything in the dashboard is also available via the CLI and the Captain HTTP API.

First-time setup

When the gateway starts with no config file, it enters setup mode:
  1. A one-time setup code is printed to the terminal
  2. Open http://localhost:63372/setup in your browser
  3. Enter the setup code to verify local access
  4. Set a password for future logins
  5. Configure your LLM provider and first agent connector
  6. The gateway writes the config file and starts normally
============================================
FIRST-TIME SETUP
============================================
Open http://127.0.0.1:63372/setup
Setup code: ABC-123-XYZ
============================================
To re-run setup: 
meepagateway setup

Headless / automated setup

For unattended deployments (cloud-init, Docker, CI), set MEEPAGATEWAY_PASSWORD before the first run. The gateway will hash the password, write it to config, and start normally without displaying a setup code: 
export MEEPAGATEWAY_PASSWORD="your-strong-password"
meepagateway start
This env var is only read when no password_hash exists in config. Once a hash is written, it is ignored on subsequent starts.

Authentication

Captain supports three authentication methods.

Password

Set during setup. Stored as an Argon2 hash in the config file under captain.password_hash. Change it via the dashboard Settings page or: 
curl -X POST http://localhost:63372/api/captain/auth/password \
  -H "Cookie: captain_session=..." \
  -H "Content-Type: application/json" \
  -d '{"current_password": "old", "new_password": "new"}'

API keys

For programmatic access. Each key has a name and a cptn_ prefix displayed in the dashboard. 
# Create
meepagateway api-key create "ci-deploy"
# Returns the full key once — store it securely

# List
meepagateway api-key list

# Revoke
meepagateway api-key revoke <id>
Use the key via header or env var: 
curl -H "Authorization: Bearer cptn_abc123..." http://localhost:63372/api/captain/status
MEEPA_API_KEY="cptn_abc123..." meepagateway agent list

WebAuthn (passkeys)

Hardware key or biometric authentication. Register credentials via the dashboard Settings page. Credentials are stored in the config file under captain.webauthn_credentials.

Configuration

captain:
  enabled: true
  bind: 127.0.0.1      # localhost only by default
  port: 63372
  exposure: local       # see exposure modes below
Exposure modes:
ValueBehavior
localBind 127.0.0.1 — localhost only (default)
lanBind 0.0.0.0 — accessible on the local network
tailscale_privateBind 127.0.0.1, tailscale serve proxies
cloudflare_tunnelBind 127.0.0.1, Cloudflare tunnel routes inbound
tailscale_funnelBind 0.0.0.0, Tailscale Funnel
reverse_proxyBind 0.0.0.0, user-managed reverse proxy
When exposing Captain beyond localhost, always use a strong password and TLS termination.

API reference

All dashboard operations are available via the Captain API at http://localhost:63372/api/captain/.

Status

No authentication required. 
curl http://localhost:63372/health
# {"status":"ok","version":"..."}

curl http://localhost:63372/api/captain/status
# {"version":"...","status":"running"}

Auth endpoints

MethodPathDescription
POST/api/captain/auth/loginPassword login
POST/api/captain/auth/logoutLogout
POST/api/captain/auth/setupComplete first-time setup
POST/api/captain/auth/passwordChange password
GET/api/captain/auth/api-keysList API keys
POST/api/captain/auth/api-keysCreate API key
DELETE/api/captain/auth/api-keys/{id}Revoke API key
GET/api/captain/auth/checkCheck auth status

Config endpoints

MethodPathDescription
GET/api/captain/configGet parsed config
PUT/api/captain/configReplace config
PATCH/api/captain/config/{section}Update a config section
GET/api/captain/config/rawGet raw config file
PUT/api/captain/config/rawReplace raw config file
POST/api/captain/config/testValidate config without saving
POST/api/captain/config/reloadReload config from disk
POST/api/captain/config/resetReset config to defaults
POST/api/captain/restartRestart the gateway

Agent endpoints

MethodPathDescription
GET/api/captain/agentsList agents
POST/api/captain/agentsCreate agent
GET/api/captain/agents/{id}Get agent
PATCH/api/captain/agents/{id}Update agent
DELETE/api/captain/agents/{id}Delete agent
GET/api/captain/agents/{id}/soulGet soul
PUT/api/captain/agents/{id}/soulUpdate soul
GET/api/captain/agents/{id}/agents-mdGet AGENTS.md
GET/api/captain/agents/{id}/memoryGet MEMORY.md
PUT/api/captain/agents/{id}/memoryUpdate MEMORY.md
GET/api/captain/agents/{id}/userGet USER.md
PUT/api/captain/agents/{id}/userUpdate USER.md
GET/api/captain/agents/{id}/skillsList skills
GET/api/captain/agents/{id}/skills/{name}Get skill
PUT/api/captain/agents/{id}/skills/{name}Create or update skill
DELETE/api/captain/agents/{id}/skills/{name}Delete skill
GET/api/captain/agents/{id}/connectorsList connectors
POST/api/captain/agents/{id}/connectorsAdd connector
PUT/api/captain/agents/{id}/connectors/{name}Update connector
DELETE/api/captain/agents/{id}/connectors/{name}Remove connector
GET/api/captain/agents/{id}/mcp/serversList MCP servers
POST/api/captain/agents/{id}/mcp/serversAdd MCP server
DELETE/api/captain/agents/{id}/mcp/servers/{name}Remove MCP server
POST/api/captain/agents/{id}/mcp/servers/{name}/testTest MCP server
GET/api/captain/agents/{id}/cronList cron jobs
POST/api/captain/agents/{id}/cronCreate cron job
GET/api/captain/agents/{id}/cron/{job_id}Get cron job
PATCH/api/captain/agents/{id}/cron/{job_id}Update cron job
DELETE/api/captain/agents/{id}/cron/{job_id}Delete cron job
POST/api/captain/agents/{id}/cron/{job_id}/runTrigger cron job now

Example: create an agent

curl -X POST http://localhost:63372/api/captain/agents \
  -H "Authorization: Bearer $MEEPA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"id": "coder", "name": "Code Helper", "provider": "anthropic"}'

Example: update agent soul

curl -X PUT http://localhost:63372/api/captain/agents/meepa/soul \
  -H "Authorization: Bearer $MEEPA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"content": "# Meepa\n\nYou are a helpful assistant..."}'

Example: add a connector

curl -X POST http://localhost:63372/api/captain/agents/meepa/connectors \
  -H "Authorization: Bearer $MEEPA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "discord-bot", "type": "discord", "discord": {"bot_token": "Bot.Token..."}}'

Security recommendations

  • Keep bind: 127.0.0.1 unless you need remote access. Use a reverse proxy with TLS for public exposure.
  • Create dedicated API keys for CI/CD pipelines. Revoke them when no longer needed.
  • Use a strong, unique password. The gateway uses Argon2 hashing.
  • Consider WebAuthn for unphishable authentication on personal deployments.