Install Okesu

1. Install the binary

For now, build from source. Pre-built releases are on the roadmap.

2. Bootstrap a control plane

The CP is optional but you'll want it the moment you operate more than one daimon. It serves the dashboard, receives findings, and dispatches orchestration steps.

Browse to https://localhost:8443 — accept the self-signed cert (production deployments use a real cert via the CP config), log in with the admin password printed by init.

3. Deploy a daimon to a host

From the dashboard, go to Fleet → Nodes → Add node. Paste the host's SSH connection details; the CP rsyncs the binary, writes the systemd unit, and registers the daimon. The auto-deploy flow handles upgrades in place.

Want to skip SSH and install manually? Drop the okesu binary on the host, run okesu daemon register --cp https://your-cp:8443 --token <bootstrap>, then start it with your init system of choice.

4. Write your first orchestration

From the dashboard, go to Automation → Orchestrations → New. Paste this:

Save → click Run → watch the run-detail page render the DAG and the agent's findings stream in.

5. Production checklist

• Swap SQLite for Postgres in the CP config when you cross a few thousand findings.
• Federate environments by enabling the federation peer relationship (see the architecture doc on GitHub).
• Open ports 8443 (UI/webhook) and 8444 (mTLS mgmt) only to the networks that need them.
• Configure your LLM provider via env vars (ANTHROPIC_API_KEY etc) — same envvars on the CP for jobs-mode dispatch and on each daimon for tunnel-mode.