Authentication
AgentLens includes a full multi-tenant authentication system — each user’s traces, alert rules, and API keys are fully isolated.
Default Admin Account
Section titled “Default Admin Account”On first startup, AgentLens creates a default admin account:
| Field | Default |
|---|---|
admin@agentlens.local | |
| Password | changeme |
Change the password immediately in production.
Navigate to http://localhost:3000 — you’ll be redirected to the login page automatically.
Enter your email and password to receive a JWT session (valid for 24 hours).
User Registration
Section titled “User Registration”New users can register at /register on the dashboard. Each user’s data is fully isolated — they cannot access other users’ traces or alert rules.
API Keys
Section titled “API Keys”For programmatic access (SDKs, CI/CD), use API keys instead of JWT sessions.
Creating an API Key
Section titled “Creating an API Key”- Log in to the dashboard
- Navigate to Settings → API Keys
- Click Generate New Key
- Copy the key — it is shown only once
Keys use the al_ prefix (e.g., al_abc123...). They are stored as SHA-256 hashes — AgentLens cannot recover a lost key.
Using an API Key
Section titled “Using an API Key”SDK configuration:
agentlens.configure( server_url="http://localhost:3000", api_key="al_your_key_here",)agentlens.configure({ serverUrl: "http://localhost:3000", apiKey: "al_your_key_here",});Direct API calls:
curl -H "X-API-Key: al_your_key_here" http://localhost:3000/api/tracesJWT Configuration
Section titled “JWT Configuration”# Set a strong secret for productionexport AGENTLENS_JWT_SECRET=$(openssl rand -hex 32)JWTs are HS256-signed, expire after 24 hours, and include the user’s ID and email as claims.
Security Notes
Section titled “Security Notes”- Passwords are hashed with bcrypt (cost factor 12)
- API keys are SHA-256 hashed before storage
- All data endpoints enforce per-user isolation — cross-tenant access returns 404
- SSE streams filter events by user ID — users only receive their own trace events