Command Center
Real-time Superbrain overview
API Keys
--
-- providers
Verified
--
keys validated
Gateway
--
--
Redis
--
--
Ollama Models
--
local inference
Worker Nodes
Loading...
Recent Logs
| Time | Level | Source | Message |
|---|
API Keys
Manage 60 provider API keys across 7 categories (encrypted at rest with AES-256)
Add Key
All Keys
| Category | Provider | Name | Status | Verified | Added | Actions |
|---|
Worker Nodes
Tailscale mesh network nodes
Add Worker
Active Nodes
Loading...
Ollama Models
Local AI models for offline inference
Pull Model
Installed Models
Loading...
Gateway Status
Multi-provider AI routing engine
Provider Status
Loading...
System Logs
Recent activity and events
| Time | Level | Source | Message |
|---|
Settings
System configuration
Change Password
Config Backup
Help & Troubleshooting
How to use the Superbrain portal and resolve common issues
Quick Start Guide
1. Adding API Keys
- Navigate to API Keys from the sidebar
- Select a provider from the dropdown (60 providers across 7 categories)
- Enter a key name (e.g. "production", "testing", "backup")
- Paste your API key and click Add
- Keys are encrypted with AES-256 before storage - raw keys are never stored
2. Bulk Import
Click Bulk Import to add multiple keys at once. Use this format (one per line):
Provider | Key Name | api-key-value
OpenAI | prod-key | sk-proj-abc123...
Anthropic | main | sk-ant-api03-xyz...
Google Gemini | default | AIzaSy...3. Verifying Keys
- Click Test on any individual key to verify it against the provider's live API
- Click Verify All Keys to batch-test every active key sequentially
- Supported providers show valid or invalid
- Providers without a test endpoint show unknown
4. Provider Categories
| Category | Providers (60 total) | Use Case |
|---|---|---|
| Neural Core | OpenAI, Anthropic, Google Gemini, Mistral, Groq, OpenRouter, Cohere, Together AI, DeepSeek, AI21, Aleph Alpha, Grok xAI, Perplexity Llama, Upstage, NexusRaven | LLM text generation, reasoning, and code |
| Visual Motion | Runway, Pika, Luma, Sora, HeyGen, Synthesia, Haiper, Kling AI, Hedra | Video generation, avatar creation, motion synthesis |
| Latent Space | Stability AI, Midjourney, Adobe Firefly, Leonardo.ai, Flux.ai, DALL-E 3, Recraft, Playground AI | Image generation, editing, and visual design |
| Recursive Search | Serper, Tavily, Perplexity, Brave Search, Exa AI, Wolfram Alpha, You.com, Bing Search | Web search, knowledge retrieval, computation |
| Sonic Intelligence | ElevenLabs, Deepgram, OpenAI Whisper, Suno, Udio, Play.ht, Murf AI, AssemblyAI | TTS, STT, voice cloning, music generation |
| Infrastructure | Pinecone, ChromaDB, Weaviate, Supabase, Firebase, Upstash, MongoDB Atlas, Qdrant | Vector databases, storage, backend services |
| Agentic Ops | Vercel, Railway, Lambda Labs, Anyscale, Replicate, LangSmith, Hugging Face, AWS Bedrock | Deployment, orchestration, MLOps, inference |
5. Gateway Routing
The Superbrain Gateway (port 4000) auto-routes requests to the best available provider based on the keys you've configured. Add multiple keys per provider for redundancy and load balancing. The gateway uses Redis for caching and rate-limit tracking.
6. Worker Nodes
Register Tailscale mesh nodes under Workers. Each worker sends heartbeats with CPU/RAM metrics. Roles: worker, orchestrator, specialist, backup.
7. Ollama (Local Models)
Pull and manage local LLM models under Ollama. These run on the server without needing an API key. Good for private/offline inference. Start with small models like phi3:mini or qwen2:0.5b.
API Reference
Authentication
POST /auth/login
Body: { "username": "admin", "password": "your-password" }
Response: { "token": "jwt-token-here", "user": {...} }
# Use token in all subsequent requests:
Authorization: Bearer <token>Key Management
# List all keys (masked)
GET /api/keys
# Add a single key
POST /api/keys
Body: { "provider": "OpenAI", "key_name": "prod", "api_key": "sk-..." }
# Bulk add multiple keys
POST /api/keys/bulk
Body: { "keys": [{ "provider": "...", "key_name": "...", "api_key": "..." }, ...] }
# Get key details (with masked key)
GET /api/keys/:id
# Update a key
PUT /api/keys/:id
Body: { "api_key": "new-key", "is_active": true, "notes": "..." }
# Verify a single key against provider API
POST /api/keys/:id/verify
# Verify all active keys
POST /api/keys/verify-all
# Delete a key
DELETE /api/keys/:idDashboard & System
# Full dashboard data
GET /api/dashboard
# Health check (no auth)
GET /health
# System logs
GET /api/logs
# Export config (keys stay encrypted)
GET /api/config/export
# Import config
POST /api/config/import
Body: { "keys": [...], "workers": [...] }Troubleshooting
Key verification shows "invalid" but the key works elsewhere +
- Check if the key has IP restrictions in the provider dashboard. The server's public IP must be allowed.
- Some providers require a billing/payment method before keys activate (OpenAI, Anthropic).
- For Anthropic keys: ensure you've accepted TOS in the console.
- For Google Gemini: the Generative Language API must be enabled in your GCP project.
- Network: the container needs outbound HTTPS. Check
docker logs superbrain-portal. - Try the key manually:
curl -H "Authorization: Bearer YOUR_KEY" https://api.openai.com/v1/models
Gateway shows "unreachable" on the dashboard +
- Verify container is running:
docker ps | grep gateway - Check logs:
docker logs superbrain-gateway --tail 30 - Ensure Redis is healthy:
docker exec superbrain-redis redis-cli -a YOUR_PASS ping - Internal networking: portal reaches gateway via
http://gateway:4000on the Docker bridge. Verify both are on thesuperbrainnetwork. - Restart:
docker compose restart gateway
Login fails with correct password +
- The initial admin password comes from
SUPERBRAIN_ADMIN_PASSin your.envfile. - If you changed the password via the UI, the
.envvalue is no longer used. - To reset:
docker exec superbrain-portal rm /app/data/portal.dbthendocker compose restart portal. This recreates the admin account with the .env password. - JWT tokens expire after 24h. Log out and back in if you see auth errors.
Ollama model pull is stuck or fails +
- Large models (7B+) take time to download. Watch progress:
docker logs -f superbrain-ollama - Default RAM limit is 2GB. For larger models, increase
deploy.resources.limits.memoryin docker-compose.yml. - Check disk space:
docker exec superbrain-ollama df -h /root/.ollama - Start small: try
qwen2:0.5borphi3:minifirst.
Keys show "unknown" verification status +
Some providers lack a simple auth-check endpoint. These will show "unknown" after verification:
- Visual Motion providers (Runway, Pika, Luma, Sora, etc.) - no standard REST auth endpoint
- Infrastructure providers (Supabase, Firebase, MongoDB Atlas) - require project-specific URLs to validate
- Music providers (Suno, Udio) - no public API available
- Some Agentic providers (Vercel, Railway, Lambda Labs) - use OAuth or project-scoped tokens
For these, test manually via the provider's own dashboard or CLI tools.
How to backup and restore all configuration +
- Go to Settings > Config Backup and click Export Config
- This downloads a JSON file with all keys (encrypted) and worker definitions
- To restore: click Import Config and select the JSON file
- Important: the
ENCRYPTION_KEYenv var must match on both instances for key decryption to work - Direct DB backup:
docker cp superbrain-portal:/app/data/portal.db ./portal-backup.db
Container won't start or keeps restarting +
# Check what's happening
docker logs superbrain-portal --tail 50
# Check health status
docker inspect superbrain-portal --format='{{.State.Health.Status}}'
# Rebuild from scratch
cd /opt/superbrain
docker compose build portal --no-cache
docker compose up -d portal
# Nuclear option - full stack restart
docker compose down && docker compose up -dHow to access the portal from an external network +
- Caddy reverse proxy handles HTTPS automatically on ports 80/443
- Point your domain's DNS A record to the server's public IP
- Update
/opt/superbrain/caddy/Caddyfilewith your domain - For Tailscale: the portal is directly accessible at
http://<tailscale-ip>:5000 - Do NOT expose port 5000 directly to the internet without Caddy/TLS in front
Redis connection errors in logs +
- Check Redis is running:
docker ps | grep redis - Verify the password matches: the
REDIS_PASSWORDin.envmust match what Redis was started with - Test connectivity:
docker exec superbrain-redis redis-cli -a YOUR_PASS ping - If Redis data is corrupted:
docker compose down redis && docker volume rm superbrain_redis-data && docker compose up -d redis