Skip to Content
CabinetFleetsFleet settings

Fleet settings

Fleet-wide configuration lives here: name, security posture, defaults for new machines, API keys, integrations, and the deletion flow. Owner role required for edits; Admins see read-only.

General

Editable fleet identity:

  • Name and slug (slug must be globally unique).
  • Description — shown in the fleet switcher.
  • Default timezone — used for schedule rendering and audit timestamps.
  • Default locale — used for cabinet copy and member email.

Security policies

Fleet-wide policies that override personal preferences:

  • Require 2FA for every member. Members without 2FA lose fleet access until they enroll.
  • IP allowlist for cabinet and REST. Optional CIDR list.
  • Cabinet session timeout — auto sign-out after N minutes of inactivity.
  • Default permission mode for new machines — default, strict, or bypass. See Concepts: permissions.

Default machine onboarding

Reduce manual cleanup on every cmdop connect:

  • Auto-tags applied to new machines (e.g. env:prod, team:platform).
  • Default permission rule set seeded into permissions.yaml on first heartbeat.
  • Default machine name pattern${hostname}-${short_id} if you want disambiguation.

Fleet API keys

Fleet API keys are long-lived bearer tokens scoped to one fleet. Useful for CI, headless scripts, and SDK integrations:

  • Issue — name, scopes (machines:read/write, commands:execute, files:read/write, schedules:manage, agent:invoke), optional expiry. The secret is shown exactly once.
  • Revoke — immediate; in-flight requests fail next call.
  • Rotate — issue a new key, deploy it, then revoke the old one.

Fleet API keys are different from personal API tokens — fleet keys belong to the fleet and survive member churn.

Fleet deletion

Deletion is a Soft 24-hour flow:

  1. Owner clicks Delete; the fleet is marked pending-deletion.
  2. Members lose access immediately; existing sessions terminate.
  3. After 24 hours, machines are unregistered and the fleet is purged.
  4. During the 24-hour window, any Owner can cancel.

Billing reconciles on the next cycle (proration credit if applicable).

Deleting a fleet deletes its machines’ registration. Agents will keep running locally but will fail to report in. Move machines to another fleet before deleting if you need them to keep working.

Integrations

Wire fleet events into existing tools:

  • Webhooks — POST events to a URL with HMAC-signed body.
  • Slack — channel notifications for billing, security, and schedule failures.
  • SSO — SAML / OIDC, available on team plans.

Where this data lives

These settings are stored at the fleet level and apply across the cabinet, desktop, and CLI for every member of the fleet.

Last updated on
Activity logBilling overview

CMDOP documentation — autonomous AI agents on every machine you register.

Product

Docs

Resources

Company

© 2026 Cmdop. MIT Licensed.GitHub ↗