qorven setup is the CLI equivalent of the browser wizard. If you’re SSH’d into a headless box and don’t want to expose the web UI yet, this is the shortest path from install to working chat.

Run it

sudo qorven setup
The wizard asks 8 questions, in order:
1

Instance name

What you’d call this Qorven install internally (e.g. “Acme staging”, “Home NAS”). Purely a label.
2

Admin username + password

Credentials for your web UI login. Password is stored hashed (bcrypt, cost 12). Minimum 8 characters.
3

Admin email (optional)

Used for password reset + delivery of cron/heartbeat alerts you subscribe to.
4

Web UI port

Default 443. Use 8443 for user-space (no CAP_NET_BIND_SERVICE). Use 80 to go HTTP-only (not recommended).
5

Public domain (optional)

Skip for self-signed (works on LAN). Enter a domain to trigger ACME/Let’s Encrypt at next boot.
6

Primary LLM provider

Pick from bedrock, openai, deepseek, gemini, groq, ollama, skip. You can add more later from the UI.
7

API key

Pasted here is encrypted with the install’s encryption key before it touches the database.
8

Test the connection

The wizard makes one real call to the provider to verify the key. Fails loudly if it doesn’t work — no half-configured install.

Non-interactive mode

For CI, Ansible, Terraform: 
qorven setup \
  --non-interactive \
  --admin-user "ops" \
  --admin-password "$QORVEN_ADMIN_PASSWORD" \
  --provider "openai" \
  --api-key "$OPENAI_API_KEY" \
  --web-port 443 \
  --domain "qorven.acme.com"
Every flag is optional; anything you skip uses the defaults listed above.
Don’t put secrets on the command line in production — they show up in ps. Pipe via environment variables ($OPENAI_API_KEY) as shown above, or use stdin:
echo "sk-..." | qorven setup --api-key-stdin ...

What the wizard writes

[server]
api_listen = "127.0.0.1:4200"
web_listen = "0.0.0.0:443"

[database]
dsn = "postgres://qorven@/qorven?host=/var/run/postgresql&sslmode=disable"

[auth]
token          = "<generated>"
encryption_key = "<generated>"

[tls]
mode = "auto"

# Added by `qorven setup`:
[[providers]]
name     = "openai"
type     = "openai"
api_base = "https://api.openai.com/v1"
api_key  = "<encrypted>"
enabled  = true

[instance]
name = "Acme staging"
  • users — one admin user, bcrypt password
  • agents — one prime Qor with the chosen model
  • sessions — one canonical web session for Prime (empty history)
  • provider_keys — the key you provided, encrypted

Re-running the wizard

qorven setup is idempotent. Re-running with the same admin username updates the password + email without losing data. Re-running with a new provider appends it — existing provider keys are left alone. To wipe everything and start fresh: 
sudo systemctl stop qorven
sudo -u postgres dropdb qorven && sudo -u postgres createdb -O qorven qorven
sudo qorven migrate up
sudo qorven setup
sudo systemctl start qorven

When to use the browser wizard instead

Most operators prefer the browser wizard — it has the same 8 steps with screenshots, helpful inline validation, and a one-click “test provider” for every LLM. The CLI wizard is for headless boxes or automation.

Where next

Sign in and chat

Open the URL, meet Prime.

Add more providers

Rotate keys, configure failover, add Ollama.

Connect a channel

Message your Qor from Telegram, WhatsApp, Slack.

Every wizard flag

Full CLI reference.