Axis Agent Management

Overview

Axis tracks agent enrollment and heartbeat state in tenant scope.

Agent policy fetch endpoint (`/api/agents/{id}/policies`) validates bearer token, tenant binding, and agent enrollment linkage.

Endpoint Assumptions

• Production auth and API host: https://axis.velikey.com (signin: https://axis.velikey.com/auth/signin).
• Non-production override: set AXIS_BASE_URL explicitly before running docs commands.
• Manual operator substitutions: provide tenant-scoped values for cookies, bearer tokens, agent IDs, and tenant slugs.

Actionable Steps

1. Generate tenant-specific install script and enroll agent.
2. Confirm visibility in `/api/agents/database` under expected tenant.
3. Validate policy pull with the matching agent token and agent ID.

# manual-only example
# production default; set AXIS_BASE_URL explicitly for staging/test.
export AXIS_BASE_URL="${AXIS_BASE_URL:-https://axis.velikey.com}"
export SESSION_COOKIE="axis-session=REDACTED"
export AGENT_ID="agent-001"
export AGENT_BEARER_TOKEN="REDACTED"

curl -fsS -H "Cookie: $SESSION_COOKIE" "$AXIS_BASE_URL/api/agents/database?agentId=$AGENT_ID" | jq
curl -fsS -H "Authorization: Bearer $AGENT_BEARER_TOKEN" "$AXIS_BASE_URL/api/agents/$AGENT_ID/policies" | jq

Validation Checks (Last Step)

# executable example
command -v bash
command -v curl
command -v jq

Agent lifecycle troubleshooting is faster when these tooling dependencies are already present.

Common Failure Modes

• Reusing bearer token from another tenant returns `401 Unauthorized` for policy fetch.
• Agent exists but enrollment linkage does not match token identity, resulting in authorization failure.
• Operators query deprecated `/api/agents` without following redirect to `/api/agents/database`.

Navigate Docs

Docs Index • Previous: Axis Auth and SSO • Next: Axis Alerts and Audit • Troubleshooting