> ## Documentation Index > Fetch the complete documentation index at: https://docs.vued.ai/llms.txt > Use this file to discover all available pages before exploring further. # Headless Daemon > Run Vued local search and MCP on external macOS, Linux, WSL, and Windows machines without Electron. The Vued headless daemon is the non-Electron local runtime for agents running on external machines such as AWS instances, CI hosts, WSL, or Windows servers. It keeps the same boundary as Vued Desktop: cloud remains the control plane, while decrypted transcript search and MCP stay local to the machine where the daemon is running. ## Install ```bash theme={null} curl -fsSL https://get.vued.ai/install.sh | sh ``` ```powershell theme={null} irm https://get.vued.ai/install.ps1 | iex ``` ```cmd theme={null} curl -fsSL https://get.vued.ai/install.cmd -o install.cmd && install.cmd && del install.cmd ``` The installer runs `vued setup`. On first use, any `vued` command that needs a configured runtime will enter the same setup flow. Interactive setup opens `https://vued.ai/cli-auth`, signs in on the website, posts the session and refresh token back to a temporary localhost callback, chooses an org, creates or stores a scoped public API key for SDK/local scope checks, unlocks or creates the account encryption recovery vault with the user's Vued encryption passphrase, starts the daemon, kicks off first sync, and writes local discovery. If the cloud session expires later, the daemon refreshes it automatically; if Supabase requires user action, `vued`, `vued status`, and `vued doctor` report `auth_required` and send interactive users through setup again. Pass `--wait-for-sync` if setup should block until the first sync attempt finishes or times out. Server installs can be made non-interactive with environment variables: ```bash theme={null} export VUED_SETUP_TOKEN="vued_user_session_jwt" export VUED_REFRESH_TOKEN="supabase_refresh_token" export VUED_ORG_ID="org_uuid" export VUED_API_KEY="vued_live_optional_existing_key" export VUED_ENCRYPTION_PASSPHRASE="existing-or-new-vued-encryption-passphrase" vued setup ``` For stricter deployments, use `--passphrase-file` or `VUED_ENCRYPTION_PASSPHRASE_FILE` instead of putting the passphrase directly in the process environment. ## Commands ```bash theme={null} vued setup vued setup --no-browser vued setup --reset vued status vued daemon start vued daemon status vued daemon logs vued doctor vued update vued update --check vued update --channel latest vued update --version x.y.z vued mcp vued uninstall ``` The daemon writes the same `local-api.json` discovery file used by the Python SDK and MCP shim. SDK local methods keep working without code changes once the daemon is running. Installed headless runtimes auto-check the release manifest once per day before normal CLI commands, similar to Homebrew. If a newer release exists for the current platform and arch, Vued verifies the SHA256 checksum, stops the daemon if needed, replaces only the installed runtime files, and restarts the daemon. Long-running protocol commands such as `vued mcp` and `vued daemon run` skip auto-update. Disable checks with `VUED_AUTO_UPDATE=0` or `--no-auto-update`. Use `vued update --check` to inspect the current manifest without installing, `vued update --force` to reinstall the current version, and `--channel` or `--version` to pin a release stream/version. The updater reads the same Supabase manifest used by the one-command installers. ## Python SDK ```python theme={null} from vued import Vued client = Vued( api_key="vued_live_...", org_id="org_uuid", ) client.ensure_daemon(start=True) results = client.search("renewal risk", limit=10) ``` `auto_start_daemon` is available but defaults to false so server processes do not spawn background services unexpectedly. ```python theme={null} client = Vued(api_key="vued_live_...", org_id="org_uuid", auto_start_daemon=True) ``` ## Local Boundary The daemon binds to `127.0.0.1`, rotates a local bearer token on startup, checks public API key scopes against the cloud API, uses the same desktop encryption recovery vault to recover the decryption identity, and stores local cache data in an encrypted SQLite database. Use Docker or a service manager for long-running production hosts, and mount a persistent data directory so the local cache and sync cursors survive restarts.