LibreFang
中文

LibreFang Configuration Reference

Complete reference for config.toml, covering every configurable field in the LibreFang Agent OS.

Table of Contents

Overview

LibreFang reads its configuration from a single TOML file:

~/.librefang/config.toml

On Windows, ~ resolves to C:\Users\<username>. If the home directory cannot be determined, the system temp directory is used as a fallback.

Key behaviors:

  • Every struct in the configuration uses #[serde(default)], which means all fields are optional. Omitted fields receive their documented default values.
  • Channel sections ([channels.telegram], [channels.discord], etc.) are Option<T> -- when absent, the channel adapter is disabled. Including the section header (even empty) enables the adapter with defaults.
  • Secrets are never stored in config.toml directly. Instead, fields like api_key_env and bot_token_env hold the name of an environment variable that contains the actual secret. This prevents accidental exposure in version control.
  • Sensitive fields (api_key, shared_secret) are automatically redacted in debug output and logs.

Config Include Mechanism

LibreFang supports splitting configuration across multiple files using the include field. This enables modular configs (e.g., separate files for channels, MCP servers, or environment-specific overrides).

# ~/.librefang/config.toml
include = ["channels.toml", "mcp.toml", "overrides/prod.toml"]

Rules:

  • Paths are relative to the directory containing the root config file.
  • Absolute paths are rejected with an error at startup.
  • .. path traversal components are rejected for security.
  • Maximum include nesting depth: 10 levels.
  • Include files are deep-merged before the root config. Root config values always override values from included files.
  • Include files can themselves contain include arrays (subject to the depth limit).

This mechanism is useful for keeping secrets in a separate file with stricter filesystem permissions, or for sharing a base config across multiple environments.

Minimal Configuration

The simplest working configuration only needs an LLM provider API key set as an environment variable. With no config file at all, LibreFang boots with Anthropic as the default provider:

# ~/.librefang/config.toml
# Minimal: just override the model if you want something other than defaults.
# Set ANTHROPIC_API_KEY in your environment.

[default_model]
provider = "anthropic"
model = "claude-sonnet-4-20250514"
api_key_env = "ANTHROPIC_API_KEY"

Or to use a local Ollama instance with no API key:

[default_model]
provider = "ollama"
model = "llama3.2:latest"
base_url = "http://localhost:11434"
api_key_env = ""

Full Example

# ============================================================
# LibreFang Agent OS -- Complete Configuration Reference
# ============================================================

# --- Top-level fields ---
home_dir = "~/.librefang"             # LibreFang home directory
data_dir = "~/.librefang/data"        # SQLite databases and data files
log_level = "info"                    # trace | debug | info | warn | error
api_listen = "127.0.0.1:4545"        # HTTP/WS API bind address
network_enabled = false               # Enable OFP peer-to-peer network
api_key = ""                          # API Bearer token (empty = unauthenticated)
dashboard_user = ""                   # Dashboard login username (empty = no login required)
dashboard_pass = ""                   # Dashboard login password (supports vault:KEY syntax)
mode = "default"                      # stable | default | dev
language = "en"                       # Locale for CLI/messages
usage_footer = "full"                 # off | tokens | cost | full
prompt_caching = true                 # Enable LLM prompt caching
stable_prefix_mode = false            # Reduce prompt cache invalidation
max_cron_jobs = 500                   # Global max cron jobs
cors_origin = []                      # CORS allowed origins
include = []                          # Config file includes

[provider_urls]
# ollama = "http://192.168.1.100:11434/v1"

[provider_api_keys]
# nvidia = "NVIDIA_API_KEY"

[provider_regions]
# qwen = "intl"        # Use Qwen international endpoint (dashscope-intl)
# minimax = "china"    # Use MiniMax China endpoint (MINIMAX_CN_API_KEY)

# --- Default LLM Provider ---
[default_model]
provider = "anthropic"
model = "claude-sonnet-4-20250514"
api_key_env = "ANTHROPIC_API_KEY"
# base_url = "https://api.anthropic.com"  # Optional override

# --- Fallback Providers ---
[[fallback_providers]]
provider = "ollama"
model = "llama3.2:latest"
api_key_env = ""
# base_url = "http://localhost:11434"  # Uses catalog default if omitted

[[fallback_providers]]
provider = "groq"
model = "llama-3.3-70b-versatile"
api_key_env = "GROQ_API_KEY"

# --- Memory ---
[memory]
# sqlite_path = "~/.librefang/data/librefang.db"  # Auto-resolved if omitted
embedding_model = "all-MiniLM-L6-v2"
consolidation_threshold = 10000
decay_rate = 0.1

# --- Network (OFP Wire Protocol) ---
[network]
listen_addresses = ["/ip4/0.0.0.0/tcp/0"]
bootstrap_peers = []
mdns_enabled = true
max_peers = 50
shared_secret = ""                    # Required when network_enabled = true

# --- Web Tools ---
[web]
search_provider = "auto"              # auto | brave | tavily | perplexity | duckduckgo
cache_ttl_minutes = 15

[web.brave]
api_key_env = "BRAVE_API_KEY"
max_results = 5
country = ""
search_lang = ""
freshness = ""

[web.tavily]
api_key_env = "TAVILY_API_KEY"
search_depth = "basic"                # basic | advanced
max_results = 5
include_answer = true

[web.perplexity]
api_key_env = "PERPLEXITY_API_KEY"
model = "sonar"

[web.fetch]
max_chars = 50000
max_response_bytes = 10485760         # 10 MB
timeout_secs = 30
readability = true

# --- Media Understanding ---
[media]
image_description = true
audio_transcription = true
video_description = false
max_concurrency = 2
# image_provider = "openai"
# audio_provider = "openai"

# --- Link Understanding ---
[links]
enabled = false
max_links = 3
max_content_bytes = 102400
timeout_secs = 10

# --- MCP Servers ---
[[mcp_servers]]
name = "filesystem"
timeout_secs = 30
env = []
[mcp_servers.transport]
type = "stdio"
command = "npx"
args = ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"]

[[mcp_servers]]
name = "remote-tools"
timeout_secs = 60
env = ["REMOTE_API_KEY"]
[mcp_servers.transport]
type = "sse"
url = "https://mcp.example.com/events"

[[mcp_servers]]
name = "my-http-backend"
timeout_secs = 30
[mcp_servers.transport]
type = "http_compat"
base_url = "https://tools.example.com"
headers = [{name = "Authorization", value_env = "MY_API_KEY"}]
[[mcp_servers.transport.tools]]
name = "search"
description = "Search documents"
path = "/search"
method = "post"

# --- A2A Protocol ---
[a2a]
enabled = false
name = "LibreFang Agent OS"
description = ""
listen_path = "/a2a"

[[a2a.external_agents]]
name = "research-agent"
url = "https://agent.example.com/.well-known/agent.json"

# --- RBAC Users ---
[[users]]
name = "Alice"
role = "owner"                        # owner | admin | user | viewer
api_key_hash = ""
[users.channel_bindings]
telegram = "123456"
discord = "987654321"

[[users]]
name = "Bob"
role = "user"
[users.channel_bindings]
slack = "U0123ABCDEF"

# --- Channel Adapters ---
# (See "Channels" section below for all 44 adapters)

[channels.telegram]
bot_token_env = "TELEGRAM_BOT_TOKEN"
allowed_users = []
# default_agent = "assistant"
poll_interval_secs = 1

[channels.discord]
bot_token_env = "DISCORD_BOT_TOKEN"
allowed_guilds = []
intents = 37376

[channels.slack]
app_token_env = "SLACK_APP_TOKEN"
bot_token_env = "SLACK_BOT_TOKEN"
allowed_channels = []

# [channels.qq]
# app_id = "your-app-id"
# app_secret_env = "QQ_BOT_APP_SECRET"

# [channels.wecom]
# corp_id = "your-corp-id"
# agent_id = "your-agent-id"
# secret_env = "WECOM_SECRET"
# webhook_port = 8454

# [channels.wechat]
# bot_token_env = "WECHAT_BOT_TOKEN"   # optional: skip QR login on restart
# default_agent = "assistant"
# allowed_users = []

# --- Browser Automation ---
[browser]
headless = true
viewport_width = 1280
viewport_height = 720
timeout_secs = 30
idle_timeout_secs = 300
max_sessions = 5

# --- Config Hot-Reload ---
[reload]
mode = "hybrid"                       # off | restart | hot | hybrid
debounce_ms = 500

# --- Shell Exec Policy ---
[exec_policy]
mode = "allowlist"                    # deny | allowlist | full
timeout_secs = 30
max_output_bytes = 102400
no_output_timeout_secs = 30

# --- Budget ---
[budget]
max_hourly_usd = 0.0
max_daily_usd = 0.0
max_monthly_usd = 0.0
alert_threshold = 0.8
default_max_llm_tokens_per_hour = 0

# --- Extended Thinking ---
[thinking]
budget_tokens = 10000
stream_thinking = false

# --- TTS ---
[tts]
enabled = false
max_text_length = 4096
timeout_secs = 30

[tts.openai]
voice = "alloy"
model = "tts-1"
format = "mp3"
speed = 1.0

# --- Docker Sandbox ---
[docker]
enabled = false
image = "python:3.12-slim"
network = "none"
memory_limit = "512m"
cpu_limit = 1.0
timeout_secs = 60
read_only_root = true
mode = "off"                          # off | non_main | all
scope = "session"                     # session | agent | shared
cap_add = []                          # e.g., ["NET_ADMIN"]
tmpfs = ["/tmp:size=64m"]
pids_limit = 100

# --- Vault ---
[vault]
enabled = true
# path = "~/.librefang/vault.enc"

# --- Webhook Triggers ---
[webhook_triggers]
enabled = false
token_env = "LIBREFANG_WEBHOOK_TOKEN"
max_payload_bytes = 65536
rate_limit_per_minute = 30

# --- HTTP Proxy ---
[proxy]
# http_proxy = "http://proxy.corp.example:8080"
# https_proxy = "http://proxy.corp.example:8080"
# no_proxy = "localhost,127.0.0.1,.internal.corp"

# --- Session ---
[session]
retention_days = 0
max_sessions_per_agent = 0
cleanup_interval_hours = 24

# --- Queue ---
[queue]
max_depth_per_agent = 0
max_depth_global = 0
task_ttl_secs = 3600

[queue.concurrency]
main_lane = 3
cron_lane = 2
subagent_lane = 3

# --- Audit ---
[audit]
retention_days = 90

# --- External Auth (OAuth2/OIDC) ---
[external_auth]
enabled = false
# issuer_url = "https://accounts.google.com"
# client_id = "your-client-id"
# client_secret_env = "LIBREFANG_OAUTH_CLIENT_SECRET"

# --- Vertex AI ---
[vertex_ai]
# project_id = "my-gcp-project"
# region = "us-central1"
# credentials_path = "/path/to/service-account.json"

# --- Context Engine ---
[context_engine]
engine = "default"
# plugin = "qdrant-recall"

# --- Plugins ---
[plugins]
plugin_registries = []

Section Reference

Top-Level Fields

These fields sit at the root of config.toml (not inside any [section]).

FieldTypeDefaultDescription
home_dirpath~/.librefangLibreFang home directory. Stores config, agents, skills.
data_dirpath~/.librefang/dataDirectory for SQLite databases and persistent data.
log_levelstring"info"Log verbosity. One of: trace, debug, info, warn, error.
api_listenstring"127.0.0.1:4545"Bind address for the HTTP/WebSocket/SSE API server. Alias: listen_addr.
network_enabledboolfalseEnable the OFP peer-to-peer network layer.
api_keystring"" (empty)API authentication key. When set, all endpoints except /api/health require Authorization: Bearer <key>. Empty means unauthenticated (local development only).
cors_originlist of strings[]CORS allowed origins added to the allow list (in addition to localhost). E.g., ["https://dash.example.com"].
modestring"default"Kernel operating mode. See below.
languagestring"en"Language/locale code for CLI output and system messages.
usage_footerstring"full"Controls usage info appended to responses. See below.
prompt_cachingbooltrueEnable LLM provider prompt caching. Adds cache hints to system prompts (Anthropic: cache_control, OpenAI: automatic prefix caching).
stable_prefix_modeboolfalseWhen enabled, avoids volatile system-prompt additions (recalled memory, canonical context) that change every turn, improving provider-side prompt cache hit rates.
max_cron_jobsusize500Global maximum number of cron jobs across all agents.
workspaces_dirpath or nullnullRoot directory for agent workspaces. Defaults to ~/.librefang/workspaces.
includelist of strings[]Config file includes (relative paths). See Config Include Mechanism.
provider_urlsmap of string→string{}Provider base URL overrides. Maps provider ID to custom base URL (e.g., ollama = "http://192.168.1.100:11434/v1"). Useful for self-hosted or proxied endpoints.
provider_api_keysmap of string→string{}Provider API key env var overrides. Maps provider ID to the name of an environment variable holding the key (e.g., nvidia = "NVIDIA_API_KEY"). When not set for a provider, the convention {PROVIDER_UPPER}_API_KEY is used.
provider_regionsmap of string→string{}Provider region selection. Maps provider ID to a region name defined in the provider's registry TOML (e.g., qwen = "intl"). Overrides the provider's base URL and optionally its API key env var. Applied before provider_urls (lower priority).

mode values:

ValueBehavior
stableConservative: no auto-updates, pinned models, frozen skill registry. Uses FallbackDriver.
defaultBalanced: standard operation.
devDeveloper: experimental features enabled.

usage_footer values:

ValueBehavior
offNo usage information shown.
tokensShow token counts only.
costShow estimated cost only.
fullShow both token counts and estimated cost (default).

[default_model]

Configures the primary LLM provider used when agents do not specify their own model.

[default_model]
provider = "anthropic"
model = "claude-sonnet-4-20250514"
api_key_env = "ANTHROPIC_API_KEY"
# base_url = "https://api.anthropic.com"
FieldTypeDefaultDescription
providerstring"anthropic"Provider name. Supported: anthropic, gemini, openai, groq, openrouter, deepseek, together, mistral, fireworks, ollama, vllm, lmstudio, perplexity, cohere, ai21, cerebras, sambanova, huggingface, xai, replicate.
modelstring"claude-sonnet-4-20250514"Model identifier. Aliases like sonnet, haiku, gpt-4o, gemini-flash are resolved by the model catalog.
api_key_envstring"ANTHROPIC_API_KEY"Name of the environment variable holding the API key. The actual key is read from this env var at runtime, never stored in config.
base_urlstring or nullnullOverride the API base URL. Useful for proxies or self-hosted endpoints. When null, the provider's default URL from the model catalog is used.

[memory]

Configures the SQLite-backed memory substrate, including vector embeddings and memory decay.

[memory]
# sqlite_path = "/custom/path/librefang.db"
embedding_model = "all-MiniLM-L6-v2"
consolidation_threshold = 10000
decay_rate = 0.1
FieldTypeDefaultDescription
sqlite_pathpath or nullnullExplicit path to the SQLite database file. When null, defaults to {data_dir}/librefang.db.
embedding_modelstring"all-MiniLM-L6-v2"Model name used for generating vector embeddings for semantic memory search.
embedding_providerstring or nullnullEmbedding provider (e.g., "openai", "ollama"). Auto-detected if null.
embedding_api_key_envstring or nullnullEnvironment variable name holding the API key for the embedding provider.
consolidation_thresholdu6410000Number of stored memories before automatic consolidation is triggered to merge and prune old entries.
consolidation_interval_hoursu6424How often memory consolidation runs (hours). 0 = disabled.
decay_ratef320.1Memory confidence decay rate. 0.0 = no decay (memories never fade), 1.0 = aggressive decay. Values between 0.0 and 1.0.

[network]

Configures the OFP (LibreFang Protocol) peer-to-peer networking layer with HMAC-SHA256 mutual authentication.

[network]
listen_addresses = ["/ip4/0.0.0.0/tcp/0"]
bootstrap_peers = []
mdns_enabled = true
max_peers = 50
shared_secret = "my-cluster-secret"
FieldTypeDefaultDescription
listen_addresseslist of strings["/ip4/0.0.0.0/tcp/0"]libp2p multiaddresses to listen on. Port 0 means auto-assign.
bootstrap_peerslist of strings[]Multiaddresses of bootstrap peers for DHT discovery.
mdns_enabledbooltrueEnable mDNS for automatic local network peer discovery.
max_peersu3250Maximum number of simultaneously connected peers.
shared_secretstring"" (empty)Pre-shared secret for OFP HMAC-SHA256 mutual authentication. Required when network_enabled = true. Both sides must use the same secret. Redacted in logs.

[web]

Configures web search and web fetch capabilities used by agent tools.

[web]
search_provider = "auto"
cache_ttl_minutes = 15
FieldTypeDefaultDescription
search_providerstring"auto"Which search engine to use. See values below.
cache_ttl_minutesu6415Cache duration for search/fetch results in minutes. 0 = caching disabled.

search_provider values:

ValueDescription
autoCascading fallback: tries Tavily, then Brave, then Perplexity, then DuckDuckGo, based on which API keys are available.
braveBrave Search API. Requires BRAVE_API_KEY.
tavilyTavily AI-native search. Requires TAVILY_API_KEY.
perplexityPerplexity AI search. Requires PERPLEXITY_API_KEY.
duckduckgoDuckDuckGo HTML scraping. No API key needed.

[web.brave]

[web.brave]
api_key_env = "BRAVE_API_KEY"
max_results = 5
country = ""
search_lang = ""
freshness = ""
FieldTypeDefaultDescription
api_key_envstring"BRAVE_API_KEY"Environment variable name holding the Brave Search API key.
max_resultsusize5Maximum number of search results to return.
countrystring""Country code for localized results (e.g., "US", "GB"). Empty = no filter.
search_langstring""Language code (e.g., "en", "fr"). Empty = no filter.
freshnessstring""Freshness filter. "pd" = past day, "pw" = past week, "pm" = past month. Empty = no filter.

[web.tavily]

[web.tavily]
api_key_env = "TAVILY_API_KEY"
search_depth = "basic"
max_results = 5
include_answer = true
FieldTypeDefaultDescription
api_key_envstring"TAVILY_API_KEY"Environment variable name holding the Tavily API key.
search_depthstring"basic"Search depth: "basic" for fast results, "advanced" for deeper analysis.
max_resultsusize5Maximum number of search results to return.
include_answerbooltrueWhether to include Tavily's AI-generated answer summary in results.

[web.perplexity]

[web.perplexity]
api_key_env = "PERPLEXITY_API_KEY"
model = "sonar"
FieldTypeDefaultDescription
api_key_envstring"PERPLEXITY_API_KEY"Environment variable name holding the Perplexity API key.
modelstring"sonar"Perplexity model to use for search queries.

[web.fetch]

[web.fetch]
max_chars = 50000
max_response_bytes = 10485760
timeout_secs = 30
readability = true
FieldTypeDefaultDescription
max_charsusize50000Maximum characters returned in fetched content. Content exceeding this is truncated.
max_response_bytesusize10485760 (10 MB)Maximum HTTP response body size in bytes.
timeout_secsu6430HTTP request timeout in seconds.
readabilitybooltrueEnable HTML-to-Markdown readability extraction. When true, fetched HTML is converted to clean Markdown.

[media]

Configures media understanding (image description, audio transcription, video description) for messages that include attachments.

[media]
image_description = true
audio_transcription = true
video_description = false
max_concurrency = 2
# image_provider = "openai"   # auto-detect if omitted
# audio_provider = "openai"   # auto-detect if omitted
FieldTypeDefaultDescription
image_descriptionbooltrueEnable automatic image description for incoming image attachments.
audio_transcriptionbooltrueEnable automatic audio transcription for incoming audio attachments.
video_descriptionboolfalseEnable video description. Disabled by default (expensive and slow).
max_concurrencyusize2Maximum number of concurrent media processing tasks.
image_providerstring or nullnullPreferred provider for image description. Auto-detected from available providers if null.
audio_providerstring or nullnullPreferred provider for audio transcription. Auto-detected from available providers if null.

Configures automatic link understanding — fetching and summarizing URLs found in incoming messages.

[links]
enabled = false
max_links = 3
max_content_bytes = 102400
timeout_secs = 10
FieldTypeDefaultDescription
enabledboolfalseEnable automatic link understanding. When true, URLs in messages are fetched and their content is summarized before the agent processes the message.
max_linksusize3Maximum number of links to process per message. Additional links are ignored.
max_content_bytesusize102400 (100 KB)Maximum content size to fetch per link in bytes. Content exceeding this is truncated.
timeout_secsu6410Per-link fetch timeout in seconds.

[channels]

All 45 channel adapters are configured under [channels.<name>]. Each channel is Option<T> -- omitting the section disables the adapter entirely. Including the section header (even empty) enables it with default values.

Universal channel fields: Every channel adapter supports the following common fields in addition to its own specific fields:

FieldTypeDefaultDescription
default_agentstring or nullnullAgent name to route messages to by default.
account_idstring or nullnullUnique identifier for this bot instance. Used for multi-bot routing via [[bindings]] match rules.
overridesobject(defaults)Per-channel behavior overrides. See Channel Overrides.

[channels.telegram]

[channels.telegram]
bot_token_env = "TELEGRAM_BOT_TOKEN"
allowed_users = []
# default_agent = "assistant"
poll_interval_secs = 1
# api_url = "https://api.telegram.org"  # override for local Bot API server
# account_id = "my-telegram-bot"
FieldTypeDefaultDescription
bot_token_envstring"TELEGRAM_BOT_TOKEN"Env var holding the Telegram Bot API token.
allowed_userslist of i64[]Telegram user IDs allowed to interact. Empty = allow all.
default_agentstring or nullnullAgent name to route messages to.
poll_interval_secsu641Long-polling interval in seconds.
account_idstring or nullnullUnique bot instance identifier for multi-bot routing.
api_urlstring or nullnullOverride the Telegram Bot API base URL. Useful for local Bot API server instances. Defaults to https://api.telegram.org.
overridesobject(defaults)Per-channel behavior overrides. See Channel Overrides.

[channels.discord]

[channels.discord]
bot_token_env = "DISCORD_BOT_TOKEN"
allowed_guilds = []
# default_agent = "assistant"
intents = 37376
ignore_bots = true
# account_id = "my-discord-bot"
FieldTypeDefaultDescription
bot_token_envstring"DISCORD_BOT_TOKEN"Env var holding the Discord bot token.
allowed_guildslist of u64[]Guild (server) IDs allowed. Empty = allow all.
default_agentstring or nullnullAgent name to route messages to.
allowed_userslist of strings[]Discord user IDs allowed to interact. Empty = allow all.
intentsu6437376Gateway intents bitmask. Default = GUILD_MESSAGES | DIRECT_MESSAGES | MESSAGE_CONTENT (37376).
ignore_botsbooltrueWhen true, messages from other bots are ignored.
account_idstring or nullnullUnique bot instance identifier for multi-bot routing.
overridesobject(defaults)Per-channel behavior overrides. See Channel Overrides.

[channels.slack]

[channels.slack]
app_token_env = "SLACK_APP_TOKEN"
bot_token_env = "SLACK_BOT_TOKEN"
allowed_channels = []
# account_id = "my-slack-bot"
FieldTypeDefaultDescription
app_token_envstring"SLACK_APP_TOKEN"Env var holding the Slack app-level token (xapp-) for Socket Mode.
bot_token_envstring"SLACK_BOT_TOKEN"Env var holding the Slack bot token (xoxb-) for REST API.
allowed_channelslist of strings[]Channel IDs allowed. Empty = allow all.
default_agentstring or nullnullAgent name to route messages to.
account_idstring or nullnullUnique bot instance identifier for multi-bot routing.
overridesobject(defaults)Per-channel behavior overrides. See Channel Overrides.

[channels.whatsapp]

[channels.whatsapp]
access_token_env = "WHATSAPP_ACCESS_TOKEN"
verify_token_env = "WHATSAPP_VERIFY_TOKEN"
phone_number_id = ""
webhook_port = 8443
allowed_users = []
# gateway_url_env = "WHATSAPP_WEB_GATEWAY_URL"  # for QR/Web mode
# account_id = "my-whatsapp-bot"
# owner_numbers = []   # optional admin phone numbers
FieldTypeDefaultDescription
access_token_envstring"WHATSAPP_ACCESS_TOKEN"Env var holding the WhatsApp Cloud API access token.
verify_token_envstring"WHATSAPP_VERIFY_TOKEN"Env var holding the webhook verification token.
phone_number_idstring""WhatsApp Business phone number ID.
webhook_portu168443Port to listen for incoming webhook callbacks.
gateway_url_envstring"WHATSAPP_WEB_GATEWAY_URL"Env var holding the WhatsApp Web gateway URL. When set, outgoing messages are routed through the QR/Web gateway instead of the Cloud API.
allowed_userslist of strings[]Phone numbers allowed. Empty = allow all.
default_agentstring or nullnullAgent name to route messages to.
account_idstring or nullnullUnique bot instance identifier for multi-bot routing.
owner_numberslist of strings[]Phone numbers with administrative privileges for this bot instance.
overridesobject(defaults)Per-channel behavior overrides. See Channel Overrides.

[channels.signal]

[channels.signal]
api_url = "http://localhost:8080"
phone_number = ""
allowed_users = []
FieldTypeDefaultDescription
api_urlstring"http://localhost:8080"URL of the signal-cli REST API.
phone_numberstring""Registered phone number for the bot.
allowed_userslist of strings[]Allowed phone numbers. Empty = allow all.
default_agentstring or nullnullAgent name to route messages to.

[channels.matrix]

[channels.matrix]
homeserver_url = "https://matrix.org"
user_id = "@librefang:matrix.org"
access_token_env = "MATRIX_ACCESS_TOKEN"
allowed_rooms = []
FieldTypeDefaultDescription
homeserver_urlstring"https://matrix.org"Matrix homeserver URL.
user_idstring""Bot user ID (e.g., "@librefang:matrix.org").
access_token_envstring"MATRIX_ACCESS_TOKEN"Env var holding the Matrix access token.
allowed_roomslist of strings[]Room IDs to listen in. Empty = all joined rooms.
default_agentstring or nullnullAgent name to route messages to.

[channels.email]

[channels.email]
imap_host = "imap.gmail.com"
imap_port = 993
smtp_host = "smtp.gmail.com"
smtp_port = 587
username = "bot@example.com"
password_env = "EMAIL_PASSWORD"
poll_interval_secs = 30
folders = ["INBOX"]
allowed_senders = []
FieldTypeDefaultDescription
imap_hoststring""IMAP server hostname.
imap_portu16993IMAP server port (993 for TLS).
smtp_hoststring""SMTP server hostname.
smtp_portu16587SMTP server port (587 for STARTTLS).
usernamestring""Email address for both IMAP and SMTP.
password_envstring"EMAIL_PASSWORD"Env var holding the email password or app password.
poll_interval_secsu6430IMAP polling interval in seconds.
folderslist of strings["INBOX"]IMAP folders to monitor.
allowed_senderslist of strings[]Only process emails from these senders. Empty = all.
default_agentstring or nullnullAgent name to route messages to.

[channels.teams]

[channels.teams]
app_id = ""
app_password_env = "TEAMS_APP_PASSWORD"
webhook_port = 3978
allowed_tenants = []
FieldTypeDefaultDescription
app_idstring""Azure Bot App ID.
app_password_envstring"TEAMS_APP_PASSWORD"Env var holding the Azure Bot Framework app password.
webhook_portu163978Port for the Bot Framework incoming webhook.
allowed_tenantslist of strings[]Azure AD tenant IDs allowed. Empty = allow all.
default_agentstring or nullnullAgent name to route messages to.

[channels.mattermost]

[channels.mattermost]
server_url = "https://mattermost.example.com"
token_env = "MATTERMOST_TOKEN"
allowed_channels = []
FieldTypeDefaultDescription
server_urlstring""Mattermost server URL.
token_envstring"MATTERMOST_TOKEN"Env var holding the Mattermost bot token.
allowed_channelslist of strings[]Channel IDs to listen in. Empty = all.
default_agentstring or nullnullAgent name to route messages to.

[channels.irc]

[channels.irc]
server = "irc.libera.chat"
port = 6667
nick = "librefang"
# password_env = "IRC_PASSWORD"
channels = ["#librefang"]
use_tls = false
FieldTypeDefaultDescription
serverstring"irc.libera.chat"IRC server hostname.
portu166667IRC server port.
nickstring"librefang"Bot nickname.
password_envstring or nullnullEnv var holding the server password (optional).
channelslist of strings[]IRC channels to join (e.g., ["#librefang", "#general"]).
use_tlsboolfalseUse TLS for the connection.
default_agentstring or nullnullAgent name to route messages to.

[channels.google_chat]

[channels.google_chat]
service_account_env = "GOOGLE_CHAT_SERVICE_ACCOUNT"
space_ids = []
webhook_port = 8444
FieldTypeDefaultDescription
service_account_envstring"GOOGLE_CHAT_SERVICE_ACCOUNT"Env var holding the service account JSON key.
space_idslist of strings[]Google Chat space IDs to listen in.
webhook_portu168444Port for the incoming webhook.
default_agentstring or nullnullAgent name to route messages to.

[channels.twitch]

[channels.twitch]
oauth_token_env = "TWITCH_OAUTH_TOKEN"
channels = ["mychannel"]
nick = "librefang"
FieldTypeDefaultDescription
oauth_token_envstring"TWITCH_OAUTH_TOKEN"Env var holding the Twitch OAuth token.
channelslist of strings[]Twitch channels to join (without # prefix).
nickstring"librefang"Bot nickname in Twitch chat.
default_agentstring or nullnullAgent name to route messages to.

[channels.rocketchat]

[channels.rocketchat]
server_url = "https://rocketchat.example.com"
token_env = "ROCKETCHAT_TOKEN"
user_id = ""
allowed_channels = []
FieldTypeDefaultDescription
server_urlstring""Rocket.Chat server URL.
token_envstring"ROCKETCHAT_TOKEN"Env var holding the Rocket.Chat auth token.
user_idstring""Bot user ID.
allowed_channelslist of strings[]Channel IDs to listen in. Empty = all.
default_agentstring or nullnullAgent name to route messages to.

[channels.zulip]

[channels.zulip]
server_url = "https://zulip.example.com"
bot_email = "bot@zulip.example.com"
api_key_env = "ZULIP_API_KEY"
streams = []
FieldTypeDefaultDescription
server_urlstring""Zulip server URL.
bot_emailstring""Bot email address registered in Zulip.
api_key_envstring"ZULIP_API_KEY"Env var holding the Zulip API key.
streamslist of strings[]Stream names to listen in. Empty = all.
default_agentstring or nullnullAgent name to route messages to.

[channels.xmpp]

[channels.xmpp]
jid = "bot@jabber.org"
password_env = "XMPP_PASSWORD"
server = ""
port = 5222
rooms = []
FieldTypeDefaultDescription
jidstring""XMPP JID (e.g., "bot@jabber.org").
password_envstring"XMPP_PASSWORD"Env var holding the XMPP password.
serverstring""XMPP server hostname. Defaults to the JID domain if empty.
portu165222XMPP server port.
roomslist of strings[]MUC (multi-user chat) rooms to join.
default_agentstring or nullnullAgent name to route messages to.

[channels.line]

[channels.line]
channel_secret_env = "LINE_CHANNEL_SECRET"
access_token_env = "LINE_CHANNEL_ACCESS_TOKEN"
webhook_port = 8450
FieldTypeDefaultDescription
channel_secret_envstring"LINE_CHANNEL_SECRET"Env var holding the LINE channel secret.
access_token_envstring"LINE_CHANNEL_ACCESS_TOKEN"Env var holding the LINE channel access token.
webhook_portu168450Port for the incoming webhook.
default_agentstring or nullnullAgent name to route messages to.

[channels.viber]

[channels.viber]
auth_token_env = "VIBER_AUTH_TOKEN"
webhook_url = ""
webhook_port = 8451
FieldTypeDefaultDescription
auth_token_envstring"VIBER_AUTH_TOKEN"Env var holding the Viber Bot auth token.
webhook_urlstring""Public URL for the Viber webhook endpoint.
webhook_portu168451Port for the incoming webhook.
default_agentstring or nullnullAgent name to route messages to.

[channels.messenger]

[channels.messenger]
page_token_env = "MESSENGER_PAGE_TOKEN"
verify_token_env = "MESSENGER_VERIFY_TOKEN"
webhook_port = 8452
FieldTypeDefaultDescription
page_token_envstring"MESSENGER_PAGE_TOKEN"Env var holding the Facebook page access token.
verify_token_envstring"MESSENGER_VERIFY_TOKEN"Env var holding the webhook verify token.
webhook_portu168452Port for the incoming webhook.
default_agentstring or nullnullAgent name to route messages to.

[channels.reddit]

[channels.reddit]
client_id = ""
client_secret_env = "REDDIT_CLIENT_SECRET"
username = ""
password_env = "REDDIT_PASSWORD"
subreddits = []
FieldTypeDefaultDescription
client_idstring""Reddit app client ID.
client_secret_envstring"REDDIT_CLIENT_SECRET"Env var holding the Reddit client secret.
usernamestring""Reddit bot username.
password_envstring"REDDIT_PASSWORD"Env var holding the Reddit bot password.
subredditslist of strings[]Subreddit names to monitor.
default_agentstring or nullnullAgent name to route messages to.

[channels.mastodon]

[channels.mastodon]
instance_url = "https://mastodon.social"
access_token_env = "MASTODON_ACCESS_TOKEN"
FieldTypeDefaultDescription
instance_urlstring""Mastodon instance URL (e.g., "https://mastodon.social").
access_token_envstring"MASTODON_ACCESS_TOKEN"Env var holding the Mastodon access token.
default_agentstring or nullnullAgent name to route messages to.

[channels.bluesky]

[channels.bluesky]
identifier = "mybot.bsky.social"
app_password_env = "BLUESKY_APP_PASSWORD"
service_url = "https://bsky.social"
FieldTypeDefaultDescription
identifierstring""Bluesky handle or DID.
app_password_envstring"BLUESKY_APP_PASSWORD"Env var holding the Bluesky app password.
service_urlstring"https://bsky.social"PDS (Personal Data Server) URL.
default_agentstring or nullnullAgent name to route messages to.

[channels.feishu]

[channels.feishu]
app_id = ""
app_secret_env = "FEISHU_APP_SECRET"
webhook_port = 8453
FieldTypeDefaultDescription
app_idstring""Feishu/Lark app ID.
app_secret_envstring"FEISHU_APP_SECRET"Env var holding the Feishu app secret.
webhook_portu168453Port for the incoming webhook.
default_agentstring or nullnullAgent name to route messages to.

[channels.revolt]

[channels.revolt]
bot_token_env = "REVOLT_BOT_TOKEN"
api_url = "https://api.revolt.chat"
FieldTypeDefaultDescription
bot_token_envstring"REVOLT_BOT_TOKEN"Env var holding the Revolt bot token.
api_urlstring"https://api.revolt.chat"Revolt API base URL.
default_agentstring or nullnullAgent name to route messages to.

[channels.nextcloud]

[channels.nextcloud]
server_url = "https://nextcloud.example.com"
token_env = "NEXTCLOUD_TOKEN"
allowed_rooms = []
FieldTypeDefaultDescription
server_urlstring""Nextcloud server URL.
token_envstring"NEXTCLOUD_TOKEN"Env var holding the Nextcloud Talk auth token.
allowed_roomslist of strings[]Room tokens to listen in. Empty = all.
default_agentstring or nullnullAgent name to route messages to.

[channels.guilded]

[channels.guilded]
bot_token_env = "GUILDED_BOT_TOKEN"
server_ids = []
FieldTypeDefaultDescription
bot_token_envstring"GUILDED_BOT_TOKEN"Env var holding the Guilded bot token.
server_idslist of strings[]Server IDs to listen in. Empty = all.
default_agentstring or nullnullAgent name to route messages to.

[channels.keybase]

[channels.keybase]
username = ""
paperkey_env = "KEYBASE_PAPERKEY"
allowed_teams = []
FieldTypeDefaultDescription
usernamestring""Keybase username.
paperkey_envstring"KEYBASE_PAPERKEY"Env var holding the Keybase paper key.
allowed_teamslist of strings[]Team names to listen in. Empty = all DMs.
default_agentstring or nullnullAgent name to route messages to.

[channels.threema]

[channels.threema]
threema_id = ""
secret_env = "THREEMA_SECRET"
webhook_port = 8454
FieldTypeDefaultDescription
threema_idstring""Threema Gateway ID.
secret_envstring"THREEMA_SECRET"Env var holding the Threema API secret.
webhook_portu168454Port for the incoming webhook.
default_agentstring or nullnullAgent name to route messages to.

[channels.nostr]

[channels.nostr]
private_key_env = "NOSTR_PRIVATE_KEY"
relays = ["wss://relay.damus.io"]
FieldTypeDefaultDescription
private_key_envstring"NOSTR_PRIVATE_KEY"Env var holding the Nostr private key (nsec or hex format).
relayslist of strings["wss://relay.damus.io"]Nostr relay WebSocket URLs to connect to.
default_agentstring or nullnullAgent name to route messages to.

[channels.webex]

[channels.webex]
bot_token_env = "WEBEX_BOT_TOKEN"
allowed_rooms = []
FieldTypeDefaultDescription
bot_token_envstring"WEBEX_BOT_TOKEN"Env var holding the Webex bot token.
allowed_roomslist of strings[]Room IDs to listen in. Empty = all.
default_agentstring or nullnullAgent name to route messages to.

[channels.pumble]

[channels.pumble]
bot_token_env = "PUMBLE_BOT_TOKEN"
webhook_port = 8455
FieldTypeDefaultDescription
bot_token_envstring"PUMBLE_BOT_TOKEN"Env var holding the Pumble bot token.
webhook_portu168455Port for the incoming webhook.
default_agentstring or nullnullAgent name to route messages to.

[channels.flock]

[channels.flock]
bot_token_env = "FLOCK_BOT_TOKEN"
webhook_port = 8456
FieldTypeDefaultDescription
bot_token_envstring"FLOCK_BOT_TOKEN"Env var holding the Flock bot token.
webhook_portu168456Port for the incoming webhook.
default_agentstring or nullnullAgent name to route messages to.

[channels.twist]

[channels.twist]
token_env = "TWIST_TOKEN"
workspace_id = ""
allowed_channels = []
FieldTypeDefaultDescription
token_envstring"TWIST_TOKEN"Env var holding the Twist API token.
workspace_idstring""Twist workspace ID.
allowed_channelslist of strings[]Channel IDs to listen in. Empty = all.
default_agentstring or nullnullAgent name to route messages to.

[channels.mumble]

[channels.mumble]
host = "mumble.example.com"
port = 64738
username = "librefang"
password_env = "MUMBLE_PASSWORD"
channel = ""
FieldTypeDefaultDescription
hoststring""Mumble server hostname.
portu1664738Mumble server port.
usernamestring"librefang"Bot username in Mumble.
password_envstring"MUMBLE_PASSWORD"Env var holding the Mumble server password.
channelstring""Mumble channel to join.
default_agentstring or nullnullAgent name to route messages to.

[channels.dingtalk]

[channels.dingtalk]
access_token_env = "DINGTALK_ACCESS_TOKEN"
secret_env = "DINGTALK_SECRET"
webhook_port = 8457
FieldTypeDefaultDescription
access_token_envstring"DINGTALK_ACCESS_TOKEN"Env var holding the DingTalk webhook access token.
secret_envstring"DINGTALK_SECRET"Env var holding the DingTalk signing secret.
webhook_portu168457Port for the incoming webhook.
default_agentstring or nullnullAgent name to route messages to.

[channels.discourse]

[channels.discourse]
base_url = "https://forum.example.com"
api_key_env = "DISCOURSE_API_KEY"
api_username = "system"
categories = []
FieldTypeDefaultDescription
base_urlstring""Discourse forum base URL.
api_key_envstring"DISCOURSE_API_KEY"Env var holding the Discourse API key.
api_usernamestring"system"Discourse API username.
categorieslist of strings[]Category slugs to monitor.
default_agentstring or nullnullAgent name to route messages to.

[channels.gitter]

[channels.gitter]
token_env = "GITTER_TOKEN"
room_id = ""
FieldTypeDefaultDescription
token_envstring"GITTER_TOKEN"Env var holding the Gitter auth token.
room_idstring""Gitter room ID to listen in.
default_agentstring or nullnullAgent name to route messages to.

[channels.ntfy]

[channels.ntfy]
server_url = "https://ntfy.sh"
topic = "my-agent-topic"
token_env = "NTFY_TOKEN"
FieldTypeDefaultDescription
server_urlstring"https://ntfy.sh"ntfy server URL. Can be self-hosted.
topicstring""Topic to subscribe/publish to.
token_envstring"NTFY_TOKEN"Env var holding the auth token. Optional for public topics.
default_agentstring or nullnullAgent name to route messages to.

[channels.gotify]

[channels.gotify]
server_url = "https://gotify.example.com"
app_token_env = "GOTIFY_APP_TOKEN"
client_token_env = "GOTIFY_CLIENT_TOKEN"
FieldTypeDefaultDescription
server_urlstring""Gotify server URL.
app_token_envstring"GOTIFY_APP_TOKEN"Env var holding the Gotify app token (for sending messages).
client_token_envstring"GOTIFY_CLIENT_TOKEN"Env var holding the Gotify client token (for receiving messages via WebSocket).
default_agentstring or nullnullAgent name to route messages to.

[channels.webhook]

[channels.webhook]
secret_env = "WEBHOOK_SECRET"
listen_port = 8460
# callback_url = "https://example.com/webhook"
FieldTypeDefaultDescription
secret_envstring"WEBHOOK_SECRET"Env var holding the HMAC signing secret for verifying incoming webhooks.
listen_portu168460Port to listen for incoming webhook requests.
callback_urlstring or nullnullURL to POST outgoing messages to.
default_agentstring or nullnullAgent name to route messages to.

[channels.linkedin]

[channels.linkedin]
access_token_env = "LINKEDIN_ACCESS_TOKEN"
organization_id = ""
FieldTypeDefaultDescription
access_token_envstring"LINKEDIN_ACCESS_TOKEN"Env var holding the LinkedIn OAuth2 access token.
organization_idstring""LinkedIn organization ID for messaging.
default_agentstring or nullnullAgent name to route messages to.

[channels.qq]

QQ Bot channel adapter using the official QQ Bot Open Platform API.

[channels.qq]
app_id = "your-app-id"
app_secret_env = "QQ_BOT_APP_SECRET"
allowed_users = []
# default_agent = "assistant"
# account_id = "my-qq-bot"
FieldTypeDefaultDescription
app_idstring""QQ Bot application ID registered on the QQ Open Platform.
app_secret_envstring"QQ_BOT_APP_SECRET"Env var holding the QQ Bot application secret. The actual secret is never stored in config.
allowed_userslist of strings[]QQ user IDs allowed to interact. Empty = allow all.
default_agentstring or nullnullAgent name to route messages to.
account_idstring or nullnullUnique bot instance identifier for multi-bot routing.
overridesobject(defaults)Per-channel behavior overrides. See Channel Overrides.

[channels.wecom]

WeCom (formerly WeChat Work / Enterprise WeChat) channel adapter.

[channels.wecom]
corp_id = "your-corp-id"
agent_id = "your-agent-id"
secret_env = "WECOM_SECRET"
webhook_port = 8454
# token_env = "WECOM_TOKEN"
# encoding_aes_key_env = "WECOM_AES_KEY"
# default_agent = "assistant"
# account_id = "my-wecom-bot"
FieldTypeDefaultDescription
corp_idstring""WeCom corporation ID.
agent_idstring""WeCom application agent ID.
secret_envstring"WECOM_SECRET"Env var holding the WeCom application secret.
webhook_portu168454Port for the incoming webhook.
token_envstring or nullnullEnv var holding the callback verification token. Required for verifying incoming messages.
encoding_aes_key_envstring or nullnullEnv var holding the encoding AES key for message encryption/decryption.
default_agentstring or nullnullAgent name to route messages to.
account_idstring or nullnullUnique bot instance identifier for multi-bot routing.
overridesobject(defaults)Per-channel behavior overrides. See Channel Overrides.

[channels.wechat]

WeChat personal account channel adapter using Tencent's iLink Bot API. Connects via QR code scan — no API keys or developer accounts required.

[channels.wechat]
# bot_token_env = "WECHAT_BOT_TOKEN"  # optional: persisted token from previous session
allowed_users = []
# default_agent = "assistant"
# account_id = "my-wechat-bot"
FieldTypeDefaultDescription
bot_token_envstring"WECHAT_BOT_TOKEN"Env var holding a persisted bot token from a previous QR login session. When set, skips QR login on restart.
allowed_userslist of strings[]WeChat user IDs allowed to interact (format: hash@im.wechat). Empty = allow all.
default_agentstring or nullnullAgent name to route messages to.
account_idstring or nullnullUnique bot instance identifier for multi-bot routing.
overridesobject(defaults)Per-channel behavior overrides. See Channel Overrides.

[[mcp_servers]]

MCP (Model Context Protocol) server connections provide external tool integration. Each entry is a separate [[mcp_servers]] array element.

[[mcp_servers]]
name = "filesystem"
timeout_secs = 30
env = []

[mcp_servers.transport]
type = "stdio"
command = "npx"
args = ["-y", "@modelcontextprotocol/server-filesystem", "/home/user/docs"]

[[mcp_servers]]
name = "remote-api"
timeout_secs = 60
env = ["GITHUB_PERSONAL_ACCESS_TOKEN"]

[mcp_servers.transport]
type = "sse"
url = "https://mcp.example.com/sse"

[[mcp_servers]]
name = "my-http-backend"
timeout_secs = 30

[mcp_servers.transport]
type = "http_compat"
base_url = "https://tools.example.com"
headers = [{name = "Authorization", value_env = "MY_API_KEY"}]

[[mcp_servers.transport.tools]]
name = "search"
description = "Search documents"
path = "/search"
method = "post"
FieldTypeDefaultDescription
namestringrequiredDisplay name for this MCP server. Tools are namespaced as mcp_{name}_{tool}.
timeout_secsu6430Request timeout in seconds.
envlist of strings[]Environment variable names to pass through to the subprocess (stdio transport only).

Transport variants (tagged union on type):

typeFieldsDescription
stdiocommand (string), args (list of strings, default [])Spawn a subprocess, communicate via JSON-RPC over stdin/stdout.
sseurl (string)Connect to an HTTP Server-Sent Events endpoint.
http_compatbase_url (string), headers (list of header configs), tools (list of tool configs)Built-in compatibility adapter for plain HTTP/JSON tool backends without a native MCP server. Each tool maps to an HTTP endpoint.

http_compat header config:

FieldTypeDescription
namestringHTTP header name (e.g., "Authorization").
valuestring or nullStatic header value.
value_envstring or nullEnv var name whose value is used as the header value (preferred for secrets).

http_compat tool config:

FieldTypeDefaultDescription
namestringrequiredTool name exposed to the LLM.
descriptionstring""Tool description shown to the LLM.
pathstringrequiredHTTP path (e.g., "/search").
methodstring"post"HTTP method: get, post, put, patch, delete.
request_modestring"json_body"How arguments are sent: json_body, query, none.
response_modestring"json"Response parsing: json, text.
input_schemaobject{"type":"object"}JSON Schema for the tool's input parameters.

[a2a]

Agent-to-Agent protocol configuration, enabling inter-agent communication across LibreFang instances.

[a2a]
enabled = true
name = "LibreFang Agent OS"
description = "My production agent OS"
listen_path = "/a2a"

[[a2a.external_agents]]
name = "research-agent"
url = "https://agent.example.com/.well-known/agent.json"

[[a2a.external_agents]]
name = "code-reviewer"
url = "https://reviewer.example.com/.well-known/agent.json"
FieldTypeDefaultDescription
enabledboolfalseWhether A2A protocol is enabled.
namestring"LibreFang Agent OS"Service-level display name shown in the well-known agent card.
descriptionstring""Service-level description shown in the well-known agent card.
listen_pathstring"/a2a"URL path prefix for A2A endpoints.
external_agentslist of objects[]External A2A agents to discover and interact with.

external_agents entries:

FieldTypeDescription
namestringDisplay name for the external agent.
urlstringAgent card endpoint URL (typically /.well-known/agent.json).

[[fallback_providers]]

Fallback provider chain. When the primary LLM provider ([default_model]) fails, these are tried in order.

[[fallback_providers]]
provider = "ollama"
model = "llama3.2:latest"
api_key_env = ""
# base_url = "http://localhost:11434"

[[fallback_providers]]
provider = "groq"
model = "llama-3.3-70b-versatile"
api_key_env = "GROQ_API_KEY"
FieldTypeDefaultDescription
providerstring""Provider name (e.g., "ollama", "groq", "openai").
modelstring""Model identifier for this provider.
api_key_envstring""Env var name for the API key. Empty for local providers (ollama, vllm, lmstudio).
base_urlstring or nullnullBase URL override. Uses catalog default if null.

[[users]]

RBAC multi-user configuration. Users can be assigned roles and bound to channel platform identities.

[[users]]
name = "Alice"
role = "owner"
api_key_hash = "sha256_hash_of_api_key"

[users.channel_bindings]
telegram = "123456"
discord = "987654321"
slack = "U0ABCDEFG"
FieldTypeDefaultDescription
namestringrequiredUser display name.
rolestring"user"User role in the RBAC hierarchy.
channel_bindingsmap of string to string{}Maps channel platform names to platform-specific user IDs, binding this user identity across channels.
api_key_hashstring or nullnullSHA256 hash of the user's personal API key for authenticated API access.

Role hierarchy (highest to lowest privilege):

RoleDescription
ownerFull administrative access. Can manage all agents, users, and configuration.
adminCan manage agents and most settings. Cannot modify owner accounts.
userCan interact with agents. Limited management capabilities.
viewerRead-only access. Can view agent responses but cannot send messages.

Channel Overrides

Every channel adapter supports an [channels.<name>.overrides] sub-table that customizes agent behavior per-channel.

[channels.telegram.overrides]
model = "claude-haiku-4-5-20251001"
system_prompt = "You are a concise Telegram assistant."
dm_policy = "respond"
group_policy = "mention_only"
rate_limit_per_minute = 0
rate_limit_per_user = 10
threading = true
output_format = "telegram_html"
usage_footer = "tokens"
typing_mode = "instant"
FieldTypeDefaultDescription
modelstring or nullnullModel override for this channel. Uses the agent's default model when null.
system_promptstring or nullnullSystem prompt override for this channel.
dm_policystring"respond"How the bot handles direct messages. See below.
group_policystring"mention_only"How the bot handles group messages. See below.
rate_limit_per_minuteu320Global rate limit for this channel (messages per minute). 0 = unlimited.
rate_limit_per_useru320Maximum messages per user per minute. 0 = unlimited.
threadingboolfalseEnable thread replies (where supported by the platform).
output_formatstring or nullnullOverride output formatting. See below.
usage_footerstring or nullnullOverride usage footer mode for this channel. Values: off, tokens, cost, full.
typing_modestring or nullnullTyping indicator behavior. See below. Defaults to instant.

dm_policy values:

ValueDescription
respondRespond to all direct messages (default).
allowed_onlyOnly respond to DMs from users in the allowed list.
ignoreIgnore all direct messages.

group_policy values:

ValueDescription
allRespond to all messages in group chats.
mention_onlyOnly respond when the bot is @mentioned (default).
commands_onlyOnly respond to slash commands.
ignoreIgnore all group messages.

output_format values:

ValueDescription
markdownStandard Markdown (default).
telegram_htmlTelegram HTML subset (<b>, <i>, <code>, etc.).
slack_mrkdwnSlack mrkdwn format (*bold*, _italic_, `code`).
plain_textNo formatting markup.

typing_mode values:

ValueDescription
instantSend typing indicator immediately on message receipt (default).
messageSend typing indicator only when the first text delta arrives from the LLM.
thinkingSend typing indicator only during LLM reasoning/thinking phase.
neverNever send typing indicators.

[browser]

Configures the headless browser automation engine used by the browser_* agent tools.

[browser]
headless = true
viewport_width = 1280
viewport_height = 720
timeout_secs = 30
idle_timeout_secs = 300
max_sessions = 5
# chromium_path = "/usr/bin/chromium"
FieldTypeDefaultDescription
headlessbooltrueRun browser in headless mode (no visible window).
viewport_widthu321280Browser viewport width in pixels.
viewport_heightu32720Browser viewport height in pixels.
timeout_secsu6430Per-action timeout in seconds.
idle_timeout_secsu64300Auto-close browser session after this many seconds of inactivity.
max_sessionsusize5Maximum concurrent browser sessions.
chromium_pathstring or nullnullPath to the Chromium/Chrome binary. Auto-detected if null.

[reload]

Controls automatic config file watching and hot-reloading.

[reload]
mode = "hybrid"
debounce_ms = 500
FieldTypeDefaultDescription
modestring"hybrid"Reload mode. See below.
debounce_msu64500Debounce window in milliseconds before reloading after a file change is detected.

mode values:

ValueDescription
offNo automatic reloading. Changes require a manual restart.
restartFull daemon restart on any config change.
hotHot-reload safe sections only (channels, skills, heartbeat).
hybridHot-reload where possible; flag restart-required for sections that need it (default).

[exec_policy]

Controls which shell commands agents are allowed to execute via the exec and shell tools.

[exec_policy]
mode = "allowlist"
allowed_commands = ["git", "python3", "node"]
timeout_secs = 30
max_output_bytes = 102400
no_output_timeout_secs = 30
FieldTypeDefaultDescription
modestring"allowlist"Security mode. See below.
safe_binslist of strings["sleep","true","false","cat","sort","uniq","cut","tr","head","tail","wc","date","echo","printf","basename","dirname","pwd","env"]Commands that always bypass the allowlist check (stdin-only POSIX utilities).
allowed_commandslist of strings[]Additional commands permitted when mode = "allowlist".
timeout_secsu6430Maximum wall-clock execution time per command in seconds.
max_output_bytesusize102400Maximum combined stdout+stderr output size in bytes (100 KB default).
no_output_timeout_secsu6430Kill processes that produce no output for this many seconds. 0 = disabled.

mode values:

ValueAliasesDescription
denynone, disabledBlock all shell execution.
allowlistrestrictedOnly allow commands in safe_bins or allowed_commands (default).
fullallow, all, unrestrictedAllow all commands. Unsafe -- development use only.

[approval]

Configures which tools require explicit human approval before execution. References the ApprovalPolicy type.

[approval]
require_approval = ["shell_exec"]
timeout_secs = 60
auto_approve_autonomous = false
auto_approve = false
FieldTypeDefaultDescription
require_approvallist of strings["shell_exec"]List of tool names that pause execution and wait for human approval before proceeding.
timeout_secsu6460Timeout for approval requests in seconds.
auto_approve_autonomousboolfalseAuto-approve tools when agent is in autonomous mode.
auto_approveboolfalseAuto-approve all tool executions (unsafe, dev only).

[budget]

Sets global spending limits for LLM API costs. All limits default to 0.0 (unlimited).

[budget]
max_hourly_usd = 1.00
max_daily_usd = 10.00
max_monthly_usd = 50.00
alert_threshold = 0.8
default_max_llm_tokens_per_hour = 0
FieldTypeDefaultDescription
max_hourly_usdf640.0Maximum total LLM cost in USD per hour across all agents. 0.0 = unlimited.
max_daily_usdf640.0Maximum total LLM cost in USD per day across all agents. 0.0 = unlimited.
max_monthly_usdf640.0Maximum total LLM cost in USD per month across all agents. 0.0 = unlimited.
alert_thresholdf640.8Warning threshold as a fraction of each limit (0.0–1.0). At 0.8, warnings are logged when 80% of a limit is reached.
default_max_llm_tokens_per_houru640Global override for per-agent hourly token budget. When > 0, overrides all agents' own token limits. 0 = keep each agent's own limit.

[thinking]

Configures extended thinking (chain-of-thought reasoning) for models that support it (e.g., Claude 3.7 Sonnet with thinking mode).

[thinking]
budget_tokens = 10000
stream_thinking = false
FieldTypeDefaultDescription
budget_tokensu3210000Maximum tokens allocated for the thinking/reasoning phase.
stream_thinkingboolfalseWhether to stream thinking tokens to the client (visible in the API response stream).

[tts]

Configures text-to-speech synthesis for voice output.

[tts]
enabled = false
provider = "openai"          # openai | elevenlabs
max_text_length = 4096
timeout_secs = 30

[tts.openai]
voice = "alloy"
model = "tts-1"
format = "mp3"
speed = 1.0

[tts.elevenlabs]
voice_id = "21m00Tcm4TlvDq8ikWAM"
model_id = "eleven_monolingual_v1"
stability = 0.5
similarity_boost = 0.75

[tts] fields:

FieldTypeDefaultDescription
enabledboolfalseEnable TTS synthesis.
providerstring or nullnullDefault TTS provider: "openai" or "elevenlabs".
max_text_lengthusize4096Maximum text length in characters for a single TTS request.
timeout_secsu6430Request timeout per TTS call in seconds.

[tts.openai] fields:

FieldTypeDefaultDescription
voicestring"alloy"Voice name. Options: alloy, echo, fable, onyx, nova, shimmer.
modelstring"tts-1"TTS model: "tts-1" (fast) or "tts-1-hd" (high quality).
formatstring"mp3"Output format: mp3, opus, aac, flac.
speedf321.0Speech speed multiplier (0.25 to 4.0).

[tts.elevenlabs] fields:

FieldTypeDefaultDescription
voice_idstring"21m00Tcm4TlvDq8ikWAM"ElevenLabs voice ID (default: Rachel).
model_idstring"eleven_monolingual_v1"ElevenLabs model ID.
stabilityf320.5Voice stability (0.0–1.0). Higher = more consistent, less expressive.
similarity_boostf320.75Voice similarity boost (0.0–1.0).

[docker]

Configures the Docker container sandbox for isolated code execution.

[docker]
enabled = false
image = "python:3.12-slim"
container_prefix = "librefang-sandbox"
workdir = "/workspace"
network = "none"
memory_limit = "512m"
cpu_limit = 1.0
timeout_secs = 60
read_only_root = true
mode = "off"
scope = "session"
reuse_cool_secs = 300
idle_timeout_secs = 86400
max_age_secs = 604800
blocked_mounts = []
FieldTypeDefaultDescription
enabledboolfalseEnable Docker sandbox for code execution.
imagestring"python:3.12-slim"Docker image to use for the sandbox container.
container_prefixstring"librefang-sandbox"Prefix for container names.
workdirstring"/workspace"Working directory inside the container.
networkstring"none"Network mode: "none" (isolated), "bridge", or a custom network name.
memory_limitstring"512m"Memory limit (e.g., "256m", "1g").
cpu_limitf641.0CPU limit (e.g., 0.5, 1.0, 2.0).
timeout_secsu6460Maximum execution time per command in seconds.
read_only_rootbooltrueMount the root filesystem as read-only.
modestring"off"Activation mode. See below.
scopestring"session"Container lifecycle scope. See below.
reuse_cool_secsu64300Cooldown in seconds before a released container can be reused.
idle_timeout_secsu6486400Destroy containers after this many seconds of inactivity (24 hours default).
max_age_secsu64604800Maximum container age before forced destruction (7 days default).
blocked_mountslist of strings[]Host paths blocked from bind mounting into containers.
cap_addlist of strings[]Linux capabilities to add to the container (e.g., ["NET_ADMIN"]). Use with caution.
tmpfslist of strings["/tmp:size=64m"]tmpfs mounts inside the container. Each entry is "path:options" (e.g., "/tmp:size=128m").
pids_limitu32100Maximum number of processes inside the container. Prevents fork bombs.

mode values:

ValueDescription
offDocker sandbox disabled (default).
non_mainUse Docker only for non-main (sub) agents.
allUse Docker for all agents.

scope values:

ValueDescription
sessionOne container per session, destroyed when the session ends (default).
agentOne container per agent, reused across sessions.
sharedShared container pool across all agents.

[canvas]

Configures the Canvas (Agent-to-UI) tool that allows agents to render HTML in the dashboard.

[canvas]
enabled = false
max_html_bytes = 524288
allowed_tags = []
FieldTypeDefaultDescription
enabledboolfalseEnable the canvas tool.
max_html_bytesusize524288Maximum HTML payload size in bytes (512 KB default).
allowed_tagslist of strings[]Allowed HTML tag names for sanitization. Empty = all safe tags permitted.

[auto_reply]

Configures the background auto-reply engine that can automatically respond to incoming messages without waiting for human interaction.

[auto_reply]
enabled = false
max_concurrent = 3
timeout_secs = 120
suppress_patterns = ["/stop", "/pause"]
FieldTypeDefaultDescription
enabledboolfalseEnable the auto-reply engine.
max_concurrentusize3Maximum number of concurrent auto-reply tasks.
timeout_secsu64120Default timeout per auto-reply task in seconds.
suppress_patternslist of strings["/stop", "/pause"]Incoming message patterns that suppress auto-reply.

[broadcast]

Configures message broadcasting to route a single incoming message to multiple agents simultaneously.

[broadcast]
strategy = "parallel"
routes = { "announcement-channel" = ["agent-a", "agent-b", "agent-c"] }
FieldTypeDefaultDescription
strategystring"parallel"Delivery strategy. "parallel" = send to all agents simultaneously; "sequential" = send one at a time in order.
routesmap of string to list of strings{}Maps peer/channel identifiers to lists of agent names that receive the message.

[inbox]

File-based input inbox for async external commands. Drop text files into a watched directory and they are dispatched as messages to agents. Processed files are moved to a processed/ subdirectory to avoid redelivery.

[inbox]
enabled = true
directory = "~/.librefang/inbox/"
poll_interval_secs = 5
default_agent = "assistant"
FieldTypeDefaultDescription
enabledboolfalseEnable the inbox directory watcher.
directorystring or nullnullDirectory to watch. Defaults to $HOME_DIR/inbox/. Supports ~ expansion.
poll_interval_secsu645How often (in seconds) to scan the directory for new files. Minimum 1.
default_agentstring or nullnullAgent name to route files to when no agent: directive is found in the file.

File format: Plain text files (.txt, .md, .json, .py, etc.). The first line may contain an agent:<name> directive to target a specific agent; the rest is sent as the message body. Files without the directive use default_agent.

Safety limits: Files larger than 1 MB are skipped. Binary files (non-text extensions) are skipped. Empty files are moved to processed/ without sending.

Usage examples:

Target a specific agent:

cat > ~/.librefang/inbox/task.txt << 'EOF'
agent:code-reviewer
Please review this code for security issues:

def login(user, password):
    query = f"SELECT * FROM users WHERE name='{user}' AND pass='{password}'"
    return db.execute(query)
EOF

Send to the default agent:

echo "Summarize today's system logs" > ~/.librefang/inbox/summarize.txt

Cron job:

# crontab -e
0 9 * * * grep ERROR /var/log/app.log > ~/.librefang/inbox/daily_errors.txt

CI/CD post-build:

echo "agent:devops
Build failed, please analyze:
$(tail -100 build.log)" > ~/.librefang/inbox/build_$(date +%s).txt

Batch processing:

for doc in ~/reports/*.md; do
  cp "$doc" ~/.librefang/inbox/
done

Check inbox status:

curl -s http://127.0.0.1:4545/api/inbox/status
# {"enabled":true,"pending_count":3,"processed_count":12,...}

[[bindings]]

Agent bindings route specific channel/account/peer combinations to specific agents. More specific bindings (more non-null fields) take priority over less specific ones.

[[bindings]]
agent = "support-agent"
[bindings.match_rule]
channel = "telegram"
guild_id = "123456"

[[bindings]]
agent = "vip-agent"
[bindings.match_rule]
channel = "discord"
peer_id = "987654321"
roles = ["premium"]

Top-level fields:

FieldTypeDescription
agentstringTarget agent name or ID to route matched messages to.
match_ruleobjectMatch criteria. All specified (non-null) fields must match.

match_rule fields:

FieldTypeDefaultDescription
channelstring or nullnullChannel type to match (e.g., "discord", "telegram", "slack").
account_idstring or nullnullSpecific bot account ID within the channel (for multi-bot setups).
peer_idstring or nullnullUser/peer ID for DM routing.
guild_idstring or nullnullGuild or server ID (Discord/Slack).
roleslist of strings[]Role-based routing; user must have at least one of these roles.

Specificity scoring (higher = matched first): peer_id (+8) > guild_id (+4) > roles (+2) = account_id (+2) > channel (+1).

[pairing]

Configures device pairing for the LibreFang mobile companion app and push notifications.

[pairing]
enabled = false
max_devices = 10
token_expiry_secs = 300
push_provider = "ntfy"
ntfy_url = "https://ntfy.sh"
ntfy_topic = "my-librefang-notifications"
FieldTypeDefaultDescription
enabledboolfalseEnable device pairing.
max_devicesusize10Maximum number of paired devices.
token_expiry_secsu64300Pairing token validity in seconds (5 minutes default).
push_providerstring"none"Push notification provider: "none", "ntfy", or "gotify".
ntfy_urlstring or nullnullntfy server URL (when push_provider = "ntfy").
ntfy_topicstring or nullnullntfy topic for push notifications.

[extensions]

Configures MCP server reconnection behavior and health monitoring.

[extensions]
auto_reconnect = true
reconnect_max_attempts = 10
reconnect_max_backoff_secs = 300
health_check_interval_secs = 60
FieldTypeDefaultDescription
auto_reconnectbooltrueAutomatically reconnect to MCP servers when they disconnect.
reconnect_max_attemptsu3210Maximum reconnect attempts before giving up permanently.
reconnect_max_backoff_secsu64300Maximum backoff duration in seconds between reconnect attempts.
health_check_interval_secsu6460Interval in seconds between health checks for connected extensions.

[vault]

Configures the encrypted credential vault for storing sensitive secrets.

[vault]
enabled = true
# path = "~/.librefang/vault.enc"
FieldTypeDefaultDescription
enabledbooltrueEnable the credential vault. Auto-detected if vault.enc already exists.
pathpath or nullnullCustom vault file path. Defaults to ~/.librefang/vault.enc.

[webhook_triggers]

Enables external systems to trigger agent actions via authenticated HTTP webhooks at /hooks/wake and /hooks/agent.

[webhook_triggers]
enabled = true
token_env = "LIBREFANG_WEBHOOK_TOKEN"
max_payload_bytes = 65536
rate_limit_per_minute = 30
FieldTypeDefaultDescription
enabledboolfalseEnable webhook trigger endpoints.
token_envstring"LIBREFANG_WEBHOOK_TOKEN"Env var name holding the bearer token (NOT the token itself). Token must be ≥ 32 characters. Required when enabled = true.
max_payload_bytesusize65536Maximum incoming payload size in bytes (64 KB default).
rate_limit_per_minuteu3230Maximum webhook requests per minute per source IP.

[proxy]

Configures HTTP proxy for all outbound connections (LLM APIs, web search, MCP servers, etc.). Environment variables HTTP_PROXY, HTTPS_PROXY, and NO_PROXY are also respected as fallbacks.

[proxy]
http_proxy = "http://proxy.corp.example:8080"
https_proxy = "http://proxy.corp.example:8080"
no_proxy = "localhost,127.0.0.1,.internal.corp"
FieldTypeDefaultDescription
http_proxystring or nullnullHTTP proxy URL. Falls back to HTTP_PROXY / http_proxy env var. Credentials in URLs are redacted in logs.
https_proxystring or nullnullHTTPS proxy URL. Falls back to HTTPS_PROXY / https_proxy env var.
no_proxystring or nullnullComma-separated list of hosts/domains that bypass the proxy. Falls back to NO_PROXY / no_proxy env var.

[[sidecar_channels]]

Sidecar channel adapters allow external processes (written in any language) to act as channel adapters. Communication uses newline-delimited JSON over stdin/stdout.

[[sidecar_channels]]
name = "my-custom-channel"
command = "python3"
args = ["adapters/my_adapter.py"]
channel_type = "custom_platform"
[sidecar_channels.env]
MY_API_TOKEN = "secret"
FieldTypeDefaultDescription
namestringrequiredDisplay name for this adapter.
commandstringrequiredExecutable to run (e.g., "python3", "/usr/local/bin/my-adapter").
argslist of strings[]Arguments to pass to the command.
envmap of string to string{}Extra environment variables to pass to the subprocess.
channel_typestring or nullnullChannel type identifier. Defaults to Custom(<name>) if null.

[session]

Configures automatic cleanup of idle or excess sessions.

[session]
retention_days = 30
max_sessions_per_agent = 100
cleanup_interval_hours = 24
FieldTypeDefaultDescription
retention_daysu320Maximum age in days for idle sessions before automatic cleanup. 0 = unlimited.
max_sessions_per_agentu320Maximum number of sessions per agent (oldest pruned first). 0 = unlimited.
cleanup_interval_hoursu3224How often the background cleanup job runs in hours.

[queue]

Configures the agent command queue, including depth limits, TTL, and per-lane concurrency.

[queue]
max_depth_per_agent = 100
max_depth_global = 1000
task_ttl_secs = 3600

[queue.concurrency]
main_lane = 3
cron_lane = 2
subagent_lane = 3

[queue] fields:

FieldTypeDefaultDescription
max_depth_per_agentu320Maximum queued tasks per agent. New tasks are rejected when full. 0 = unlimited.
max_depth_globalu320Maximum total queued tasks across all agents. 0 = unlimited.
task_ttl_secsu643600Unprocessed tasks expire after this many seconds. 0 = unlimited.

[queue.concurrency] fields:

FieldTypeDefaultDescription
main_laneusize3Concurrent user message tasks.
cron_laneusize2Concurrent scheduled cron job tasks.
subagent_laneusize3Concurrent subagent invocation tasks.

[external_auth]

Configures OAuth2/OIDC external authentication, allowing users to log in via identity providers like Google, GitHub, Okta, Auth0, or Keycloak.

[external_auth]
enabled = true
issuer_url = "https://accounts.google.com"
client_id = "your-client-id.apps.googleusercontent.com"
client_secret_env = "LIBREFANG_OAUTH_CLIENT_SECRET"
redirect_url = "http://127.0.0.1:4545/api/auth/callback"
scopes = ["openid", "profile", "email"]
allowed_domains = ["example.com"]
session_ttl_secs = 86400
FieldTypeDefaultDescription
enabledboolfalseEnable external authentication.
issuer_urlstring""OIDC issuer URL for provider discovery at {issuer_url}/.well-known/openid-configuration.
client_idstring""OAuth2 client ID registered with the identity provider.
client_secret_envstring"LIBREFANG_OAUTH_CLIENT_SECRET"Env var name holding the OAuth2 client secret.
redirect_urlstring"http://127.0.0.1:4545/api/auth/callback"OAuth2 authorization code flow callback URL.
scopeslist of strings["openid","profile","email"]OAuth2 scopes to request.
allowed_domainslist of strings[]Restrict login to these email domains. Empty = allow all.
audiencestring""JWT audience claim to validate. Defaults to client_id if empty.
session_ttl_secsu6486400Session token lifetime in seconds (24 hours default).
providerslist of objects[]Multiple OIDC/OAuth2 providers. When configured, takes precedence over the single-provider fields above.

For multi-provider setups, use [[external_auth.providers]] with fields: id, display_name, issuer_url, auth_url, token_url, userinfo_url, jwks_uri, client_id, client_secret_env, redirect_url, scopes, allowed_domains, audience.

[vertex_ai]

Configures Google Cloud Vertex AI as an LLM provider.

[vertex_ai]
project_id = "my-gcp-project"
region = "us-central1"
credentials_path = "/path/to/service-account.json"

Credentials are resolved in this order:

  1. credentials_path in config (JSON string or file path)
  2. VERTEX_AI_SERVICE_ACCOUNT_JSON env var
  3. GOOGLE_APPLICATION_CREDENTIALS env var (file path)
  4. gcloud auth print-access-token CLI fallback
FieldTypeDefaultDescription
project_idstring or nullnullGCP project ID. Falls back to VERTEX_AI_PROJECT_ID, GOOGLE_CLOUD_PROJECT, or the project_id field in the service account JSON.
regionstring or nullnullGCP region for the Vertex AI endpoint. Falls back to VERTEX_AI_REGION or GOOGLE_CLOUD_REGION env var. Default: "us-central1".
credentials_pathstring or nullnullPath to a GCP service account JSON key file, or the raw JSON string.

[oauth]

Configures OAuth client IDs for PKCE (Proof Key for Code Exchange) flows used by the dashboard.

[oauth]
google_client_id = "your-google-client-id.apps.googleusercontent.com"
github_client_id = "your-github-app-client-id"
microsoft_client_id = "your-azure-app-client-id"
slack_client_id = "your-slack-app-client-id"
FieldTypeDefaultDescription
google_client_idstring or nullnullGoogle OAuth2 client ID for PKCE flow.
github_client_idstring or nullnullGitHub OAuth app client ID for PKCE flow.
microsoft_client_idstring or nullnullMicrosoft (Entra ID / Azure AD) OAuth application client ID.
slack_client_idstring or nullnullSlack OAuth app client ID.

[auth_profiles]

Configures multiple API key profiles per provider to enable key rotation when one key is rate-limited or exhausted.

[auth_profiles]
anthropic = [
  {name = "primary", api_key_env = "ANTHROPIC_API_KEY_1", priority = 0},
  {name = "secondary", api_key_env = "ANTHROPIC_API_KEY_2", priority = 1},
]
openai = [
  {name = "main", api_key_env = "OPENAI_API_KEY", priority = 0},
]

The value is a map from provider name to a list of AuthProfile objects:

FieldTypeDefaultDescription
namestringrequiredProfile name (e.g., "primary", "secondary").
api_key_envstringrequiredEnv var name holding the API key for this profile.
priorityu320Priority for key selection. Lower value = preferred.

[tool_policy]

Configures global tool access rules, groups, and recursion depth limits. References the ToolPolicy type.

[tool_policy]
subagent_max_depth = 10
subagent_max_concurrent = 5

[[tool_policy.global_rules]]
pattern = "shell_*"
effect = "deny"

[[tool_policy.groups]]
name = "web_tools"
tools = ["web_search", "web_fetch"]
FieldTypeDefaultDescription
agent_ruleslist of ToolPolicyRule[]Per-agent tool rules (highest priority, checked first).
global_ruleslist of ToolPolicyRule[]Global tool rules applied to all agents (checked after agent rules).
groupslist of ToolGroup[]Named tool groups for reuse in rules.
subagent_max_depthu3210Maximum subagent spawning depth.
subagent_max_concurrentu325Maximum concurrent subagents.

ToolPolicyRule fields:

FieldTypeDescription
patternstringGlob pattern to match tool names (e.g., "shell_*", "web_*", "mcp_github_*").
effectstring"allow" or "deny". Deny-wins: if any deny rule matches, the tool is blocked regardless of allow rules.

ToolGroup fields:

FieldTypeDescription
namestringGroup name (e.g., "web_tools", "code_tools").
toolslist of stringsTool name patterns included in this group.

[proactive_memory]

Configures proactive memory extraction (mem0-style automatic memory management). References the ProactiveMemoryConfig type.

[proactive_memory]
enabled = true
auto_memorize = true
auto_retrieve = true
max_retrieve = 10
extraction_threshold = 0.7
# extraction_model = "gpt-4o-mini"  # optional, enables LLM-powered extraction
extract_categories = ["user_preference", "important_fact", "task_context", "relationship"]
session_ttl_hours = 24
duplicate_threshold = 0.5
confidence_decay_rate = 0.01
max_memories_per_agent = 1000
FieldTypeDefaultDescription
enabledbooltrueMaster toggle — when false, the entire proactive memory subsystem is disabled.
auto_memorizebooltrueAutomatically extract and store memories after each agent execution.
auto_retrievebooltrueAutomatically retrieve relevant memories before each agent execution.
max_retrieveusize10Maximum number of memories to retrieve per query.
extraction_thresholdf320.7Confidence threshold for near-duplicate detection (0.0–1.0).
extraction_modelstring or nullnullLLM model to use for extraction. If null, uses rule-based extraction.
extract_categorieslist of strings["user_preference", "important_fact", "task_context", "relationship"]Categories to extract from conversations.
session_ttl_hoursu3224Session memory TTL in hours. Memories older than this are cleaned up before each agent execution.
duplicate_thresholdf320.5Similarity threshold for duplicate detection (0.0–1.0). Uses vector cosine similarity when embeddings are available, otherwise falls back to Jaccard word overlap.
confidence_decay_ratef640.01Confidence decay rate per day. Follows exponential decay: conf × e^(−rate × days). Default of 0.01 takes ~70 days to halve.
max_memories_per_agentusize1000Maximum memories per agent. When exceeded, oldest/lowest-confidence entries are evicted. 0 = no cap.

[context_engine]

Configures the pluggable context assembly engine that controls how agent memory is recalled and assembled into prompts.

[context_engine]
engine = "default"
# plugin = "qdrant-recall"    # resolves to ~/.librefang/plugins/qdrant-recall/

[context_engine.hooks]
# ingest = "~/.librefang/scripts/my_recall.py"
# after_turn = "~/.librefang/scripts/my_indexer.py"

[[context_engine.plugin_registries]]
name = "Official"
github_repo = "librefang/librefang-registry"
FieldTypeDefaultDescription
enginestring"default"Built-in engine name. Currently only "default" is supported.
pluginstring or nullnullPlugin name. Resolves to ~/.librefang/plugins/<name>/plugin.toml. Takes precedence over manual hooks if set.
hooks.ingeststring or nullnullPython script path for the ingest hook (called on new user message).
hooks.after_turnstring or nullnullPython script path for the after_turn hook (called after each completed turn).
plugin_registrieslist of objectsOfficial registryPlugin registries (GitHub owner/repo) to browse for installable plugins.

[audit]

Configures audit log retention.

[audit]
retention_days = 90
FieldTypeDefaultDescription
retention_daysu3290Number of days to retain audit log entries. 0 = unlimited retention.

[health_check]

Configures periodic health checks for LLM providers.

[health_check]
health_check_interval_secs = 60
FieldTypeDefaultDescription
health_check_interval_secsu6460Interval in seconds between provider health checks.

[plugins]

Configures additional plugin registries to search for installable context engine plugins.

[plugins]
plugin_registries = ["acme-corp/librefang-plugins"]
FieldTypeDefaultDescription
plugin_registrieslist of strings[]Additional GitHub owner/repo plugin registries. Merged with context_engine.plugin_registries.

Environment Variables

Complete table of all environment variables referenced by the configuration. None of these are read by the config file itself -- they are read at runtime by the kernel and channel adapters.

LLM Provider Keys

VariableUsed ByDescription
ANTHROPIC_API_KEY[default_model]Anthropic API key (Claude models).
GEMINI_API_KEYGemini driverGoogle Gemini API key. Alias: GOOGLE_API_KEY.
OPENAI_API_KEYOpenAI-compat driverOpenAI API key.
GROQ_API_KEYGroq providerGroq API key (fast Llama inference).
DEEPSEEK_API_KEYDeepSeek providerDeepSeek API key.
PERPLEXITY_API_KEYPerplexity provider / web searchPerplexity API key.
OPENROUTER_API_KEYOpenRouter providerOpenRouter API key.
TOGETHER_API_KEYTogether AI providerTogether AI API key.
MISTRAL_API_KEYMistral providerMistral AI API key.
FIREWORKS_API_KEYFireworks providerFireworks AI API key.
COHERE_API_KEYCohere providerCohere API key.
AI21_API_KEYAI21 providerAI21 Labs API key.
CEREBRAS_API_KEYCerebras providerCerebras API key.
SAMBANOVA_API_KEYSambaNova providerSambaNova API key.
HUGGINGFACE_API_KEYHugging Face providerHugging Face Inference API key.
XAI_API_KEYxAI providerxAI (Grok) API key.
REPLICATE_API_KEYReplicate providerReplicate API key.

Web Search Keys

VariableUsed ByDescription
BRAVE_API_KEY[web.brave]Brave Search API key.
TAVILY_API_KEY[web.tavily]Tavily Search API key.
PERPLEXITY_API_KEY[web.perplexity]Perplexity Search API key (shared with LLM provider).

Channel Tokens

VariableChannelDescription
TELEGRAM_BOT_TOKENTelegramBot API token from @BotFather.
DISCORD_BOT_TOKENDiscordDiscord bot token.
SLACK_APP_TOKENSlackSlack app-level token (xapp-) for Socket Mode.
SLACK_BOT_TOKENSlackSlack bot token (xoxb-) for REST API.
WHATSAPP_ACCESS_TOKENWhatsAppWhatsApp Cloud API access token.
WHATSAPP_VERIFY_TOKENWhatsAppWebhook verification token.
MATRIX_ACCESS_TOKENMatrixMatrix homeserver access token.
EMAIL_PASSWORDEmailEmail account password or app password.
TEAMS_APP_PASSWORDTeamsAzure Bot Framework app password.
MATTERMOST_TOKENMattermostMattermost bot token.
TWITCH_OAUTH_TOKENTwitchTwitch OAuth token.
ROCKETCHAT_TOKENRocket.ChatRocket.Chat auth token.
ZULIP_API_KEYZulipZulip bot API key.
XMPP_PASSWORDXMPPXMPP account password.
GOOGLE_CHAT_SERVICE_ACCOUNTGoogle ChatService account JSON key.
LINE_CHANNEL_SECRETLINELINE channel secret.
LINE_CHANNEL_ACCESS_TOKENLINELINE channel access token.
VIBER_AUTH_TOKENViberViber Bot auth token.
MESSENGER_PAGE_TOKENMessengerFacebook page access token.
MESSENGER_VERIFY_TOKENMessengerWebhook verification token.
REDDIT_CLIENT_SECRETRedditReddit app client secret.
REDDIT_PASSWORDRedditReddit bot account password.
MASTODON_ACCESS_TOKENMastodonMastodon access token.
BLUESKY_APP_PASSWORDBlueskyBluesky app password.
FEISHU_APP_SECRETFeishuFeishu/Lark app secret.
REVOLT_BOT_TOKENRevoltRevolt bot token.
NEXTCLOUD_TOKENNextcloudNextcloud Talk auth token.
GUILDED_BOT_TOKENGuildedGuilded bot token.
KEYBASE_PAPERKEYKeybaseKeybase paper key.
THREEMA_SECRETThreemaThreema Gateway API secret.
NOSTR_PRIVATE_KEYNostrNostr private key (nsec or hex).
WEBEX_BOT_TOKENWebexWebex bot token.
PUMBLE_BOT_TOKENPumblePumble bot token.
FLOCK_BOT_TOKENFlockFlock bot token.
TWIST_TOKENTwistTwist API token.
MUMBLE_PASSWORDMumbleMumble server password.
DINGTALK_ACCESS_TOKENDingTalkDingTalk webhook access token.
DINGTALK_SECRETDingTalkDingTalk signing secret.
DISCOURSE_API_KEYDiscourseDiscourse API key.
GITTER_TOKENGitterGitter auth token.
NTFY_TOKENntfyntfy auth token (optional for public topics).
GOTIFY_APP_TOKENGotifyGotify app token (sending).
GOTIFY_CLIENT_TOKENGotifyGotify client token (receiving).
WEBHOOK_SECRETWebhookHMAC signing secret for webhook verification.
LINKEDIN_ACCESS_TOKENLinkedInLinkedIn OAuth2 access token.

Validation

KernelConfig::validate() runs at boot time and returns a list of warnings (non-fatal). The kernel still starts, but logs each warning.

What is validated

For every enabled channel (i.e., its config section is present in the TOML), the validator checks that the corresponding environment variable(s) are set and non-empty:

ChannelEnv vars checked
Telegrambot_token_env
Discordbot_token_env
Slackapp_token_env, bot_token_env (both checked)
WhatsAppaccess_token_env
Matrixaccess_token_env
Emailpassword_env
Teamsapp_password_env
Mattermosttoken_env
Zulipapi_key_env
Twitchoauth_token_env
Rocket.Chattoken_env
Google Chatservice_account_env
XMPPpassword_env
LINEaccess_token_env
Viberauth_token_env
Messengerpage_token_env
Redditclient_secret_env
Mastodonaccess_token_env
Blueskyapp_password_env
Feishuapp_secret_env
Revoltbot_token_env
Nextcloudtoken_env
Guildedbot_token_env
Keybasepaperkey_env
Threemasecret_env
Nostrprivate_key_env
Webexbot_token_env
Pumblebot_token_env
Flockbot_token_env
Twisttoken_env
Mumblepassword_env
DingTalkaccess_token_env
Discourseapi_key_env
Gittertoken_env
ntfytoken_env (only if token_env is non-empty; public topics are OK without auth)
Gotifyapp_token_env
Webhooksecret_env
LinkedInaccess_token_env

For web search providers, the validator checks:

ProviderEnv var checked
braveweb.brave.api_key_env
tavilyweb.tavily.api_key_env
perplexityweb.perplexity.api_key_env
duckduckgo(no check -- no API key needed)
auto(no check -- cascading fallback handles missing keys)

What is NOT validated

  • The api_key_env in [default_model] is not checked by validate(). Missing LLM keys cause errors at runtime when the driver is first used.
  • The shared_secret in [network] is not validated against network_enabled. If networking is enabled with an empty secret, authentication will fail at connection time.
  • MCP server configurations are not validated at config load time. Connection errors surface during the background MCP connect phase.
  • Agent manifests have their own separate validation.

Some subsystems have their own configuration that is not part of config.toml but is worth noting:

Session Compaction (runtime)

Configured internally via CompactionConfig (not currently exposed in config.toml):

FieldDefaultDescription
threshold80Compact when session message count exceeds this.
keep_recent20Number of recent messages preserved verbatim after compaction.
max_summary_tokens1024Maximum tokens for the LLM summary of compacted messages.

WASM Sandbox (runtime)

Configured internally via SandboxConfig (not currently exposed in config.toml):

FieldDefaultDescription
fuel_limit1000000Maximum CPU instruction budget. 0 = unlimited.
max_memory_bytes16777216 (16 MB)Maximum WASM linear memory.
timeout_secsnull (30s fallback)Wall-clock timeout for epoch-based interruption.

Model Routing (per-agent manifest)

Configured in agent manifests via ModelRoutingConfig:

FieldDefaultDescription
simple_model"claude-haiku-4-5-20251001"Model for simple queries.
medium_model"claude-sonnet-4-20250514"Model for medium-complexity queries.
complex_model"claude-sonnet-4-20250514"Model for complex queries.
simple_threshold100Token count below which a query is classified as simple.
complex_threshold500Token count above which a query is classified as complex.

Autonomous Guardrails (per-agent manifest)

Configured in agent manifests via AutonomousConfig:

FieldDefaultDescription
quiet_hoursnullCron expression for quiet hours (agent pauses during this window).
max_iterations50Maximum tool-use iterations per invocation.
max_restarts10Maximum automatic restarts before permanent stop.
heartbeat_interval_secs30Seconds between heartbeat health checks.
heartbeat_channelnullChannel to send heartbeat status to (e.g., "telegram").