Configuration

All configuration is done through environment variables in .env and per-agent config.yml files. The djinn setup wizard generates most of these automatically.

Environment Variables

Required

Variable	Description	Example
`OPENROUTER_API_KEY`	OpenRouter API key (also used for memory embeddings)	`sk-or-v1-...`

That’s the only required variable when using OpenRouter. Everything else has defaults.

When AUTH_ENABLED=true, the following are also required:

Variable	Description	Generated By
`AUTH_SECRET_KEY`	JWT signing key (HS256)	`djinn setup` or `python3 -c "import secrets; print(secrets.token_urlsafe(64))"`
`ENGINE_INTERNAL_TOKEN`	Service-to-service auth token	`djinn setup` or `python3 -c "import secrets; print(secrets.token_urlsafe(32))"`

LLM Providers

Variable	Provider
`OPENROUTER_API_KEY`	OpenRouter (access to all models)
`ANTHROPIC_API_KEY`	Anthropic (Claude)
`OPENAI_API_KEY`	OpenAI (GPT)
`GEMINI_API_KEY`	Google (Gemini)
`XAI_API_KEY`	xAI (Grok)
`GROQ_API_KEY`	Groq
`MISTRAL_API_KEY`	Mistral
`CEREBRAS_API_KEY`	Cerebras
`AZURE_OPENAI_API_KEY`	Azure OpenAI
`HF_TOKEN`	Hugging Face

Services

Variable	Default	Description
`API_PORT`	`8000`	API server port
`DASHBOARD_PORT`	`3000`	Dashboard port
`REDIS_PORT`	`6379`	Redis port
`POSTGRES_PORT`	`5432`	PostgreSQL port
`MCPO_PORT`	`8001`	MCP proxy port

Network

Variable	Default	Description
`BIND_HOST`	`0.0.0.0`	Network bind address. Set to `127.0.0.1` when using Traefik (SSL mode), `0.0.0.0` for direct access.
`VITE_API_URL`	`http://localhost:8000`	API URL used by the dashboard. Injected at runtime — no rebuild needed for custom domains.
`DOMAIN`	`localhost`	Domain name used by Traefik for SSL certificate issuance.

Paths

Variable	Default	Description
`PIPELINES_DIR`	`./pipelines`	Pipeline YAML directory
`AGENTS_DIR`	`./agents`	Agent persona directory
`DATA_DIR`	`./data`	General data directory

Authentication

Variable	Default	Description
`AUTH_ENABLED`	`false`	Master toggle for authentication. Set to `true` for any non-local deployment.
`AUTH_SECRET_KEY`	—	Secret key for signing JWT access and refresh tokens (HS256). Required when `AUTH_ENABLED=true`.
`AUTH_TOTP_ISSUER`	`DjinnBot`	Issuer name displayed in authenticator apps when setting up 2FA.
`AUTH_ACCESS_TOKEN_TTL`	`900`	Access token lifetime in seconds (default: 15 minutes).
`AUTH_REFRESH_TOKEN_TTL`	`604800`	Refresh token lifetime in seconds (default: 7 days).

Security

Variable	Description
`SECRET_ENCRYPTION_KEY`	AES-256-GCM key for encrypting secrets at rest. Without this, secrets use an ephemeral key that resets on restart.
`ENGINE_INTERNAL_TOKEN`	Shared secret for service-to-service auth. Protects the plaintext secrets endpoint. Also accepted as a first-class API key when auth is enabled. Required when `AUTH_ENABLED=true`.
`MCPO_API_KEY`	API key protecting the mcpo tool proxy.

SSL / Traefik

These are set automatically by djinn setup when SSL is configured:

Variable	Description
`TRAEFIK_ENABLED`	Set to `true` when using Traefik reverse proxy.
`DOMAIN`	Domain name for SSL certificate (e.g. `djinn.example.com`).

The Traefik proxy also uses proxy/.env:

Variable	Description
`ACME_EMAIL`	Email for Let’s Encrypt certificate notifications.
`DOMAIN`	Domain name (same as main `.env`).

Slack

Variable	Description
`SLACK_CHANNEL_ID`	Default channel for pipeline threads
`SLACK_{AGENT}_BOT_TOKEN`	Per-agent Slack bot token
`SLACK_{AGENT}_APP_TOKEN`	Per-agent Slack app token

User Slack ID — Your Slack member ID for DM notifications from agents is configured in the dashboard under Settings > Slack, not as an environment variable.

Discord

Variable	Description
`DISCORD_CHANNEL_ID`	Default channel for pipeline threads
`DISCORD_{AGENT}_BOT_TOKEN`	Per-agent Discord bot token
`DISCORD_{AGENT}_APP_ID`	Per-agent Discord application ID (optional)

Per-agent credentials go in agents/<id>/discord.yml. See Discord Setup.

Telegram bot tokens are managed via the dashboard (Settings > Integrations > Telegram) or per-agent YAML files.

Variable	Description
`TELEGRAM_{AGENT}_BOT_TOKEN`	Per-agent Telegram bot token from BotFather

Per-agent credentials go in agents/<id>/telegram.yml. See Telegram Setup.

Signal

Variable	Default	Description
`SIGNAL_DATA_DIR`	`/jfs/signal/data`	signal-cli data directory on JuiceFS
`SIGNAL_CLI_PATH`	`signal-cli`	Path to signal-cli binary
`SIGNAL_HTTP_PORT`	`8820`	HTTP API port for signal-cli daemon

Signal is configured and linked via the dashboard (Settings > Integrations > Signal). See Signal Setup.

Variable	Default	Description
`WHATSAPP_AUTH_DIR`	`/data/whatsapp/auth`	Baileys auth state directory on JuiceFS

WhatsApp is configured and linked via the dashboard (Settings > Integrations > WhatsApp). See WhatsApp Setup.

GitHub

Variable	Description
`GITHUB_TOKEN`	Personal access token for git operations
`GITHUB_APP_ID`	GitHub App ID
`GITHUB_APP_CLIENT_ID`	GitHub App client ID
`GITHUB_APP_WEBHOOK_SECRET`	Webhook signature verification
`GITHUB_APP_PRIVATE_KEY_PATH`	Path to App private key PEM
`GITHUB_APP_NAME`	GitHub App name

Engine

Variable	Default	Description
`MOCK_RUNNER`	`false`	Use mock agent runner for testing
`USE_CONTAINER_RUNNER`	`true`	Use Docker containers for agents
`AGENT_RUNTIME_IMAGE`	`ghcr.io/basedatum/djinnbot/agent-runtime:latest`	Docker image used by the engine to spawn agent containers. Override to use a locally-built or custom image.
`LOG_LEVEL`	`INFO` (API), `DEBUG` (engine)	Logging level (`DEBUG`, `INFO`, `WARNING`, `ERROR`)
`DJINNBOT_VERSION`	`latest`	Current version (for update checking)

JuiceFS + RustFS Storage

Variable	Default	Description
`RUSTFS_ACCESS_KEY`	`djinnbot-rustfs-admin`	S3 access key for RustFS object storage.
`RUSTFS_SECRET_KEY`	`change-me-to-a-strong-secret-key`	S3 secret key for RustFS. Change in production.
`JUICEFS_VOLUME_NAME`	`djinnbot`	JuiceFS volume name (stored in Redis DB 2).
`JUICEFS_CACHE_SIZE`	`20480`	JuiceFS local read cache in MB (default 20 GB). Adjust based on available disk.
`JFS_META_URL`	`redis://redis:6379/2`	JuiceFS metadata engine URL (set in docker-compose, not `.env`).
`JFS_AGENT_CACHE_SIZE`	`2048`	Cache size in MB for agent container JuiceFS mounts.

Memory Search (QMDR / ClawVault)

These control the semantic search engine used for agent memory retrieval. Set automatically by the engine and API containers.

Variable	Default	Description
`QMD_OPENAI_API_KEY`	`${OPENROUTER_API_KEY}`	API key for embedding and reranking models.
`QMD_OPENAI_BASE_URL`	`https://openrouter.ai/api/v1`	Base URL for the embedding/reranking provider.
`QMD_EMBED_PROVIDER`	`openai`	Embedding provider type.
`QMD_OPENAI_EMBED_MODEL`	`openai/text-embedding-3-small`	Embedding model for memory vector search.
`QMD_RERANK_PROVIDER`	`openai`	Reranking provider type.
`QMD_RERANK_MODE`	`llm`	Reranking mode (`llm` for LLM-based reranking).
`QMD_OPENAI_MODEL`	`openai/gpt-4o-mini`	Model used for LLM-based reranking.
`QMD_QUERY_EXPANSION_PROVIDER`	`openai`	Provider for query expansion.

Voice — STT & TTS

Variable	Default	Description
`WHISPER_MODEL_SIZE`	`base`	faster-whisper model size (`tiny`, `base`, `small`, `medium`, `large-v3`). Larger = more accurate, slower.
`WHISPER_MODEL_DIR`	`/jfs/cache/whisper-models`	Directory for cached whisper models (persisted on JuiceFS).

Programmatic Tool Calling (PTC)

Variable	Default	Description
`PTC_ENABLED`	`false`	Enable Programmatic Tool Calling. Reduces context usage by 30-40%+ by replacing JSON tool schemas with a compact Python SDK. See Programmatic Tool Calling.
`PTC_TIMEOUT`	`120`	Default timeout in seconds for `exec_code` Python execution.

Camoufox Browser

Variable	Default	Description
`CAMOFOX_URL`	`http://127.0.0.1:9377`	Camoufox REST API URL inside agent containers.
`CAMOFOX_API_KEY`	—	Optional API key for the Camoufox instance.
`CAMOFOX_COOKIES_DIR`	`/home/agent/cookies`	Directory where granted cookie files are mounted.

Agent Configuration (config.yml)

Per-agent settings in agents/<id>/config.yml:

# LLM Models
model: anthropic/claude-sonnet-4
thinking_model: anthropic/claude-sonnet-4
thinking_level: 'off'          # off, low, medium, high
thinking_model_thinking_level: 'off'

# Context-specific model overrides
planning_model: openrouter/x-ai/grok-4.1-fast
executor_model: openrouter/x-ai/grok-4.1-fast

# Slack / Discord
thread_mode: passive            # passive or active

# Pulse (autonomous mode)
pulse_enabled: false
pulse_interval_minutes: 30
pulse_offset_minutes: 3
pulse_max_consecutive_skips: 5
pulse_container_timeout_ms: 120000
pulse_columns:
  - Backlog
  - Ready
pulse_transitions_to:
  - planning
  - ready
  - in_progress
pulse_blackouts:
  - label: Nighttime
    start_time: '23:00'
    end_time: '07:00'
    type: recurring
pulse_one_offs: []

# Agent coordination
coordination:
  max_concurrent_pulse_sessions: 2
  wake_guardrails:
    cooldown_seconds: 300
    max_daily_session_minutes: 120
    max_wakes_per_day: 12
    max_wakes_per_pair_per_day: 5

# Tool control
skills_disabled: []            # List of skill names to disable

All agent config can also be edited through the dashboard Settings and Agent pages.

Global Settings (Dashboard)

The Settings page in the dashboard provides UI access to:

Default working model — model for pipeline steps and chat
Default thinking model — model for extended reasoning
Pulse interval — global pulse frequency
Provider API keys — add/update provider credentials
Custom providers — configure OpenAI-compatible endpoints
Memory scoring — configure memory relevance weights
User provider keys — personal API keys per user (override system keys)
Authentication — manage user accounts, API keys, 2FA, and OIDC providers
API keys — generate and manage API keys for CLI and programmatic access
Two-factor authentication — enable/disable TOTP 2FA with recovery codes

CLI Reference Pipeline YAML Reference