From ca99163b9838ff412cd01040123c1ff8318c30d2 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Sun, 22 Mar 2026 21:19:28 +0000 Subject: [PATCH] perf: precompute base config schema --- package.json | 5 +- scripts/generate-base-config-schema.ts | 97 + src/config/schema-base.ts | 72 + src/config/schema.base.generated.test.ts | 13 + src/config/schema.base.generated.ts | 16291 +++++++++++++++++++++ src/config/schema.ts | 41 +- 6 files changed, 16481 insertions(+), 38 deletions(-) create mode 100644 scripts/generate-base-config-schema.ts create mode 100644 src/config/schema-base.ts create mode 100644 src/config/schema.base.generated.test.ts create mode 100644 src/config/schema.base.generated.ts diff --git a/package.json b/package.json index a845d25a919..b76d3174301 100644 --- a/package.json +++ b/package.json @@ -571,7 +571,8 @@ "build:plugin-sdk:dts": "tsc -p tsconfig.plugin-sdk.dts.json", "build:strict-smoke": "pnpm canvas:a2ui:bundle && node scripts/tsdown-build.mjs && node scripts/runtime-postbuild.mjs && pnpm build:plugin-sdk:dts", "canvas:a2ui:bundle": "bash scripts/bundle-a2ui.sh", - "check": "pnpm check:host-env-policy:swift && pnpm check:bundled-plugin-metadata && pnpm check:bundled-provider-auth-env-vars && pnpm format:check && pnpm tsgo && pnpm plugin-sdk:check-exports && pnpm lint && pnpm lint:tmp:no-random-messaging && pnpm lint:tmp:channel-agnostic-boundaries && pnpm lint:tmp:no-raw-channel-fetch && pnpm lint:agent:ingress-owner && pnpm lint:plugins:no-register-http-handler && pnpm lint:plugins:no-monolithic-plugin-sdk-entry-imports && pnpm lint:plugins:no-extension-src-imports && pnpm lint:plugins:no-extension-test-core-imports && pnpm lint:plugins:no-extension-imports && pnpm lint:plugins:plugin-sdk-subpaths-exported && pnpm lint:extensions:no-src-outside-plugin-sdk && pnpm lint:extensions:no-plugin-sdk-internal && pnpm lint:extensions:no-relative-outside-package && pnpm lint:web-search-provider-boundaries && pnpm lint:webhook:no-low-level-body-read && pnpm lint:auth:no-pairing-store-group && pnpm lint:auth:pairing-account-scope", + "check": "pnpm check:host-env-policy:swift && pnpm check:base-config-schema && pnpm check:bundled-plugin-metadata && pnpm check:bundled-provider-auth-env-vars && pnpm format:check && pnpm tsgo && pnpm plugin-sdk:check-exports && pnpm lint && pnpm lint:tmp:no-random-messaging && pnpm lint:tmp:channel-agnostic-boundaries && pnpm lint:tmp:no-raw-channel-fetch && pnpm lint:agent:ingress-owner && pnpm lint:plugins:no-register-http-handler && pnpm lint:plugins:no-monolithic-plugin-sdk-entry-imports && pnpm lint:plugins:no-extension-src-imports && pnpm lint:plugins:no-extension-test-core-imports && pnpm lint:plugins:no-extension-imports && pnpm lint:plugins:plugin-sdk-subpaths-exported && pnpm lint:extensions:no-src-outside-plugin-sdk && pnpm lint:extensions:no-plugin-sdk-internal && pnpm lint:extensions:no-relative-outside-package && pnpm lint:web-search-provider-boundaries && pnpm lint:webhook:no-low-level-body-read && pnpm lint:auth:no-pairing-store-group && pnpm lint:auth:pairing-account-scope", + "check:base-config-schema": "node --import tsx scripts/generate-base-config-schema.ts --check", "check:bundled-plugin-metadata": "node scripts/generate-bundled-plugin-metadata.mjs --check", "check:bundled-provider-auth-env-vars": "node scripts/generate-bundled-provider-auth-env-vars.mjs --check", "check:docs": "pnpm format:docs:check && pnpm lint:docs && pnpm docs:check-i18n-glossary && pnpm docs:check-links", @@ -579,6 +580,8 @@ "check:loc": "node --import tsx scripts/check-ts-max-loc.ts --max 500", "config:docs:check": "node --import tsx scripts/generate-config-doc-baseline.ts --check", "config:docs:gen": "node --import tsx scripts/generate-config-doc-baseline.ts --write", + "config:schema:check": "node --import tsx scripts/generate-base-config-schema.ts --check", + "config:schema:gen": "node --import tsx scripts/generate-base-config-schema.ts --write", "deadcode:ci": "pnpm deadcode:report:ci:knip", "deadcode:knip": "pnpm dlx knip --config knip.config.ts --isolate-workspaces --production --no-progress --reporter compact --files --dependencies", "deadcode:report": "pnpm deadcode:knip; pnpm deadcode:ts-prune; pnpm deadcode:ts-unused", diff --git a/scripts/generate-base-config-schema.ts b/scripts/generate-base-config-schema.ts new file mode 100644 index 00000000000..39d86b3ffe6 --- /dev/null +++ b/scripts/generate-base-config-schema.ts @@ -0,0 +1,97 @@ +#!/usr/bin/env node +import { spawnSync } from "node:child_process"; +import fs from "node:fs"; +import path from "node:path"; +import { fileURLToPath } from "node:url"; +import { computeBaseConfigSchemaResponse } from "../src/config/schema-base.js"; + +const GENERATED_BY = "scripts/generate-base-config-schema.ts"; +const DEFAULT_OUTPUT_PATH = "src/config/schema.base.generated.ts"; + +function readIfExists(filePath: string): string | null { + try { + return fs.readFileSync(filePath, "utf8"); + } catch { + return null; + } +} + +function formatTypeScriptModule(source: string, outputPath: string): string { + const repoRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), ".."); + const formatter = spawnSync( + process.platform === "win32" ? "pnpm.cmd" : "pnpm", + ["exec", "oxfmt", "--stdin-filepath", outputPath], + { + cwd: repoRoot, + input: source, + encoding: "utf8", + }, + ); + if (formatter.status !== 0) { + const details = + formatter.stderr?.trim() || formatter.stdout?.trim() || "unknown formatter failure"; + throw new Error(`failed to format generated base config schema: ${details}`); + } + return formatter.stdout; +} + +export function renderBaseConfigSchemaModule(params?: { generatedAt?: string }): string { + const payload = computeBaseConfigSchemaResponse({ + generatedAt: params?.generatedAt ?? new Date().toISOString(), + }); + return formatTypeScriptModule( + `// Auto-generated by ${GENERATED_BY}. Do not edit directly. + +import type { BaseConfigSchemaResponse } from "./schema-base.js"; + +export const GENERATED_BASE_CONFIG_SCHEMA = ${JSON.stringify(payload, null, 2)} as const satisfies BaseConfigSchemaResponse; +`, + DEFAULT_OUTPUT_PATH, + ); +} + +export function writeBaseConfigSchemaModule(params?: { + repoRoot?: string; + outputPath?: string; + check?: boolean; +}): { changed: boolean; wrote: boolean; outputPath: string } { + const repoRoot = path.resolve( + params?.repoRoot ?? path.resolve(path.dirname(fileURLToPath(import.meta.url)), ".."), + ); + const outputPath = path.resolve(repoRoot, params?.outputPath ?? DEFAULT_OUTPUT_PATH); + const current = readIfExists(outputPath); + const generatedAt = + current?.match(/generatedAt:\s*"([^"]+)"/u)?.[1] ?? + current?.match(/"generatedAt":\s*"([^"]+)"/u)?.[1] ?? + new Date().toISOString(); + const next = renderBaseConfigSchemaModule({ generatedAt }); + const changed = current !== next; + + if (params?.check) { + return { changed, wrote: false, outputPath }; + } + + if (changed) { + fs.writeFileSync(outputPath, next, "utf8"); + } + return { changed, wrote: changed, outputPath }; +} + +const args = new Set(process.argv.slice(2)); +if (args.has("--check") && args.has("--write")) { + throw new Error("Use either --check or --write, not both."); +} + +if (import.meta.url === new URL(process.argv[1] ?? "", "file://").href) { + const result = writeBaseConfigSchemaModule({ check: args.has("--check") }); + if (result.changed) { + if (args.has("--check")) { + console.error( + `[base-config-schema] stale generated output at ${path.relative(process.cwd(), result.outputPath)}`, + ); + process.exitCode = 1; + } else { + console.log(`[base-config-schema] wrote ${path.relative(process.cwd(), result.outputPath)}`); + } + } +} diff --git a/src/config/schema-base.ts b/src/config/schema-base.ts new file mode 100644 index 00000000000..eb3bdb87622 --- /dev/null +++ b/src/config/schema-base.ts @@ -0,0 +1,72 @@ +import { VERSION } from "../version.js"; +import type { ConfigUiHints } from "./schema.hints.js"; +import { buildBaseHints, mapSensitivePaths } from "./schema.hints.js"; +import { applyDerivedTags } from "./schema.tags.js"; +import { OpenClawSchema } from "./zod-schema.js"; + +type ConfigSchema = Record; + +type JsonSchemaObject = Record & { + properties?: Record; + required?: string[]; + additionalProperties?: JsonSchemaObject | boolean; +}; + +export type BaseConfigSchemaResponse = { + schema: ConfigSchema; + uiHints: ConfigUiHints; + version: string; + generatedAt: string; +}; + +function cloneSchema(value: T): T { + if (typeof structuredClone === "function") { + return structuredClone(value); + } + return JSON.parse(JSON.stringify(value)) as T; +} + +function asSchemaObject(value: unknown): JsonSchemaObject | null { + if (!value || typeof value !== "object" || Array.isArray(value)) { + return null; + } + return value as JsonSchemaObject; +} + +function stripChannelSchema(schema: ConfigSchema): ConfigSchema { + const next = cloneSchema(schema); + const root = asSchemaObject(next); + if (!root || !root.properties) { + return next; + } + // Allow `$schema` in config files for editor tooling, but hide it from the + // Control UI form schema so it does not show up as a configurable section. + delete root.properties.$schema; + if (Array.isArray(root.required)) { + root.required = root.required.filter((key) => key !== "$schema"); + } + const channelsNode = asSchemaObject(root.properties.channels); + if (channelsNode) { + channelsNode.properties = {}; + channelsNode.required = []; + channelsNode.additionalProperties = true; + } + return next; +} + +export function computeBaseConfigSchemaResponse(params?: { + generatedAt?: string; +}): BaseConfigSchemaResponse { + const schema = OpenClawSchema.toJSONSchema({ + target: "draft-07", + unrepresentable: "any", + }); + schema.title = "OpenClawConfig"; + const hints = applyDerivedTags(mapSensitivePaths(OpenClawSchema, "", buildBaseHints())); + return { + schema: stripChannelSchema(schema), + uiHints: hints, + version: VERSION, + generatedAt: params?.generatedAt ?? new Date().toISOString(), + }; +} diff --git a/src/config/schema.base.generated.test.ts b/src/config/schema.base.generated.test.ts new file mode 100644 index 00000000000..3f8a5820d07 --- /dev/null +++ b/src/config/schema.base.generated.test.ts @@ -0,0 +1,13 @@ +import { describe, expect, it } from "vitest"; +import { computeBaseConfigSchemaResponse } from "./schema-base.js"; +import { GENERATED_BASE_CONFIG_SCHEMA } from "./schema.base.generated.js"; + +describe("generated base config schema", () => { + it("matches the computed base config schema payload", () => { + expect( + computeBaseConfigSchemaResponse({ + generatedAt: GENERATED_BASE_CONFIG_SCHEMA.generatedAt, + }), + ).toEqual(GENERATED_BASE_CONFIG_SCHEMA); + }); +}); diff --git a/src/config/schema.base.generated.ts b/src/config/schema.base.generated.ts new file mode 100644 index 00000000000..bddd0f2e3e2 --- /dev/null +++ b/src/config/schema.base.generated.ts @@ -0,0 +1,16291 @@ +// Auto-generated by scripts/generate-base-config-schema.ts. Do not edit directly. + +import type { BaseConfigSchemaResponse } from "./schema-base.js"; + +export const GENERATED_BASE_CONFIG_SCHEMA = { + schema: { + $schema: "http://json-schema.org/draft-07/schema#", + type: "object", + properties: { + meta: { + type: "object", + properties: { + lastTouchedVersion: { + type: "string", + }, + lastTouchedAt: { + anyOf: [ + { + type: "string", + }, + {}, + ], + }, + }, + additionalProperties: false, + }, + env: { + type: "object", + properties: { + shellEnv: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + timeoutMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + vars: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + }, + additionalProperties: { + type: "string", + }, + }, + wizard: { + type: "object", + properties: { + lastRunAt: { + type: "string", + }, + lastRunVersion: { + type: "string", + }, + lastRunCommit: { + type: "string", + }, + lastRunCommand: { + type: "string", + }, + lastRunMode: { + anyOf: [ + { + type: "string", + const: "local", + }, + { + type: "string", + const: "remote", + }, + ], + }, + }, + additionalProperties: false, + }, + diagnostics: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + flags: { + type: "array", + items: { + type: "string", + }, + }, + stuckSessionWarnMs: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + otel: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + endpoint: { + type: "string", + }, + protocol: { + anyOf: [ + { + type: "string", + const: "http/protobuf", + }, + { + type: "string", + const: "grpc", + }, + ], + }, + headers: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + serviceName: { + type: "string", + }, + traces: { + type: "boolean", + }, + metrics: { + type: "boolean", + }, + logs: { + type: "boolean", + }, + sampleRate: { + type: "number", + minimum: 0, + maximum: 1, + }, + flushIntervalMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + cacheTrace: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + filePath: { + type: "string", + }, + includeMessages: { + type: "boolean", + }, + includePrompt: { + type: "boolean", + }, + includeSystem: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + logging: { + type: "object", + properties: { + level: { + anyOf: [ + { + type: "string", + const: "silent", + }, + { + type: "string", + const: "fatal", + }, + { + type: "string", + const: "error", + }, + { + type: "string", + const: "warn", + }, + { + type: "string", + const: "info", + }, + { + type: "string", + const: "debug", + }, + { + type: "string", + const: "trace", + }, + ], + }, + file: { + type: "string", + }, + maxFileBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + consoleLevel: { + anyOf: [ + { + type: "string", + const: "silent", + }, + { + type: "string", + const: "fatal", + }, + { + type: "string", + const: "error", + }, + { + type: "string", + const: "warn", + }, + { + type: "string", + const: "info", + }, + { + type: "string", + const: "debug", + }, + { + type: "string", + const: "trace", + }, + ], + }, + consoleStyle: { + anyOf: [ + { + type: "string", + const: "pretty", + }, + { + type: "string", + const: "compact", + }, + { + type: "string", + const: "json", + }, + ], + }, + redactSensitive: { + anyOf: [ + { + type: "string", + const: "off", + }, + { + type: "string", + const: "tools", + }, + ], + }, + redactPatterns: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + cli: { + type: "object", + properties: { + banner: { + type: "object", + properties: { + taglineMode: { + anyOf: [ + { + type: "string", + const: "random", + }, + { + type: "string", + const: "default", + }, + { + type: "string", + const: "off", + }, + ], + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + update: { + type: "object", + properties: { + channel: { + anyOf: [ + { + type: "string", + const: "stable", + }, + { + type: "string", + const: "beta", + }, + { + type: "string", + const: "dev", + }, + ], + }, + checkOnStart: { + type: "boolean", + }, + auto: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + stableDelayHours: { + type: "number", + minimum: 0, + maximum: 168, + }, + stableJitterHours: { + type: "number", + minimum: 0, + maximum: 168, + }, + betaCheckIntervalHours: { + type: "number", + exclusiveMinimum: 0, + maximum: 24, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + browser: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + evaluateEnabled: { + type: "boolean", + }, + cdpUrl: { + type: "string", + }, + remoteCdpTimeoutMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + remoteCdpHandshakeTimeoutMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + color: { + type: "string", + }, + executablePath: { + type: "string", + }, + headless: { + type: "boolean", + }, + noSandbox: { + type: "boolean", + }, + attachOnly: { + type: "boolean", + }, + cdpPortRangeStart: { + type: "integer", + minimum: 1, + maximum: 65535, + }, + defaultProfile: { + type: "string", + }, + snapshotDefaults: { + type: "object", + properties: { + mode: { + type: "string", + const: "efficient", + }, + }, + additionalProperties: false, + }, + ssrfPolicy: { + type: "object", + properties: { + allowPrivateNetwork: { + type: "boolean", + }, + dangerouslyAllowPrivateNetwork: { + type: "boolean", + }, + allowedHostnames: { + type: "array", + items: { + type: "string", + }, + }, + hostnameAllowlist: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + profiles: { + type: "object", + propertyNames: { + type: "string", + pattern: "^[a-z0-9-]+$", + }, + additionalProperties: { + type: "object", + properties: { + cdpPort: { + type: "integer", + minimum: 1, + maximum: 65535, + }, + cdpUrl: { + type: "string", + }, + userDataDir: { + type: "string", + }, + driver: { + anyOf: [ + { + type: "string", + const: "openclaw", + }, + { + type: "string", + const: "clawd", + }, + { + type: "string", + const: "existing-session", + }, + ], + }, + attachOnly: { + type: "boolean", + }, + color: { + type: "string", + pattern: "^#?[0-9a-fA-F]{6}$", + }, + }, + required: ["color"], + additionalProperties: false, + }, + }, + extraArgs: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + ui: { + type: "object", + properties: { + seamColor: { + type: "string", + pattern: "^#?[0-9a-fA-F]{6}$", + }, + assistant: { + type: "object", + properties: { + name: { + type: "string", + maxLength: 50, + }, + avatar: { + type: "string", + maxLength: 200, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + secrets: { + type: "object", + properties: { + providers: { + type: "object", + properties: {}, + additionalProperties: { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + allowlist: { + maxItems: 256, + type: "array", + items: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + }, + required: ["source"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + path: { + type: "string", + minLength: 1, + }, + mode: { + anyOf: [ + { + type: "string", + const: "singleValue", + }, + { + type: "string", + const: "json", + }, + ], + }, + timeoutMs: { + type: "integer", + exclusiveMinimum: 0, + maximum: 120000, + }, + maxBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 20971520, + }, + }, + required: ["source", "path"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + command: { + type: "string", + minLength: 1, + }, + args: { + maxItems: 128, + type: "array", + items: { + type: "string", + maxLength: 1024, + }, + }, + timeoutMs: { + type: "integer", + exclusiveMinimum: 0, + maximum: 120000, + }, + noOutputTimeoutMs: { + type: "integer", + exclusiveMinimum: 0, + maximum: 120000, + }, + maxOutputBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 20971520, + }, + jsonOnly: { + type: "boolean", + }, + env: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + passEnv: { + maxItems: 128, + type: "array", + items: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + trustedDirs: { + maxItems: 64, + type: "array", + items: { + type: "string", + minLength: 1, + }, + }, + allowInsecurePath: { + type: "boolean", + }, + allowSymlinkCommand: { + type: "boolean", + }, + }, + required: ["source", "command"], + additionalProperties: false, + }, + ], + }, + }, + defaults: { + type: "object", + properties: { + env: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + file: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + exec: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + }, + additionalProperties: false, + }, + resolution: { + type: "object", + properties: { + maxProviderConcurrency: { + type: "integer", + exclusiveMinimum: 0, + maximum: 16, + }, + maxRefsPerProvider: { + type: "integer", + exclusiveMinimum: 0, + maximum: 4096, + }, + maxBatchBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 5242880, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + auth: { + type: "object", + properties: { + profiles: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + properties: { + provider: { + type: "string", + }, + mode: { + anyOf: [ + { + type: "string", + const: "api_key", + }, + { + type: "string", + const: "oauth", + }, + { + type: "string", + const: "token", + }, + ], + }, + email: { + type: "string", + }, + }, + required: ["provider", "mode"], + additionalProperties: false, + }, + }, + order: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "array", + items: { + type: "string", + }, + }, + }, + cooldowns: { + type: "object", + properties: { + billingBackoffHours: { + type: "number", + exclusiveMinimum: 0, + }, + billingBackoffHoursByProvider: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "number", + exclusiveMinimum: 0, + }, + }, + billingMaxHours: { + type: "number", + exclusiveMinimum: 0, + }, + failureWindowHours: { + type: "number", + exclusiveMinimum: 0, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + acp: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + dispatch: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + backend: { + type: "string", + }, + defaultAgent: { + type: "string", + }, + allowedAgents: { + type: "array", + items: { + type: "string", + }, + }, + maxConcurrentSessions: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + stream: { + type: "object", + properties: { + coalesceIdleMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + maxChunkChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + repeatSuppression: { + type: "boolean", + }, + deliveryMode: { + anyOf: [ + { + type: "string", + const: "live", + }, + { + type: "string", + const: "final_only", + }, + ], + }, + hiddenBoundarySeparator: { + anyOf: [ + { + type: "string", + const: "none", + }, + { + type: "string", + const: "space", + }, + { + type: "string", + const: "newline", + }, + { + type: "string", + const: "paragraph", + }, + ], + }, + maxOutputChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxSessionUpdateChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + tagVisibility: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "boolean", + }, + }, + }, + additionalProperties: false, + }, + runtime: { + type: "object", + properties: { + ttlMinutes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + installCommand: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + models: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "merge", + }, + { + type: "string", + const: "replace", + }, + ], + }, + providers: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + properties: { + baseUrl: { + type: "string", + minLength: 1, + }, + apiKey: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + auth: { + anyOf: [ + { + type: "string", + const: "api-key", + }, + { + type: "string", + const: "aws-sdk", + }, + { + type: "string", + const: "oauth", + }, + { + type: "string", + const: "token", + }, + ], + }, + api: { + type: "string", + enum: [ + "openai-completions", + "openai-responses", + "openai-codex-responses", + "anthropic-messages", + "google-generative-ai", + "github-copilot", + "bedrock-converse-stream", + "ollama", + ], + }, + injectNumCtxForOpenAICompat: { + type: "boolean", + }, + headers: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + }, + authHeader: { + type: "boolean", + }, + models: { + type: "array", + items: { + type: "object", + properties: { + id: { + type: "string", + minLength: 1, + }, + name: { + type: "string", + minLength: 1, + }, + api: { + type: "string", + enum: [ + "openai-completions", + "openai-responses", + "openai-codex-responses", + "anthropic-messages", + "google-generative-ai", + "github-copilot", + "bedrock-converse-stream", + "ollama", + ], + }, + reasoning: { + type: "boolean", + }, + input: { + type: "array", + items: { + anyOf: [ + { + type: "string", + const: "text", + }, + { + type: "string", + const: "image", + }, + ], + }, + }, + cost: { + type: "object", + properties: { + input: { + type: "number", + }, + output: { + type: "number", + }, + cacheRead: { + type: "number", + }, + cacheWrite: { + type: "number", + }, + }, + additionalProperties: false, + }, + contextWindow: { + type: "number", + exclusiveMinimum: 0, + }, + maxTokens: { + type: "number", + exclusiveMinimum: 0, + }, + headers: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + compat: { + type: "object", + properties: { + supportsStore: { + type: "boolean", + }, + supportsDeveloperRole: { + type: "boolean", + }, + supportsReasoningEffort: { + type: "boolean", + }, + supportsUsageInStreaming: { + type: "boolean", + }, + supportsTools: { + type: "boolean", + }, + supportsStrictMode: { + type: "boolean", + }, + maxTokensField: { + anyOf: [ + { + type: "string", + const: "max_completion_tokens", + }, + { + type: "string", + const: "max_tokens", + }, + ], + }, + thinkingFormat: { + anyOf: [ + { + type: "string", + const: "openai", + }, + { + type: "string", + const: "openrouter", + }, + { + type: "string", + const: "zai", + }, + { + type: "string", + const: "qwen", + }, + { + type: "string", + const: "qwen-chat-template", + }, + ], + }, + requiresToolResultName: { + type: "boolean", + }, + requiresAssistantAfterToolResult: { + type: "boolean", + }, + requiresThinkingAsText: { + type: "boolean", + }, + toolSchemaProfile: { + type: "string", + const: "xai", + }, + nativeWebSearchTool: { + type: "boolean", + }, + toolCallArgumentsEncoding: { + type: "string", + const: "html-entities", + }, + requiresMistralToolIds: { + type: "boolean", + }, + requiresOpenAiAnthropicToolPayload: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + }, + required: ["id", "name"], + additionalProperties: false, + }, + }, + }, + required: ["baseUrl", "models"], + additionalProperties: false, + }, + }, + bedrockDiscovery: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + region: { + type: "string", + }, + providerFilter: { + type: "array", + items: { + type: "string", + }, + }, + refreshInterval: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + defaultContextWindow: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + defaultMaxTokens: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + nodeHost: { + type: "object", + properties: { + browserProxy: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + allowProfiles: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + agents: { + type: "object", + properties: { + defaults: { + type: "object", + properties: { + model: { + anyOf: [ + { + type: "string", + }, + { + type: "object", + properties: { + primary: { + type: "string", + }, + fallbacks: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + ], + }, + imageModel: { + anyOf: [ + { + type: "string", + }, + { + type: "object", + properties: { + primary: { + type: "string", + }, + fallbacks: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + ], + }, + imageGenerationModel: { + anyOf: [ + { + type: "string", + }, + { + type: "object", + properties: { + primary: { + type: "string", + }, + fallbacks: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + ], + }, + pdfModel: { + anyOf: [ + { + type: "string", + }, + { + type: "object", + properties: { + primary: { + type: "string", + }, + fallbacks: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + ], + }, + pdfMaxBytesMb: { + type: "number", + exclusiveMinimum: 0, + }, + pdfMaxPages: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + models: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + properties: { + alias: { + type: "string", + }, + params: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: {}, + }, + streaming: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + }, + workspace: { + type: "string", + }, + repoRoot: { + type: "string", + }, + skipBootstrap: { + type: "boolean", + }, + bootstrapMaxChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + bootstrapTotalMaxChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + bootstrapPromptTruncationWarning: { + anyOf: [ + { + type: "string", + const: "off", + }, + { + type: "string", + const: "once", + }, + { + type: "string", + const: "always", + }, + ], + }, + userTimezone: { + type: "string", + }, + timeFormat: { + anyOf: [ + { + type: "string", + const: "auto", + }, + { + type: "string", + const: "12", + }, + { + type: "string", + const: "24", + }, + ], + }, + envelopeTimezone: { + type: "string", + }, + envelopeTimestamp: { + anyOf: [ + { + type: "string", + const: "on", + }, + { + type: "string", + const: "off", + }, + ], + }, + envelopeElapsed: { + anyOf: [ + { + type: "string", + const: "on", + }, + { + type: "string", + const: "off", + }, + ], + }, + contextTokens: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + cliBackends: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + properties: { + command: { + type: "string", + }, + args: { + type: "array", + items: { + type: "string", + }, + }, + output: { + anyOf: [ + { + type: "string", + const: "json", + }, + { + type: "string", + const: "text", + }, + { + type: "string", + const: "jsonl", + }, + ], + }, + resumeOutput: { + anyOf: [ + { + type: "string", + const: "json", + }, + { + type: "string", + const: "text", + }, + { + type: "string", + const: "jsonl", + }, + ], + }, + input: { + anyOf: [ + { + type: "string", + const: "arg", + }, + { + type: "string", + const: "stdin", + }, + ], + }, + maxPromptArgChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + env: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + clearEnv: { + type: "array", + items: { + type: "string", + }, + }, + modelArg: { + type: "string", + }, + modelAliases: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + sessionArg: { + type: "string", + }, + sessionArgs: { + type: "array", + items: { + type: "string", + }, + }, + resumeArgs: { + type: "array", + items: { + type: "string", + }, + }, + sessionMode: { + anyOf: [ + { + type: "string", + const: "always", + }, + { + type: "string", + const: "existing", + }, + { + type: "string", + const: "none", + }, + ], + }, + sessionIdFields: { + type: "array", + items: { + type: "string", + }, + }, + systemPromptArg: { + type: "string", + }, + systemPromptMode: { + anyOf: [ + { + type: "string", + const: "append", + }, + { + type: "string", + const: "replace", + }, + ], + }, + systemPromptWhen: { + anyOf: [ + { + type: "string", + const: "first", + }, + { + type: "string", + const: "always", + }, + { + type: "string", + const: "never", + }, + ], + }, + imageArg: { + type: "string", + }, + imageMode: { + anyOf: [ + { + type: "string", + const: "repeat", + }, + { + type: "string", + const: "list", + }, + ], + }, + serialize: { + type: "boolean", + }, + reliability: { + type: "object", + properties: { + watchdog: { + type: "object", + properties: { + fresh: { + type: "object", + properties: { + noOutputTimeoutMs: { + type: "integer", + minimum: 1000, + maximum: 9007199254740991, + }, + noOutputTimeoutRatio: { + type: "number", + minimum: 0.05, + maximum: 0.95, + }, + minMs: { + type: "integer", + minimum: 1000, + maximum: 9007199254740991, + }, + maxMs: { + type: "integer", + minimum: 1000, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + resume: { + type: "object", + properties: { + noOutputTimeoutMs: { + type: "integer", + minimum: 1000, + maximum: 9007199254740991, + }, + noOutputTimeoutRatio: { + type: "number", + minimum: 0.05, + maximum: 0.95, + }, + minMs: { + type: "integer", + minimum: 1000, + maximum: 9007199254740991, + }, + maxMs: { + type: "integer", + minimum: 1000, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + }, + required: ["command"], + additionalProperties: false, + }, + }, + memorySearch: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + sources: { + type: "array", + items: { + anyOf: [ + { + type: "string", + const: "memory", + }, + { + type: "string", + const: "sessions", + }, + ], + }, + }, + extraPaths: { + type: "array", + items: { + type: "string", + }, + }, + multimodal: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + modalities: { + type: "array", + items: { + anyOf: [ + { + type: "string", + const: "image", + }, + { + type: "string", + const: "audio", + }, + { + type: "string", + const: "all", + }, + ], + }, + }, + maxFileBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + experimental: { + type: "object", + properties: { + sessionMemory: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + provider: { + anyOf: [ + { + type: "string", + const: "openai", + }, + { + type: "string", + const: "local", + }, + { + type: "string", + const: "gemini", + }, + { + type: "string", + const: "voyage", + }, + { + type: "string", + const: "mistral", + }, + { + type: "string", + const: "ollama", + }, + ], + }, + remote: { + type: "object", + properties: { + baseUrl: { + type: "string", + }, + apiKey: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + headers: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + batch: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + wait: { + type: "boolean", + }, + concurrency: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + pollIntervalMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + timeoutMinutes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + fallback: { + anyOf: [ + { + type: "string", + const: "openai", + }, + { + type: "string", + const: "gemini", + }, + { + type: "string", + const: "local", + }, + { + type: "string", + const: "voyage", + }, + { + type: "string", + const: "mistral", + }, + { + type: "string", + const: "ollama", + }, + { + type: "string", + const: "none", + }, + ], + }, + model: { + type: "string", + }, + outputDimensionality: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + local: { + type: "object", + properties: { + modelPath: { + type: "string", + }, + modelCacheDir: { + type: "string", + }, + }, + additionalProperties: false, + }, + store: { + type: "object", + properties: { + driver: { + type: "string", + const: "sqlite", + }, + path: { + type: "string", + }, + vector: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + extensionPath: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + chunking: { + type: "object", + properties: { + tokens: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + overlap: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + sync: { + type: "object", + properties: { + onSessionStart: { + type: "boolean", + }, + onSearch: { + type: "boolean", + }, + watch: { + type: "boolean", + }, + watchDebounceMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + intervalMinutes: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + sessions: { + type: "object", + properties: { + deltaBytes: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + deltaMessages: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + postCompactionForce: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + query: { + type: "object", + properties: { + maxResults: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + minScore: { + type: "number", + minimum: 0, + maximum: 1, + }, + hybrid: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + vectorWeight: { + type: "number", + minimum: 0, + maximum: 1, + }, + textWeight: { + type: "number", + minimum: 0, + maximum: 1, + }, + candidateMultiplier: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + mmr: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + lambda: { + type: "number", + minimum: 0, + maximum: 1, + }, + }, + additionalProperties: false, + }, + temporalDecay: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + halfLifeDays: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + cache: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + maxEntries: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + contextPruning: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "off", + }, + { + type: "string", + const: "cache-ttl", + }, + ], + }, + ttl: { + type: "string", + }, + keepLastAssistants: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + softTrimRatio: { + type: "number", + minimum: 0, + maximum: 1, + }, + hardClearRatio: { + type: "number", + minimum: 0, + maximum: 1, + }, + minPrunableToolChars: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + tools: { + type: "object", + properties: { + allow: { + type: "array", + items: { + type: "string", + }, + }, + deny: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + softTrim: { + type: "object", + properties: { + maxChars: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + headChars: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + tailChars: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + hardClear: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + placeholder: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + compaction: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "default", + }, + { + type: "string", + const: "safeguard", + }, + ], + }, + reserveTokens: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + keepRecentTokens: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + reserveTokensFloor: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + maxHistoryShare: { + type: "number", + minimum: 0.1, + maximum: 0.9, + }, + customInstructions: { + type: "string", + }, + identifierPolicy: { + anyOf: [ + { + type: "string", + const: "strict", + }, + { + type: "string", + const: "off", + }, + { + type: "string", + const: "custom", + }, + ], + }, + identifierInstructions: { + type: "string", + }, + recentTurnsPreserve: { + type: "integer", + minimum: 0, + maximum: 12, + }, + qualityGuard: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + maxRetries: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + postIndexSync: { + type: "string", + enum: ["off", "async", "await"], + }, + postCompactionSections: { + type: "array", + items: { + type: "string", + }, + }, + model: { + type: "string", + }, + timeoutSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + memoryFlush: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + softThresholdTokens: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + forceFlushTranscriptBytes: { + anyOf: [ + { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + { + type: "string", + }, + ], + }, + prompt: { + type: "string", + }, + systemPrompt: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + embeddedPi: { + type: "object", + properties: { + projectSettingsPolicy: { + anyOf: [ + { + type: "string", + const: "trusted", + }, + { + type: "string", + const: "sanitize", + }, + { + type: "string", + const: "ignore", + }, + ], + }, + }, + additionalProperties: false, + }, + thinkingDefault: { + anyOf: [ + { + type: "string", + const: "off", + }, + { + type: "string", + const: "minimal", + }, + { + type: "string", + const: "low", + }, + { + type: "string", + const: "medium", + }, + { + type: "string", + const: "high", + }, + { + type: "string", + const: "xhigh", + }, + { + type: "string", + const: "adaptive", + }, + ], + }, + verboseDefault: { + anyOf: [ + { + type: "string", + const: "off", + }, + { + type: "string", + const: "on", + }, + { + type: "string", + const: "full", + }, + ], + }, + elevatedDefault: { + anyOf: [ + { + type: "string", + const: "off", + }, + { + type: "string", + const: "on", + }, + { + type: "string", + const: "ask", + }, + { + type: "string", + const: "full", + }, + ], + }, + blockStreamingDefault: { + anyOf: [ + { + type: "string", + const: "off", + }, + { + type: "string", + const: "on", + }, + ], + }, + blockStreamingBreak: { + anyOf: [ + { + type: "string", + const: "text_end", + }, + { + type: "string", + const: "message_end", + }, + ], + }, + blockStreamingChunk: { + type: "object", + properties: { + minChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + breakPreference: { + anyOf: [ + { + type: "string", + const: "paragraph", + }, + { + type: "string", + const: "newline", + }, + { + type: "string", + const: "sentence", + }, + ], + }, + }, + additionalProperties: false, + }, + blockStreamingCoalesce: { + type: "object", + properties: { + minChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + idleMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + humanDelay: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "off", + }, + { + type: "string", + const: "natural", + }, + { + type: "string", + const: "custom", + }, + ], + }, + minMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + maxMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + timeoutSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + mediaMaxMb: { + type: "number", + exclusiveMinimum: 0, + }, + imageMaxDimensionPx: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + typingIntervalSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + typingMode: { + anyOf: [ + { + type: "string", + const: "never", + }, + { + type: "string", + const: "instant", + }, + { + type: "string", + const: "thinking", + }, + { + type: "string", + const: "message", + }, + ], + }, + heartbeat: { + type: "object", + properties: { + every: { + type: "string", + }, + activeHours: { + type: "object", + properties: { + start: { + type: "string", + }, + end: { + type: "string", + }, + timezone: { + type: "string", + }, + }, + additionalProperties: false, + }, + model: { + type: "string", + }, + session: { + type: "string", + }, + includeReasoning: { + type: "boolean", + }, + target: { + type: "string", + }, + directPolicy: { + anyOf: [ + { + type: "string", + const: "allow", + }, + { + type: "string", + const: "block", + }, + ], + }, + to: { + type: "string", + }, + accountId: { + type: "string", + }, + prompt: { + type: "string", + }, + ackMaxChars: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + suppressToolErrorWarnings: { + type: "boolean", + }, + lightContext: { + type: "boolean", + }, + isolatedSession: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + maxConcurrent: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + subagents: { + type: "object", + properties: { + maxConcurrent: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxSpawnDepth: { + description: + "Maximum nesting depth for sub-agent spawning. 1 = no nesting (default), 2 = sub-agents can spawn sub-sub-agents.", + type: "integer", + minimum: 1, + maximum: 5, + }, + maxChildrenPerAgent: { + description: + "Maximum number of active children a single agent session can spawn (default: 5).", + type: "integer", + minimum: 1, + maximum: 20, + }, + archiveAfterMinutes: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + model: { + anyOf: [ + { + type: "string", + }, + { + type: "object", + properties: { + primary: { + type: "string", + }, + fallbacks: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + ], + }, + thinking: { + type: "string", + }, + runTimeoutSeconds: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + announceTimeoutMs: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + sandbox: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "off", + }, + { + type: "string", + const: "non-main", + }, + { + type: "string", + const: "all", + }, + ], + }, + backend: { + type: "string", + minLength: 1, + }, + workspaceAccess: { + anyOf: [ + { + type: "string", + const: "none", + }, + { + type: "string", + const: "ro", + }, + { + type: "string", + const: "rw", + }, + ], + }, + sessionToolsVisibility: { + anyOf: [ + { + type: "string", + const: "spawned", + }, + { + type: "string", + const: "all", + }, + ], + }, + scope: { + anyOf: [ + { + type: "string", + const: "session", + }, + { + type: "string", + const: "agent", + }, + { + type: "string", + const: "shared", + }, + ], + }, + perSession: { + type: "boolean", + }, + workspaceRoot: { + type: "string", + }, + docker: { + type: "object", + properties: { + image: { + type: "string", + }, + containerPrefix: { + type: "string", + }, + workdir: { + type: "string", + }, + readOnlyRoot: { + type: "boolean", + }, + tmpfs: { + type: "array", + items: { + type: "string", + }, + }, + network: { + type: "string", + }, + user: { + type: "string", + }, + capDrop: { + type: "array", + items: { + type: "string", + }, + }, + env: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + setupCommand: {}, + pidsLimit: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + memory: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + ], + }, + memorySwap: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + ], + }, + cpus: { + type: "number", + exclusiveMinimum: 0, + }, + ulimits: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + { + type: "object", + properties: { + soft: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + hard: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + ], + }, + }, + seccompProfile: { + type: "string", + }, + apparmorProfile: { + type: "string", + }, + dns: { + type: "array", + items: { + type: "string", + }, + }, + extraHosts: { + type: "array", + items: { + type: "string", + }, + }, + binds: { + type: "array", + items: { + type: "string", + }, + }, + dangerouslyAllowReservedContainerTargets: { + type: "boolean", + }, + dangerouslyAllowExternalBindSources: { + type: "boolean", + }, + dangerouslyAllowContainerNamespaceJoin: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + ssh: { + type: "object", + properties: { + target: { + type: "string", + minLength: 1, + }, + command: { + type: "string", + minLength: 1, + }, + workspaceRoot: { + type: "string", + minLength: 1, + }, + strictHostKeyChecking: { + type: "boolean", + }, + updateHostKeys: { + type: "boolean", + }, + identityFile: { + type: "string", + minLength: 1, + }, + certificateFile: { + type: "string", + minLength: 1, + }, + knownHostsFile: { + type: "string", + minLength: 1, + }, + identityData: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + certificateData: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + knownHostsData: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + }, + additionalProperties: false, + }, + browser: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + image: { + type: "string", + }, + containerPrefix: { + type: "string", + }, + network: { + type: "string", + }, + cdpPort: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + cdpSourceRange: { + type: "string", + }, + vncPort: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + noVncPort: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + headless: { + type: "boolean", + }, + enableNoVnc: { + type: "boolean", + }, + allowHostControl: { + type: "boolean", + }, + autoStart: { + type: "boolean", + }, + autoStartTimeoutMs: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + binds: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + prune: { + type: "object", + properties: { + idleHours: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + maxAgeDays: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + list: { + type: "array", + items: { + type: "object", + properties: { + id: { + type: "string", + }, + default: { + type: "boolean", + }, + name: { + type: "string", + }, + workspace: { + type: "string", + }, + agentDir: { + type: "string", + }, + model: { + anyOf: [ + { + type: "string", + }, + { + type: "object", + properties: { + primary: { + type: "string", + }, + fallbacks: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + ], + }, + thinkingDefault: { + type: "string", + enum: ["off", "minimal", "low", "medium", "high", "xhigh", "adaptive"], + }, + reasoningDefault: { + type: "string", + enum: ["on", "off", "stream"], + }, + fastModeDefault: { + type: "boolean", + }, + skills: { + type: "array", + items: { + type: "string", + }, + }, + memorySearch: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + sources: { + type: "array", + items: { + anyOf: [ + { + type: "string", + const: "memory", + }, + { + type: "string", + const: "sessions", + }, + ], + }, + }, + extraPaths: { + type: "array", + items: { + type: "string", + }, + }, + multimodal: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + modalities: { + type: "array", + items: { + anyOf: [ + { + type: "string", + const: "image", + }, + { + type: "string", + const: "audio", + }, + { + type: "string", + const: "all", + }, + ], + }, + }, + maxFileBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + experimental: { + type: "object", + properties: { + sessionMemory: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + provider: { + anyOf: [ + { + type: "string", + const: "openai", + }, + { + type: "string", + const: "local", + }, + { + type: "string", + const: "gemini", + }, + { + type: "string", + const: "voyage", + }, + { + type: "string", + const: "mistral", + }, + { + type: "string", + const: "ollama", + }, + ], + }, + remote: { + type: "object", + properties: { + baseUrl: { + type: "string", + }, + apiKey: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + headers: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + batch: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + wait: { + type: "boolean", + }, + concurrency: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + pollIntervalMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + timeoutMinutes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + fallback: { + anyOf: [ + { + type: "string", + const: "openai", + }, + { + type: "string", + const: "gemini", + }, + { + type: "string", + const: "local", + }, + { + type: "string", + const: "voyage", + }, + { + type: "string", + const: "mistral", + }, + { + type: "string", + const: "ollama", + }, + { + type: "string", + const: "none", + }, + ], + }, + model: { + type: "string", + }, + outputDimensionality: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + local: { + type: "object", + properties: { + modelPath: { + type: "string", + }, + modelCacheDir: { + type: "string", + }, + }, + additionalProperties: false, + }, + store: { + type: "object", + properties: { + driver: { + type: "string", + const: "sqlite", + }, + path: { + type: "string", + }, + vector: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + extensionPath: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + chunking: { + type: "object", + properties: { + tokens: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + overlap: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + sync: { + type: "object", + properties: { + onSessionStart: { + type: "boolean", + }, + onSearch: { + type: "boolean", + }, + watch: { + type: "boolean", + }, + watchDebounceMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + intervalMinutes: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + sessions: { + type: "object", + properties: { + deltaBytes: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + deltaMessages: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + postCompactionForce: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + query: { + type: "object", + properties: { + maxResults: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + minScore: { + type: "number", + minimum: 0, + maximum: 1, + }, + hybrid: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + vectorWeight: { + type: "number", + minimum: 0, + maximum: 1, + }, + textWeight: { + type: "number", + minimum: 0, + maximum: 1, + }, + candidateMultiplier: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + mmr: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + lambda: { + type: "number", + minimum: 0, + maximum: 1, + }, + }, + additionalProperties: false, + }, + temporalDecay: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + halfLifeDays: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + cache: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + maxEntries: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + humanDelay: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "off", + }, + { + type: "string", + const: "natural", + }, + { + type: "string", + const: "custom", + }, + ], + }, + minMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + maxMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + heartbeat: { + type: "object", + properties: { + every: { + type: "string", + }, + activeHours: { + type: "object", + properties: { + start: { + type: "string", + }, + end: { + type: "string", + }, + timezone: { + type: "string", + }, + }, + additionalProperties: false, + }, + model: { + type: "string", + }, + session: { + type: "string", + }, + includeReasoning: { + type: "boolean", + }, + target: { + type: "string", + }, + directPolicy: { + anyOf: [ + { + type: "string", + const: "allow", + }, + { + type: "string", + const: "block", + }, + ], + }, + to: { + type: "string", + }, + accountId: { + type: "string", + }, + prompt: { + type: "string", + }, + ackMaxChars: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + suppressToolErrorWarnings: { + type: "boolean", + }, + lightContext: { + type: "boolean", + }, + isolatedSession: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + identity: { + type: "object", + properties: { + name: { + type: "string", + }, + theme: { + type: "string", + }, + emoji: { + type: "string", + }, + avatar: { + type: "string", + }, + }, + additionalProperties: false, + }, + groupChat: { + type: "object", + properties: { + mentionPatterns: { + type: "array", + items: { + type: "string", + }, + }, + historyLimit: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + subagents: { + type: "object", + properties: { + allowAgents: { + type: "array", + items: { + type: "string", + }, + }, + model: { + anyOf: [ + { + type: "string", + }, + { + type: "object", + properties: { + primary: { + type: "string", + }, + fallbacks: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + ], + }, + thinking: { + type: "string", + }, + }, + additionalProperties: false, + }, + sandbox: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "off", + }, + { + type: "string", + const: "non-main", + }, + { + type: "string", + const: "all", + }, + ], + }, + backend: { + type: "string", + minLength: 1, + }, + workspaceAccess: { + anyOf: [ + { + type: "string", + const: "none", + }, + { + type: "string", + const: "ro", + }, + { + type: "string", + const: "rw", + }, + ], + }, + sessionToolsVisibility: { + anyOf: [ + { + type: "string", + const: "spawned", + }, + { + type: "string", + const: "all", + }, + ], + }, + scope: { + anyOf: [ + { + type: "string", + const: "session", + }, + { + type: "string", + const: "agent", + }, + { + type: "string", + const: "shared", + }, + ], + }, + perSession: { + type: "boolean", + }, + workspaceRoot: { + type: "string", + }, + docker: { + type: "object", + properties: { + image: { + type: "string", + }, + containerPrefix: { + type: "string", + }, + workdir: { + type: "string", + }, + readOnlyRoot: { + type: "boolean", + }, + tmpfs: { + type: "array", + items: { + type: "string", + }, + }, + network: { + type: "string", + }, + user: { + type: "string", + }, + capDrop: { + type: "array", + items: { + type: "string", + }, + }, + env: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + setupCommand: {}, + pidsLimit: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + memory: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + ], + }, + memorySwap: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + ], + }, + cpus: { + type: "number", + exclusiveMinimum: 0, + }, + ulimits: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + { + type: "object", + properties: { + soft: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + hard: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + ], + }, + }, + seccompProfile: { + type: "string", + }, + apparmorProfile: { + type: "string", + }, + dns: { + type: "array", + items: { + type: "string", + }, + }, + extraHosts: { + type: "array", + items: { + type: "string", + }, + }, + binds: { + type: "array", + items: { + type: "string", + }, + }, + dangerouslyAllowReservedContainerTargets: { + type: "boolean", + }, + dangerouslyAllowExternalBindSources: { + type: "boolean", + }, + dangerouslyAllowContainerNamespaceJoin: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + ssh: { + type: "object", + properties: { + target: { + type: "string", + minLength: 1, + }, + command: { + type: "string", + minLength: 1, + }, + workspaceRoot: { + type: "string", + minLength: 1, + }, + strictHostKeyChecking: { + type: "boolean", + }, + updateHostKeys: { + type: "boolean", + }, + identityFile: { + type: "string", + minLength: 1, + }, + certificateFile: { + type: "string", + minLength: 1, + }, + knownHostsFile: { + type: "string", + minLength: 1, + }, + identityData: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + certificateData: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + knownHostsData: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + }, + additionalProperties: false, + }, + browser: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + image: { + type: "string", + }, + containerPrefix: { + type: "string", + }, + network: { + type: "string", + }, + cdpPort: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + cdpSourceRange: { + type: "string", + }, + vncPort: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + noVncPort: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + headless: { + type: "boolean", + }, + enableNoVnc: { + type: "boolean", + }, + allowHostControl: { + type: "boolean", + }, + autoStart: { + type: "boolean", + }, + autoStartTimeoutMs: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + binds: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + prune: { + type: "object", + properties: { + idleHours: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + maxAgeDays: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + params: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: {}, + }, + tools: { + type: "object", + properties: { + profile: { + anyOf: [ + { + type: "string", + const: "minimal", + }, + { + type: "string", + const: "coding", + }, + { + type: "string", + const: "messaging", + }, + { + type: "string", + const: "full", + }, + ], + }, + allow: { + type: "array", + items: { + type: "string", + }, + }, + alsoAllow: { + type: "array", + items: { + type: "string", + }, + }, + deny: { + type: "array", + items: { + type: "string", + }, + }, + byProvider: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + properties: { + allow: { + type: "array", + items: { + type: "string", + }, + }, + alsoAllow: { + type: "array", + items: { + type: "string", + }, + }, + deny: { + type: "array", + items: { + type: "string", + }, + }, + profile: { + anyOf: [ + { + type: "string", + const: "minimal", + }, + { + type: "string", + const: "coding", + }, + { + type: "string", + const: "messaging", + }, + { + type: "string", + const: "full", + }, + ], + }, + }, + additionalProperties: false, + }, + }, + elevated: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + allowFrom: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "array", + items: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + ], + }, + }, + }, + }, + additionalProperties: false, + }, + exec: { + type: "object", + properties: { + host: { + type: "string", + enum: ["sandbox", "gateway", "node"], + }, + security: { + type: "string", + enum: ["deny", "allowlist", "full"], + }, + ask: { + type: "string", + enum: ["off", "on-miss", "always"], + }, + node: { + type: "string", + }, + pathPrepend: { + type: "array", + items: { + type: "string", + }, + }, + safeBins: { + type: "array", + items: { + type: "string", + }, + }, + strictInlineEval: { + type: "boolean", + }, + safeBinTrustedDirs: { + type: "array", + items: { + type: "string", + }, + }, + safeBinProfiles: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + properties: { + minPositional: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + maxPositional: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + allowedValueFlags: { + type: "array", + items: { + type: "string", + }, + }, + deniedFlags: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + }, + backgroundMs: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + timeoutSec: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + cleanupMs: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + notifyOnExit: { + type: "boolean", + }, + notifyOnExitEmptySuccess: { + type: "boolean", + }, + applyPatch: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + workspaceOnly: { + type: "boolean", + }, + allowModels: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + approvalRunningNoticeMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + fs: { + type: "object", + properties: { + workspaceOnly: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + loopDetection: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + historySize: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + warningThreshold: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + criticalThreshold: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + globalCircuitBreakerThreshold: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + detectors: { + type: "object", + properties: { + genericRepeat: { + type: "boolean", + }, + knownPollNoProgress: { + type: "boolean", + }, + pingPong: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + sandbox: { + type: "object", + properties: { + tools: { + type: "object", + properties: { + allow: { + type: "array", + items: { + type: "string", + }, + }, + alsoAllow: { + type: "array", + items: { + type: "string", + }, + }, + deny: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + runtime: { + anyOf: [ + { + type: "object", + properties: { + type: { + type: "string", + const: "embedded", + }, + }, + required: ["type"], + additionalProperties: false, + }, + { + type: "object", + properties: { + type: { + type: "string", + const: "acp", + }, + acp: { + type: "object", + properties: { + agent: { + type: "string", + }, + backend: { + type: "string", + }, + mode: { + type: "string", + enum: ["persistent", "oneshot"], + }, + cwd: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + required: ["type"], + additionalProperties: false, + }, + ], + }, + }, + required: ["id"], + additionalProperties: false, + }, + }, + }, + additionalProperties: false, + }, + tools: { + type: "object", + properties: { + profile: { + anyOf: [ + { + type: "string", + const: "minimal", + }, + { + type: "string", + const: "coding", + }, + { + type: "string", + const: "messaging", + }, + { + type: "string", + const: "full", + }, + ], + }, + allow: { + type: "array", + items: { + type: "string", + }, + }, + alsoAllow: { + type: "array", + items: { + type: "string", + }, + }, + deny: { + type: "array", + items: { + type: "string", + }, + }, + byProvider: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + properties: { + allow: { + type: "array", + items: { + type: "string", + }, + }, + alsoAllow: { + type: "array", + items: { + type: "string", + }, + }, + deny: { + type: "array", + items: { + type: "string", + }, + }, + profile: { + anyOf: [ + { + type: "string", + const: "minimal", + }, + { + type: "string", + const: "coding", + }, + { + type: "string", + const: "messaging", + }, + { + type: "string", + const: "full", + }, + ], + }, + }, + additionalProperties: false, + }, + }, + web: { + type: "object", + properties: { + search: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + provider: { + type: "string", + }, + maxResults: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + timeoutSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + cacheTtlMinutes: { + type: "number", + minimum: 0, + }, + apiKey: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + brave: { + type: "object", + properties: { + apiKey: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + baseUrl: { + type: "string", + }, + model: { + type: "string", + }, + mode: { + type: "string", + }, + }, + additionalProperties: false, + }, + firecrawl: { + type: "object", + properties: { + apiKey: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + baseUrl: { + type: "string", + }, + model: { + type: "string", + }, + }, + additionalProperties: false, + }, + gemini: { + type: "object", + properties: { + apiKey: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + baseUrl: { + type: "string", + }, + model: { + type: "string", + }, + }, + additionalProperties: false, + }, + grok: { + type: "object", + properties: { + apiKey: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + baseUrl: { + type: "string", + }, + model: { + type: "string", + }, + inlineCitations: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + kimi: { + type: "object", + properties: { + apiKey: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + baseUrl: { + type: "string", + }, + model: { + type: "string", + }, + }, + additionalProperties: false, + }, + perplexity: { + type: "object", + properties: { + apiKey: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + baseUrl: { + type: "string", + }, + model: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + fetch: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + maxChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxCharsCap: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + timeoutSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + cacheTtlMinutes: { + type: "number", + minimum: 0, + }, + maxRedirects: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + userAgent: { + type: "string", + }, + readability: { + type: "boolean", + }, + firecrawl: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + apiKey: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + baseUrl: { + type: "string", + }, + onlyMainContent: { + type: "boolean", + }, + maxAgeMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + timeoutSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + media: { + type: "object", + properties: { + models: { + type: "array", + items: { + type: "object", + properties: { + provider: { + type: "string", + }, + model: { + type: "string", + }, + capabilities: { + type: "array", + items: { + anyOf: [ + { + type: "string", + const: "image", + }, + { + type: "string", + const: "audio", + }, + { + type: "string", + const: "video", + }, + ], + }, + }, + type: { + anyOf: [ + { + type: "string", + const: "provider", + }, + { + type: "string", + const: "cli", + }, + ], + }, + command: { + type: "string", + }, + args: { + type: "array", + items: { + type: "string", + }, + }, + maxChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + prompt: { + type: "string", + }, + timeoutSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + language: { + type: "string", + }, + providerOptions: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + { + type: "boolean", + }, + ], + }, + }, + }, + deepgram: { + type: "object", + properties: { + detectLanguage: { + type: "boolean", + }, + punctuate: { + type: "boolean", + }, + smartFormat: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + baseUrl: { + type: "string", + }, + headers: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + profile: { + type: "string", + }, + preferredProfile: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + concurrency: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + image: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + scope: { + type: "object", + properties: { + default: { + anyOf: [ + { + type: "string", + const: "allow", + }, + { + type: "string", + const: "deny", + }, + ], + }, + rules: { + type: "array", + items: { + type: "object", + properties: { + action: { + anyOf: [ + { + type: "string", + const: "allow", + }, + { + type: "string", + const: "deny", + }, + ], + }, + match: { + type: "object", + properties: { + channel: { + type: "string", + }, + chatType: { + anyOf: [ + { + type: "string", + const: "direct", + }, + { + type: "string", + const: "group", + }, + { + type: "string", + const: "channel", + }, + { + type: "string", + const: "dm", + }, + ], + }, + keyPrefix: { + type: "string", + }, + rawKeyPrefix: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + required: ["action"], + additionalProperties: false, + }, + }, + }, + additionalProperties: false, + }, + maxBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + prompt: { + type: "string", + }, + timeoutSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + language: { + type: "string", + }, + providerOptions: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + { + type: "boolean", + }, + ], + }, + }, + }, + deepgram: { + type: "object", + properties: { + detectLanguage: { + type: "boolean", + }, + punctuate: { + type: "boolean", + }, + smartFormat: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + baseUrl: { + type: "string", + }, + headers: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + attachments: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "first", + }, + { + type: "string", + const: "all", + }, + ], + }, + maxAttachments: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + prefer: { + anyOf: [ + { + type: "string", + const: "first", + }, + { + type: "string", + const: "last", + }, + { + type: "string", + const: "path", + }, + { + type: "string", + const: "url", + }, + ], + }, + }, + additionalProperties: false, + }, + models: { + type: "array", + items: { + type: "object", + properties: { + provider: { + type: "string", + }, + model: { + type: "string", + }, + capabilities: { + type: "array", + items: { + anyOf: [ + { + type: "string", + const: "image", + }, + { + type: "string", + const: "audio", + }, + { + type: "string", + const: "video", + }, + ], + }, + }, + type: { + anyOf: [ + { + type: "string", + const: "provider", + }, + { + type: "string", + const: "cli", + }, + ], + }, + command: { + type: "string", + }, + args: { + type: "array", + items: { + type: "string", + }, + }, + maxChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + prompt: { + type: "string", + }, + timeoutSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + language: { + type: "string", + }, + providerOptions: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + { + type: "boolean", + }, + ], + }, + }, + }, + deepgram: { + type: "object", + properties: { + detectLanguage: { + type: "boolean", + }, + punctuate: { + type: "boolean", + }, + smartFormat: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + baseUrl: { + type: "string", + }, + headers: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + profile: { + type: "string", + }, + preferredProfile: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + echoTranscript: { + type: "boolean", + }, + echoFormat: { + type: "string", + }, + }, + additionalProperties: false, + }, + audio: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + scope: { + type: "object", + properties: { + default: { + anyOf: [ + { + type: "string", + const: "allow", + }, + { + type: "string", + const: "deny", + }, + ], + }, + rules: { + type: "array", + items: { + type: "object", + properties: { + action: { + anyOf: [ + { + type: "string", + const: "allow", + }, + { + type: "string", + const: "deny", + }, + ], + }, + match: { + type: "object", + properties: { + channel: { + type: "string", + }, + chatType: { + anyOf: [ + { + type: "string", + const: "direct", + }, + { + type: "string", + const: "group", + }, + { + type: "string", + const: "channel", + }, + { + type: "string", + const: "dm", + }, + ], + }, + keyPrefix: { + type: "string", + }, + rawKeyPrefix: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + required: ["action"], + additionalProperties: false, + }, + }, + }, + additionalProperties: false, + }, + maxBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + prompt: { + type: "string", + }, + timeoutSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + language: { + type: "string", + }, + providerOptions: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + { + type: "boolean", + }, + ], + }, + }, + }, + deepgram: { + type: "object", + properties: { + detectLanguage: { + type: "boolean", + }, + punctuate: { + type: "boolean", + }, + smartFormat: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + baseUrl: { + type: "string", + }, + headers: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + attachments: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "first", + }, + { + type: "string", + const: "all", + }, + ], + }, + maxAttachments: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + prefer: { + anyOf: [ + { + type: "string", + const: "first", + }, + { + type: "string", + const: "last", + }, + { + type: "string", + const: "path", + }, + { + type: "string", + const: "url", + }, + ], + }, + }, + additionalProperties: false, + }, + models: { + type: "array", + items: { + type: "object", + properties: { + provider: { + type: "string", + }, + model: { + type: "string", + }, + capabilities: { + type: "array", + items: { + anyOf: [ + { + type: "string", + const: "image", + }, + { + type: "string", + const: "audio", + }, + { + type: "string", + const: "video", + }, + ], + }, + }, + type: { + anyOf: [ + { + type: "string", + const: "provider", + }, + { + type: "string", + const: "cli", + }, + ], + }, + command: { + type: "string", + }, + args: { + type: "array", + items: { + type: "string", + }, + }, + maxChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + prompt: { + type: "string", + }, + timeoutSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + language: { + type: "string", + }, + providerOptions: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + { + type: "boolean", + }, + ], + }, + }, + }, + deepgram: { + type: "object", + properties: { + detectLanguage: { + type: "boolean", + }, + punctuate: { + type: "boolean", + }, + smartFormat: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + baseUrl: { + type: "string", + }, + headers: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + profile: { + type: "string", + }, + preferredProfile: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + echoTranscript: { + type: "boolean", + }, + echoFormat: { + type: "string", + }, + }, + additionalProperties: false, + }, + video: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + scope: { + type: "object", + properties: { + default: { + anyOf: [ + { + type: "string", + const: "allow", + }, + { + type: "string", + const: "deny", + }, + ], + }, + rules: { + type: "array", + items: { + type: "object", + properties: { + action: { + anyOf: [ + { + type: "string", + const: "allow", + }, + { + type: "string", + const: "deny", + }, + ], + }, + match: { + type: "object", + properties: { + channel: { + type: "string", + }, + chatType: { + anyOf: [ + { + type: "string", + const: "direct", + }, + { + type: "string", + const: "group", + }, + { + type: "string", + const: "channel", + }, + { + type: "string", + const: "dm", + }, + ], + }, + keyPrefix: { + type: "string", + }, + rawKeyPrefix: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + required: ["action"], + additionalProperties: false, + }, + }, + }, + additionalProperties: false, + }, + maxBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + prompt: { + type: "string", + }, + timeoutSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + language: { + type: "string", + }, + providerOptions: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + { + type: "boolean", + }, + ], + }, + }, + }, + deepgram: { + type: "object", + properties: { + detectLanguage: { + type: "boolean", + }, + punctuate: { + type: "boolean", + }, + smartFormat: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + baseUrl: { + type: "string", + }, + headers: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + attachments: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "first", + }, + { + type: "string", + const: "all", + }, + ], + }, + maxAttachments: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + prefer: { + anyOf: [ + { + type: "string", + const: "first", + }, + { + type: "string", + const: "last", + }, + { + type: "string", + const: "path", + }, + { + type: "string", + const: "url", + }, + ], + }, + }, + additionalProperties: false, + }, + models: { + type: "array", + items: { + type: "object", + properties: { + provider: { + type: "string", + }, + model: { + type: "string", + }, + capabilities: { + type: "array", + items: { + anyOf: [ + { + type: "string", + const: "image", + }, + { + type: "string", + const: "audio", + }, + { + type: "string", + const: "video", + }, + ], + }, + }, + type: { + anyOf: [ + { + type: "string", + const: "provider", + }, + { + type: "string", + const: "cli", + }, + ], + }, + command: { + type: "string", + }, + args: { + type: "array", + items: { + type: "string", + }, + }, + maxChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + prompt: { + type: "string", + }, + timeoutSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + language: { + type: "string", + }, + providerOptions: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + { + type: "boolean", + }, + ], + }, + }, + }, + deepgram: { + type: "object", + properties: { + detectLanguage: { + type: "boolean", + }, + punctuate: { + type: "boolean", + }, + smartFormat: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + baseUrl: { + type: "string", + }, + headers: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + profile: { + type: "string", + }, + preferredProfile: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + echoTranscript: { + type: "boolean", + }, + echoFormat: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + links: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + scope: { + type: "object", + properties: { + default: { + anyOf: [ + { + type: "string", + const: "allow", + }, + { + type: "string", + const: "deny", + }, + ], + }, + rules: { + type: "array", + items: { + type: "object", + properties: { + action: { + anyOf: [ + { + type: "string", + const: "allow", + }, + { + type: "string", + const: "deny", + }, + ], + }, + match: { + type: "object", + properties: { + channel: { + type: "string", + }, + chatType: { + anyOf: [ + { + type: "string", + const: "direct", + }, + { + type: "string", + const: "group", + }, + { + type: "string", + const: "channel", + }, + { + type: "string", + const: "dm", + }, + ], + }, + keyPrefix: { + type: "string", + }, + rawKeyPrefix: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + required: ["action"], + additionalProperties: false, + }, + }, + }, + additionalProperties: false, + }, + maxLinks: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + timeoutSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + models: { + type: "array", + items: { + type: "object", + properties: { + type: { + type: "string", + const: "cli", + }, + command: { + type: "string", + minLength: 1, + }, + args: { + type: "array", + items: { + type: "string", + }, + }, + timeoutSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + required: ["command"], + additionalProperties: false, + }, + }, + }, + additionalProperties: false, + }, + sessions: { + type: "object", + properties: { + visibility: { + type: "string", + enum: ["self", "tree", "agent", "all"], + }, + }, + additionalProperties: false, + }, + loopDetection: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + historySize: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + warningThreshold: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + criticalThreshold: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + globalCircuitBreakerThreshold: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + detectors: { + type: "object", + properties: { + genericRepeat: { + type: "boolean", + }, + knownPollNoProgress: { + type: "boolean", + }, + pingPong: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + message: { + type: "object", + properties: { + allowCrossContextSend: { + type: "boolean", + }, + crossContext: { + type: "object", + properties: { + allowWithinProvider: { + type: "boolean", + }, + allowAcrossProviders: { + type: "boolean", + }, + marker: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + prefix: { + type: "string", + }, + suffix: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + broadcast: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + agentToAgent: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + allow: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + elevated: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + allowFrom: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "array", + items: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + ], + }, + }, + }, + }, + additionalProperties: false, + }, + exec: { + type: "object", + properties: { + host: { + type: "string", + enum: ["sandbox", "gateway", "node"], + }, + security: { + type: "string", + enum: ["deny", "allowlist", "full"], + }, + ask: { + type: "string", + enum: ["off", "on-miss", "always"], + }, + node: { + type: "string", + }, + pathPrepend: { + type: "array", + items: { + type: "string", + }, + }, + safeBins: { + type: "array", + items: { + type: "string", + }, + }, + strictInlineEval: { + type: "boolean", + }, + safeBinTrustedDirs: { + type: "array", + items: { + type: "string", + }, + }, + safeBinProfiles: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + properties: { + minPositional: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + maxPositional: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + allowedValueFlags: { + type: "array", + items: { + type: "string", + }, + }, + deniedFlags: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + }, + backgroundMs: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + timeoutSec: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + cleanupMs: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + notifyOnExit: { + type: "boolean", + }, + notifyOnExitEmptySuccess: { + type: "boolean", + }, + applyPatch: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + workspaceOnly: { + type: "boolean", + }, + allowModels: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + fs: { + type: "object", + properties: { + workspaceOnly: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + subagents: { + type: "object", + properties: { + tools: { + type: "object", + properties: { + allow: { + type: "array", + items: { + type: "string", + }, + }, + alsoAllow: { + type: "array", + items: { + type: "string", + }, + }, + deny: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + sandbox: { + type: "object", + properties: { + tools: { + type: "object", + properties: { + allow: { + type: "array", + items: { + type: "string", + }, + }, + alsoAllow: { + type: "array", + items: { + type: "string", + }, + }, + deny: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + sessions_spawn: { + type: "object", + properties: { + attachments: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + maxTotalBytes: { + type: "number", + }, + maxFiles: { + type: "number", + }, + maxFileBytes: { + type: "number", + }, + retainOnSessionKeep: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + bindings: { + type: "array", + items: { + anyOf: [ + { + type: "object", + properties: { + type: { + type: "string", + const: "route", + }, + agentId: { + type: "string", + }, + comment: { + type: "string", + }, + match: { + type: "object", + properties: { + channel: { + type: "string", + }, + accountId: { + type: "string", + }, + peer: { + type: "object", + properties: { + kind: { + anyOf: [ + { + type: "string", + const: "direct", + }, + { + type: "string", + const: "group", + }, + { + type: "string", + const: "channel", + }, + { + type: "string", + const: "dm", + }, + ], + }, + id: { + type: "string", + }, + }, + required: ["kind", "id"], + additionalProperties: false, + }, + guildId: { + type: "string", + }, + teamId: { + type: "string", + }, + roles: { + type: "array", + items: { + type: "string", + }, + }, + }, + required: ["channel"], + additionalProperties: false, + }, + }, + required: ["agentId", "match"], + additionalProperties: false, + }, + { + type: "object", + properties: { + type: { + type: "string", + const: "acp", + }, + agentId: { + type: "string", + }, + comment: { + type: "string", + }, + match: { + type: "object", + properties: { + channel: { + type: "string", + }, + accountId: { + type: "string", + }, + peer: { + type: "object", + properties: { + kind: { + anyOf: [ + { + type: "string", + const: "direct", + }, + { + type: "string", + const: "group", + }, + { + type: "string", + const: "channel", + }, + { + type: "string", + const: "dm", + }, + ], + }, + id: { + type: "string", + }, + }, + required: ["kind", "id"], + additionalProperties: false, + }, + guildId: { + type: "string", + }, + teamId: { + type: "string", + }, + roles: { + type: "array", + items: { + type: "string", + }, + }, + }, + required: ["channel"], + additionalProperties: false, + }, + acp: { + type: "object", + properties: { + mode: { + type: "string", + enum: ["persistent", "oneshot"], + }, + label: { + type: "string", + }, + cwd: { + type: "string", + }, + backend: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + required: ["type", "agentId", "match"], + additionalProperties: false, + }, + ], + }, + }, + broadcast: { + type: "object", + properties: { + strategy: { + type: "string", + enum: ["parallel", "sequential"], + }, + }, + additionalProperties: { + type: "array", + items: { + type: "string", + }, + }, + }, + audio: { + type: "object", + properties: { + transcription: { + type: "object", + properties: { + command: { + type: "array", + items: { + type: "string", + }, + }, + timeoutSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + required: ["command"], + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + media: { + type: "object", + properties: { + preserveFilenames: { + type: "boolean", + }, + ttlHours: { + type: "integer", + minimum: 1, + maximum: 168, + }, + }, + additionalProperties: false, + }, + messages: { + type: "object", + properties: { + messagePrefix: { + type: "string", + }, + responsePrefix: { + type: "string", + }, + groupChat: { + type: "object", + properties: { + mentionPatterns: { + type: "array", + items: { + type: "string", + }, + }, + historyLimit: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + queue: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "steer", + }, + { + type: "string", + const: "followup", + }, + { + type: "string", + const: "collect", + }, + { + type: "string", + const: "steer-backlog", + }, + { + type: "string", + const: "steer+backlog", + }, + { + type: "string", + const: "queue", + }, + { + type: "string", + const: "interrupt", + }, + ], + }, + byChannel: { + type: "object", + properties: { + whatsapp: { + anyOf: [ + { + type: "string", + const: "steer", + }, + { + type: "string", + const: "followup", + }, + { + type: "string", + const: "collect", + }, + { + type: "string", + const: "steer-backlog", + }, + { + type: "string", + const: "steer+backlog", + }, + { + type: "string", + const: "queue", + }, + { + type: "string", + const: "interrupt", + }, + ], + }, + telegram: { + anyOf: [ + { + type: "string", + const: "steer", + }, + { + type: "string", + const: "followup", + }, + { + type: "string", + const: "collect", + }, + { + type: "string", + const: "steer-backlog", + }, + { + type: "string", + const: "steer+backlog", + }, + { + type: "string", + const: "queue", + }, + { + type: "string", + const: "interrupt", + }, + ], + }, + discord: { + anyOf: [ + { + type: "string", + const: "steer", + }, + { + type: "string", + const: "followup", + }, + { + type: "string", + const: "collect", + }, + { + type: "string", + const: "steer-backlog", + }, + { + type: "string", + const: "steer+backlog", + }, + { + type: "string", + const: "queue", + }, + { + type: "string", + const: "interrupt", + }, + ], + }, + irc: { + anyOf: [ + { + type: "string", + const: "steer", + }, + { + type: "string", + const: "followup", + }, + { + type: "string", + const: "collect", + }, + { + type: "string", + const: "steer-backlog", + }, + { + type: "string", + const: "steer+backlog", + }, + { + type: "string", + const: "queue", + }, + { + type: "string", + const: "interrupt", + }, + ], + }, + slack: { + anyOf: [ + { + type: "string", + const: "steer", + }, + { + type: "string", + const: "followup", + }, + { + type: "string", + const: "collect", + }, + { + type: "string", + const: "steer-backlog", + }, + { + type: "string", + const: "steer+backlog", + }, + { + type: "string", + const: "queue", + }, + { + type: "string", + const: "interrupt", + }, + ], + }, + mattermost: { + anyOf: [ + { + type: "string", + const: "steer", + }, + { + type: "string", + const: "followup", + }, + { + type: "string", + const: "collect", + }, + { + type: "string", + const: "steer-backlog", + }, + { + type: "string", + const: "steer+backlog", + }, + { + type: "string", + const: "queue", + }, + { + type: "string", + const: "interrupt", + }, + ], + }, + signal: { + anyOf: [ + { + type: "string", + const: "steer", + }, + { + type: "string", + const: "followup", + }, + { + type: "string", + const: "collect", + }, + { + type: "string", + const: "steer-backlog", + }, + { + type: "string", + const: "steer+backlog", + }, + { + type: "string", + const: "queue", + }, + { + type: "string", + const: "interrupt", + }, + ], + }, + imessage: { + anyOf: [ + { + type: "string", + const: "steer", + }, + { + type: "string", + const: "followup", + }, + { + type: "string", + const: "collect", + }, + { + type: "string", + const: "steer-backlog", + }, + { + type: "string", + const: "steer+backlog", + }, + { + type: "string", + const: "queue", + }, + { + type: "string", + const: "interrupt", + }, + ], + }, + msteams: { + anyOf: [ + { + type: "string", + const: "steer", + }, + { + type: "string", + const: "followup", + }, + { + type: "string", + const: "collect", + }, + { + type: "string", + const: "steer-backlog", + }, + { + type: "string", + const: "steer+backlog", + }, + { + type: "string", + const: "queue", + }, + { + type: "string", + const: "interrupt", + }, + ], + }, + webchat: { + anyOf: [ + { + type: "string", + const: "steer", + }, + { + type: "string", + const: "followup", + }, + { + type: "string", + const: "collect", + }, + { + type: "string", + const: "steer-backlog", + }, + { + type: "string", + const: "steer+backlog", + }, + { + type: "string", + const: "queue", + }, + { + type: "string", + const: "interrupt", + }, + ], + }, + }, + additionalProperties: false, + }, + debounceMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + debounceMsByChannel: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + cap: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + drop: { + anyOf: [ + { + type: "string", + const: "old", + }, + { + type: "string", + const: "new", + }, + { + type: "string", + const: "summarize", + }, + ], + }, + }, + additionalProperties: false, + }, + inbound: { + type: "object", + properties: { + debounceMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + byChannel: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + }, + additionalProperties: false, + }, + ackReaction: { + type: "string", + }, + ackReactionScope: { + type: "string", + enum: ["group-mentions", "group-all", "direct", "all", "off", "none"], + }, + removeAckAfterReply: { + type: "boolean", + }, + statusReactions: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + emojis: { + type: "object", + properties: { + thinking: { + type: "string", + }, + tool: { + type: "string", + }, + coding: { + type: "string", + }, + web: { + type: "string", + }, + done: { + type: "string", + }, + error: { + type: "string", + }, + stallSoft: { + type: "string", + }, + stallHard: { + type: "string", + }, + compacting: { + type: "string", + }, + }, + additionalProperties: false, + }, + timing: { + type: "object", + properties: { + debounceMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + stallSoftMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + stallHardMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + doneHoldMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + errorHoldMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + suppressToolErrors: { + type: "boolean", + }, + tts: { + type: "object", + properties: { + auto: { + type: "string", + enum: ["off", "always", "inbound", "tagged"], + }, + enabled: { + type: "boolean", + }, + mode: { + type: "string", + enum: ["final", "all"], + }, + provider: { + type: "string", + minLength: 1, + }, + summaryModel: { + type: "string", + }, + modelOverrides: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + allowText: { + type: "boolean", + }, + allowProvider: { + type: "boolean", + }, + allowVoice: { + type: "boolean", + }, + allowModelId: { + type: "boolean", + }, + allowVoiceSettings: { + type: "boolean", + }, + allowNormalization: { + type: "boolean", + }, + allowSeed: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + elevenlabs: { + type: "object", + properties: { + apiKey: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + baseUrl: { + type: "string", + }, + voiceId: { + type: "string", + }, + modelId: { + type: "string", + }, + seed: { + type: "integer", + minimum: 0, + maximum: 4294967295, + }, + applyTextNormalization: { + type: "string", + enum: ["auto", "on", "off"], + }, + languageCode: { + type: "string", + }, + voiceSettings: { + type: "object", + properties: { + stability: { + type: "number", + minimum: 0, + maximum: 1, + }, + similarityBoost: { + type: "number", + minimum: 0, + maximum: 1, + }, + style: { + type: "number", + minimum: 0, + maximum: 1, + }, + useSpeakerBoost: { + type: "boolean", + }, + speed: { + type: "number", + minimum: 0.5, + maximum: 2, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + openai: { + type: "object", + properties: { + apiKey: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + baseUrl: { + type: "string", + }, + model: { + type: "string", + }, + voice: { + type: "string", + }, + speed: { + type: "number", + minimum: 0.25, + maximum: 4, + }, + instructions: { + type: "string", + }, + }, + additionalProperties: false, + }, + edge: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + voice: { + type: "string", + }, + lang: { + type: "string", + }, + outputFormat: { + type: "string", + }, + pitch: { + type: "string", + }, + rate: { + type: "string", + }, + volume: { + type: "string", + }, + saveSubtitles: { + type: "boolean", + }, + proxy: { + type: "string", + }, + timeoutMs: { + type: "integer", + minimum: 1000, + maximum: 120000, + }, + }, + additionalProperties: false, + }, + microsoft: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + voice: { + type: "string", + }, + lang: { + type: "string", + }, + outputFormat: { + type: "string", + }, + pitch: { + type: "string", + }, + rate: { + type: "string", + }, + volume: { + type: "string", + }, + saveSubtitles: { + type: "boolean", + }, + proxy: { + type: "string", + }, + timeoutMs: { + type: "integer", + minimum: 1000, + maximum: 120000, + }, + }, + additionalProperties: false, + }, + prefsPath: { + type: "string", + }, + maxTextLength: { + type: "integer", + minimum: 1, + maximum: 9007199254740991, + }, + timeoutMs: { + type: "integer", + minimum: 1000, + maximum: 120000, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + commands: { + default: { + native: "auto", + nativeSkills: "auto", + restart: true, + ownerDisplay: "raw", + }, + type: "object", + properties: { + native: { + default: "auto", + anyOf: [ + { + type: "boolean", + }, + { + type: "string", + const: "auto", + }, + ], + }, + nativeSkills: { + default: "auto", + anyOf: [ + { + type: "boolean", + }, + { + type: "string", + const: "auto", + }, + ], + }, + text: { + type: "boolean", + }, + bash: { + type: "boolean", + }, + bashForegroundMs: { + type: "integer", + minimum: 0, + maximum: 30000, + }, + config: { + type: "boolean", + }, + mcp: { + type: "boolean", + }, + plugins: { + type: "boolean", + }, + debug: { + type: "boolean", + }, + restart: { + default: true, + type: "boolean", + }, + useAccessGroups: { + type: "boolean", + }, + ownerAllowFrom: { + type: "array", + items: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + ], + }, + }, + ownerDisplay: { + default: "raw", + type: "string", + enum: ["raw", "hash"], + }, + ownerDisplaySecret: { + type: "string", + }, + allowFrom: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "array", + items: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + ], + }, + }, + }, + }, + required: ["native", "nativeSkills", "restart", "ownerDisplay"], + additionalProperties: false, + }, + approvals: { + type: "object", + properties: { + exec: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + mode: { + anyOf: [ + { + type: "string", + const: "session", + }, + { + type: "string", + const: "targets", + }, + { + type: "string", + const: "both", + }, + ], + }, + agentFilter: { + type: "array", + items: { + type: "string", + }, + }, + sessionFilter: { + type: "array", + items: { + type: "string", + }, + }, + targets: { + type: "array", + items: { + type: "object", + properties: { + channel: { + type: "string", + minLength: 1, + }, + to: { + type: "string", + minLength: 1, + }, + accountId: { + type: "string", + }, + threadId: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + ], + }, + }, + required: ["channel", "to"], + additionalProperties: false, + }, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + session: { + type: "object", + properties: { + scope: { + anyOf: [ + { + type: "string", + const: "per-sender", + }, + { + type: "string", + const: "global", + }, + ], + }, + dmScope: { + anyOf: [ + { + type: "string", + const: "main", + }, + { + type: "string", + const: "per-peer", + }, + { + type: "string", + const: "per-channel-peer", + }, + { + type: "string", + const: "per-account-channel-peer", + }, + ], + }, + identityLinks: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "array", + items: { + type: "string", + }, + }, + }, + resetTriggers: { + type: "array", + items: { + type: "string", + }, + }, + idleMinutes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + reset: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "daily", + }, + { + type: "string", + const: "idle", + }, + ], + }, + atHour: { + type: "integer", + minimum: 0, + maximum: 23, + }, + idleMinutes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + resetByType: { + type: "object", + properties: { + direct: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "daily", + }, + { + type: "string", + const: "idle", + }, + ], + }, + atHour: { + type: "integer", + minimum: 0, + maximum: 23, + }, + idleMinutes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + dm: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "daily", + }, + { + type: "string", + const: "idle", + }, + ], + }, + atHour: { + type: "integer", + minimum: 0, + maximum: 23, + }, + idleMinutes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + group: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "daily", + }, + { + type: "string", + const: "idle", + }, + ], + }, + atHour: { + type: "integer", + minimum: 0, + maximum: 23, + }, + idleMinutes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + thread: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "daily", + }, + { + type: "string", + const: "idle", + }, + ], + }, + atHour: { + type: "integer", + minimum: 0, + maximum: 23, + }, + idleMinutes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + resetByChannel: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "daily", + }, + { + type: "string", + const: "idle", + }, + ], + }, + atHour: { + type: "integer", + minimum: 0, + maximum: 23, + }, + idleMinutes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + store: { + type: "string", + }, + typingIntervalSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + typingMode: { + anyOf: [ + { + type: "string", + const: "never", + }, + { + type: "string", + const: "instant", + }, + { + type: "string", + const: "thinking", + }, + { + type: "string", + const: "message", + }, + ], + }, + parentForkMaxTokens: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + mainKey: { + type: "string", + }, + sendPolicy: { + type: "object", + properties: { + default: { + anyOf: [ + { + type: "string", + const: "allow", + }, + { + type: "string", + const: "deny", + }, + ], + }, + rules: { + type: "array", + items: { + type: "object", + properties: { + action: { + anyOf: [ + { + type: "string", + const: "allow", + }, + { + type: "string", + const: "deny", + }, + ], + }, + match: { + type: "object", + properties: { + channel: { + type: "string", + }, + chatType: { + anyOf: [ + { + type: "string", + const: "direct", + }, + { + type: "string", + const: "group", + }, + { + type: "string", + const: "channel", + }, + { + type: "string", + const: "dm", + }, + ], + }, + keyPrefix: { + type: "string", + }, + rawKeyPrefix: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + required: ["action"], + additionalProperties: false, + }, + }, + }, + additionalProperties: false, + }, + agentToAgent: { + type: "object", + properties: { + maxPingPongTurns: { + type: "integer", + minimum: 0, + maximum: 5, + }, + }, + additionalProperties: false, + }, + threadBindings: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + idleHours: { + type: "number", + minimum: 0, + }, + maxAgeHours: { + type: "number", + minimum: 0, + }, + }, + additionalProperties: false, + }, + maintenance: { + type: "object", + properties: { + mode: { + type: "string", + enum: ["enforce", "warn"], + }, + pruneAfter: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + ], + }, + pruneDays: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxEntries: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + rotateBytes: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + ], + }, + resetArchiveRetention: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + { + type: "boolean", + const: false, + }, + ], + }, + maxDiskBytes: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + ], + }, + highWaterBytes: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + ], + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + cron: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + store: { + type: "string", + }, + maxConcurrentRuns: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + retry: { + type: "object", + properties: { + maxAttempts: { + type: "integer", + minimum: 0, + maximum: 10, + }, + backoffMs: { + minItems: 1, + maxItems: 10, + type: "array", + items: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + retryOn: { + minItems: 1, + type: "array", + items: { + type: "string", + enum: ["rate_limit", "overloaded", "network", "timeout", "server_error"], + }, + }, + }, + additionalProperties: false, + }, + webhook: { + type: "string", + format: "uri", + }, + webhookToken: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + sessionRetention: { + anyOf: [ + { + type: "string", + }, + { + type: "boolean", + const: false, + }, + ], + }, + runLog: { + type: "object", + properties: { + maxBytes: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + ], + }, + keepLines: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + failureAlert: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + after: { + type: "integer", + minimum: 1, + maximum: 9007199254740991, + }, + cooldownMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + mode: { + type: "string", + enum: ["announce", "webhook"], + }, + accountId: { + type: "string", + }, + }, + additionalProperties: false, + }, + failureDestination: { + type: "object", + properties: { + channel: { + type: "string", + }, + to: { + type: "string", + }, + accountId: { + type: "string", + }, + mode: { + type: "string", + enum: ["announce", "webhook"], + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + hooks: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + path: { + type: "string", + }, + token: { + type: "string", + }, + defaultSessionKey: { + type: "string", + }, + allowRequestSessionKey: { + type: "boolean", + }, + allowedSessionKeyPrefixes: { + type: "array", + items: { + type: "string", + }, + }, + allowedAgentIds: { + type: "array", + items: { + type: "string", + }, + }, + maxBodyBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + presets: { + type: "array", + items: { + type: "string", + }, + }, + transformsDir: { + type: "string", + }, + mappings: { + type: "array", + items: { + type: "object", + properties: { + id: { + type: "string", + }, + match: { + type: "object", + properties: { + path: { + type: "string", + }, + source: { + type: "string", + }, + }, + additionalProperties: false, + }, + action: { + anyOf: [ + { + type: "string", + const: "wake", + }, + { + type: "string", + const: "agent", + }, + ], + }, + wakeMode: { + anyOf: [ + { + type: "string", + const: "now", + }, + { + type: "string", + const: "next-heartbeat", + }, + ], + }, + name: { + type: "string", + }, + agentId: { + type: "string", + }, + sessionKey: { + type: "string", + }, + messageTemplate: { + type: "string", + }, + textTemplate: { + type: "string", + }, + deliver: { + type: "boolean", + }, + allowUnsafeExternalContent: { + type: "boolean", + }, + channel: { + anyOf: [ + { + type: "string", + const: "last", + }, + { + type: "string", + const: "whatsapp", + }, + { + type: "string", + const: "telegram", + }, + { + type: "string", + const: "discord", + }, + { + type: "string", + const: "irc", + }, + { + type: "string", + const: "slack", + }, + { + type: "string", + const: "signal", + }, + { + type: "string", + const: "imessage", + }, + { + type: "string", + const: "msteams", + }, + ], + }, + to: { + type: "string", + }, + model: { + type: "string", + }, + thinking: { + type: "string", + }, + timeoutSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + transform: { + type: "object", + properties: { + module: { + type: "string", + }, + export: { + type: "string", + }, + }, + required: ["module"], + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + }, + gmail: { + type: "object", + properties: { + account: { + type: "string", + }, + label: { + type: "string", + }, + topic: { + type: "string", + }, + subscription: { + type: "string", + }, + pushToken: { + type: "string", + }, + hookUrl: { + type: "string", + }, + includeBody: { + type: "boolean", + }, + maxBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + renewEveryMinutes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + allowUnsafeExternalContent: { + type: "boolean", + }, + serve: { + type: "object", + properties: { + bind: { + type: "string", + }, + port: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + path: { + type: "string", + }, + }, + additionalProperties: false, + }, + tailscale: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "off", + }, + { + type: "string", + const: "serve", + }, + { + type: "string", + const: "funnel", + }, + ], + }, + path: { + type: "string", + }, + target: { + type: "string", + }, + }, + additionalProperties: false, + }, + model: { + type: "string", + }, + thinking: { + anyOf: [ + { + type: "string", + const: "off", + }, + { + type: "string", + const: "minimal", + }, + { + type: "string", + const: "low", + }, + { + type: "string", + const: "medium", + }, + { + type: "string", + const: "high", + }, + ], + }, + }, + additionalProperties: false, + }, + internal: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + handlers: { + type: "array", + items: { + type: "object", + properties: { + event: { + type: "string", + }, + module: { + type: "string", + }, + export: { + type: "string", + }, + }, + required: ["event", "module"], + additionalProperties: false, + }, + }, + entries: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + env: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + }, + additionalProperties: {}, + }, + }, + load: { + type: "object", + properties: { + extraDirs: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + installs: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + properties: { + source: { + anyOf: [ + { + type: "string", + const: "npm", + }, + { + type: "string", + const: "archive", + }, + { + type: "string", + const: "path", + }, + { + type: "string", + const: "clawhub", + }, + ], + }, + spec: { + type: "string", + }, + sourcePath: { + type: "string", + }, + installPath: { + type: "string", + }, + version: { + type: "string", + }, + resolvedName: { + type: "string", + }, + resolvedVersion: { + type: "string", + }, + resolvedSpec: { + type: "string", + }, + integrity: { + type: "string", + }, + shasum: { + type: "string", + }, + resolvedAt: { + type: "string", + }, + installedAt: { + type: "string", + }, + clawhubUrl: { + type: "string", + }, + clawhubPackage: { + type: "string", + }, + clawhubFamily: { + anyOf: [ + { + type: "string", + const: "code-plugin", + }, + { + type: "string", + const: "bundle-plugin", + }, + ], + }, + clawhubChannel: { + anyOf: [ + { + type: "string", + const: "official", + }, + { + type: "string", + const: "community", + }, + { + type: "string", + const: "private", + }, + ], + }, + hooks: { + type: "array", + items: { + type: "string", + }, + }, + }, + required: ["source"], + additionalProperties: false, + }, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + web: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + heartbeatSeconds: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + reconnect: { + type: "object", + properties: { + initialMs: { + type: "number", + exclusiveMinimum: 0, + }, + maxMs: { + type: "number", + exclusiveMinimum: 0, + }, + factor: { + type: "number", + exclusiveMinimum: 0, + }, + jitter: { + type: "number", + minimum: 0, + maximum: 1, + }, + maxAttempts: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + channels: { + type: "object", + properties: {}, + additionalProperties: true, + required: [], + }, + discovery: { + type: "object", + properties: { + wideArea: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + domain: { + type: "string", + }, + }, + additionalProperties: false, + }, + mdns: { + type: "object", + properties: { + mode: { + type: "string", + enum: ["off", "minimal", "full"], + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + canvasHost: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + root: { + type: "string", + }, + port: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + liveReload: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + talk: { + type: "object", + properties: { + provider: { + type: "string", + }, + providers: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + properties: { + voiceId: { + type: "string", + }, + voiceAliases: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + modelId: { + type: "string", + }, + outputFormat: { + type: "string", + }, + apiKey: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + }, + additionalProperties: {}, + }, + }, + voiceId: { + type: "string", + }, + voiceAliases: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + modelId: { + type: "string", + }, + outputFormat: { + type: "string", + }, + apiKey: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + interruptOnSpeech: { + type: "boolean", + }, + silenceTimeoutMs: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + gateway: { + type: "object", + properties: { + port: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + mode: { + anyOf: [ + { + type: "string", + const: "local", + }, + { + type: "string", + const: "remote", + }, + ], + }, + bind: { + anyOf: [ + { + type: "string", + const: "auto", + }, + { + type: "string", + const: "lan", + }, + { + type: "string", + const: "loopback", + }, + { + type: "string", + const: "custom", + }, + { + type: "string", + const: "tailnet", + }, + ], + }, + customBindHost: { + type: "string", + }, + controlUi: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + basePath: { + type: "string", + }, + root: { + type: "string", + }, + allowedOrigins: { + type: "array", + items: { + type: "string", + }, + }, + dangerouslyAllowHostHeaderOriginFallback: { + type: "boolean", + }, + allowInsecureAuth: { + type: "boolean", + }, + dangerouslyDisableDeviceAuth: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + auth: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "none", + }, + { + type: "string", + const: "token", + }, + { + type: "string", + const: "password", + }, + { + type: "string", + const: "trusted-proxy", + }, + ], + }, + token: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + password: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + allowTailscale: { + type: "boolean", + }, + rateLimit: { + type: "object", + properties: { + maxAttempts: { + type: "number", + }, + windowMs: { + type: "number", + }, + lockoutMs: { + type: "number", + }, + exemptLoopback: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + trustedProxy: { + type: "object", + properties: { + userHeader: { + type: "string", + minLength: 1, + }, + requiredHeaders: { + type: "array", + items: { + type: "string", + }, + }, + allowUsers: { + type: "array", + items: { + type: "string", + }, + }, + }, + required: ["userHeader"], + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + trustedProxies: { + type: "array", + items: { + type: "string", + }, + }, + allowRealIpFallback: { + type: "boolean", + }, + tools: { + type: "object", + properties: { + deny: { + type: "array", + items: { + type: "string", + }, + }, + allow: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + channelHealthCheckMinutes: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + channelStaleEventThresholdMinutes: { + type: "integer", + minimum: 1, + maximum: 9007199254740991, + }, + channelMaxRestartsPerHour: { + type: "integer", + minimum: 1, + maximum: 9007199254740991, + }, + tailscale: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "off", + }, + { + type: "string", + const: "serve", + }, + { + type: "string", + const: "funnel", + }, + ], + }, + resetOnExit: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + remote: { + type: "object", + properties: { + url: { + type: "string", + }, + transport: { + anyOf: [ + { + type: "string", + const: "ssh", + }, + { + type: "string", + const: "direct", + }, + ], + }, + token: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + password: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + tlsFingerprint: { + type: "string", + }, + sshTarget: { + type: "string", + }, + sshIdentity: { + type: "string", + }, + }, + additionalProperties: false, + }, + reload: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "off", + }, + { + type: "string", + const: "restart", + }, + { + type: "string", + const: "hot", + }, + { + type: "string", + const: "hybrid", + }, + ], + }, + debounceMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + deferralTimeoutMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + tls: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + autoGenerate: { + type: "boolean", + }, + certPath: { + type: "string", + }, + keyPath: { + type: "string", + }, + caPath: { + type: "string", + }, + }, + additionalProperties: false, + }, + http: { + type: "object", + properties: { + endpoints: { + type: "object", + properties: { + chatCompletions: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + maxBodyBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxImageParts: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + maxTotalImageBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + images: { + type: "object", + properties: { + allowUrl: { + type: "boolean", + }, + urlAllowlist: { + type: "array", + items: { + type: "string", + }, + }, + allowedMimes: { + type: "array", + items: { + type: "string", + }, + }, + maxBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxRedirects: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + timeoutMs: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + responses: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + maxBodyBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxUrlParts: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + files: { + type: "object", + properties: { + allowUrl: { + type: "boolean", + }, + urlAllowlist: { + type: "array", + items: { + type: "string", + }, + }, + allowedMimes: { + type: "array", + items: { + type: "string", + }, + }, + maxBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxRedirects: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + timeoutMs: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + pdf: { + type: "object", + properties: { + maxPages: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxPixels: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + minTextChars: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + images: { + type: "object", + properties: { + allowUrl: { + type: "boolean", + }, + urlAllowlist: { + type: "array", + items: { + type: "string", + }, + }, + allowedMimes: { + type: "array", + items: { + type: "string", + }, + }, + maxBytes: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxRedirects: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + timeoutMs: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + securityHeaders: { + type: "object", + properties: { + strictTransportSecurity: { + anyOf: [ + { + type: "string", + }, + { + type: "boolean", + const: false, + }, + ], + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + push: { + type: "object", + properties: { + apns: { + type: "object", + properties: { + relay: { + type: "object", + properties: { + baseUrl: { + type: "string", + }, + timeoutMs: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + nodes: { + type: "object", + properties: { + browser: { + type: "object", + properties: { + mode: { + anyOf: [ + { + type: "string", + const: "auto", + }, + { + type: "string", + const: "manual", + }, + { + type: "string", + const: "off", + }, + ], + }, + node: { + type: "string", + }, + }, + additionalProperties: false, + }, + allowCommands: { + type: "array", + items: { + type: "string", + }, + }, + denyCommands: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + memory: { + type: "object", + properties: { + backend: { + anyOf: [ + { + type: "string", + const: "builtin", + }, + { + type: "string", + const: "qmd", + }, + ], + }, + citations: { + anyOf: [ + { + type: "string", + const: "auto", + }, + { + type: "string", + const: "on", + }, + { + type: "string", + const: "off", + }, + ], + }, + qmd: { + type: "object", + properties: { + command: { + type: "string", + }, + mcporter: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + serverName: { + type: "string", + }, + startDaemon: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + searchMode: { + anyOf: [ + { + type: "string", + const: "query", + }, + { + type: "string", + const: "search", + }, + { + type: "string", + const: "vsearch", + }, + ], + }, + includeDefaultMemory: { + type: "boolean", + }, + paths: { + type: "array", + items: { + type: "object", + properties: { + path: { + type: "string", + }, + name: { + type: "string", + }, + pattern: { + type: "string", + }, + }, + required: ["path"], + additionalProperties: false, + }, + }, + sessions: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + exportDir: { + type: "string", + }, + retentionDays: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + update: { + type: "object", + properties: { + interval: { + type: "string", + }, + debounceMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + onBoot: { + type: "boolean", + }, + waitForBootSync: { + type: "boolean", + }, + embedInterval: { + type: "string", + }, + commandTimeoutMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + updateTimeoutMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + embedTimeoutMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + limits: { + type: "object", + properties: { + maxResults: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxSnippetChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + maxInjectedChars: { + type: "integer", + exclusiveMinimum: 0, + maximum: 9007199254740991, + }, + timeoutMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + scope: { + type: "object", + properties: { + default: { + anyOf: [ + { + type: "string", + const: "allow", + }, + { + type: "string", + const: "deny", + }, + ], + }, + rules: { + type: "array", + items: { + type: "object", + properties: { + action: { + anyOf: [ + { + type: "string", + const: "allow", + }, + { + type: "string", + const: "deny", + }, + ], + }, + match: { + type: "object", + properties: { + channel: { + type: "string", + }, + chatType: { + anyOf: [ + { + type: "string", + const: "direct", + }, + { + type: "string", + const: "group", + }, + { + type: "string", + const: "channel", + }, + { + type: "string", + const: "dm", + }, + ], + }, + keyPrefix: { + type: "string", + }, + rawKeyPrefix: { + type: "string", + }, + }, + additionalProperties: false, + }, + }, + required: ["action"], + additionalProperties: false, + }, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + }, + additionalProperties: false, + }, + mcp: { + type: "object", + properties: { + servers: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + properties: { + command: { + type: "string", + }, + args: { + type: "array", + items: { + type: "string", + }, + }, + env: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + anyOf: [ + { + type: "string", + }, + { + type: "number", + }, + { + type: "boolean", + }, + ], + }, + }, + cwd: { + type: "string", + }, + workingDirectory: { + type: "string", + }, + url: { + type: "string", + format: "uri", + }, + }, + additionalProperties: {}, + }, + }, + }, + additionalProperties: false, + }, + skills: { + type: "object", + properties: { + allowBundled: { + type: "array", + items: { + type: "string", + }, + }, + load: { + type: "object", + properties: { + extraDirs: { + type: "array", + items: { + type: "string", + }, + }, + watch: { + type: "boolean", + }, + watchDebounceMs: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + install: { + type: "object", + properties: { + preferBrew: { + type: "boolean", + }, + nodeManager: { + anyOf: [ + { + type: "string", + const: "npm", + }, + { + type: "string", + const: "pnpm", + }, + { + type: "string", + const: "yarn", + }, + { + type: "string", + const: "bun", + }, + ], + }, + }, + additionalProperties: false, + }, + limits: { + type: "object", + properties: { + maxCandidatesPerRoot: { + type: "integer", + minimum: 1, + maximum: 9007199254740991, + }, + maxSkillsLoadedPerSource: { + type: "integer", + minimum: 1, + maximum: 9007199254740991, + }, + maxSkillsInPrompt: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + maxSkillsPromptChars: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + maxSkillFileBytes: { + type: "integer", + minimum: 0, + maximum: 9007199254740991, + }, + }, + additionalProperties: false, + }, + entries: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + apiKey: { + anyOf: [ + { + type: "string", + }, + { + oneOf: [ + { + type: "object", + properties: { + source: { + type: "string", + const: "env", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + pattern: "^[A-Z][A-Z0-9_]{0,127}$", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "file", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + { + type: "object", + properties: { + source: { + type: "string", + const: "exec", + }, + provider: { + type: "string", + pattern: "^[a-z][a-z0-9_-]{0,63}$", + }, + id: { + type: "string", + }, + }, + required: ["source", "provider", "id"], + additionalProperties: false, + }, + ], + }, + ], + }, + env: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "string", + }, + }, + config: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: {}, + }, + }, + additionalProperties: false, + }, + }, + }, + additionalProperties: false, + }, + plugins: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + allow: { + type: "array", + items: { + type: "string", + }, + }, + deny: { + type: "array", + items: { + type: "string", + }, + }, + load: { + type: "object", + properties: { + paths: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + slots: { + type: "object", + properties: { + memory: { + type: "string", + }, + contextEngine: { + type: "string", + }, + }, + additionalProperties: false, + }, + entries: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + properties: { + enabled: { + type: "boolean", + }, + hooks: { + type: "object", + properties: { + allowPromptInjection: { + type: "boolean", + }, + }, + additionalProperties: false, + }, + subagent: { + type: "object", + properties: { + allowModelOverride: { + type: "boolean", + }, + allowedModels: { + type: "array", + items: { + type: "string", + }, + }, + }, + additionalProperties: false, + }, + config: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: {}, + }, + }, + additionalProperties: false, + }, + }, + installs: { + type: "object", + propertyNames: { + type: "string", + }, + additionalProperties: { + type: "object", + properties: { + source: { + anyOf: [ + { + anyOf: [ + { + type: "string", + const: "npm", + }, + { + type: "string", + const: "archive", + }, + { + type: "string", + const: "path", + }, + { + type: "string", + const: "clawhub", + }, + ], + }, + { + type: "string", + const: "marketplace", + }, + ], + }, + spec: { + type: "string", + }, + sourcePath: { + type: "string", + }, + installPath: { + type: "string", + }, + version: { + type: "string", + }, + resolvedName: { + type: "string", + }, + resolvedVersion: { + type: "string", + }, + resolvedSpec: { + type: "string", + }, + integrity: { + type: "string", + }, + shasum: { + type: "string", + }, + resolvedAt: { + type: "string", + }, + installedAt: { + type: "string", + }, + clawhubUrl: { + type: "string", + }, + clawhubPackage: { + type: "string", + }, + clawhubFamily: { + anyOf: [ + { + type: "string", + const: "code-plugin", + }, + { + type: "string", + const: "bundle-plugin", + }, + ], + }, + clawhubChannel: { + anyOf: [ + { + type: "string", + const: "official", + }, + { + type: "string", + const: "community", + }, + { + type: "string", + const: "private", + }, + ], + }, + marketplaceName: { + type: "string", + }, + marketplaceSource: { + type: "string", + }, + marketplacePlugin: { + type: "string", + }, + }, + required: ["source"], + additionalProperties: false, + }, + }, + }, + additionalProperties: false, + }, + }, + required: ["commands"], + additionalProperties: false, + title: "OpenClawConfig", + }, + uiHints: { + wizard: { + label: "Setup Wizard State", + group: "Wizard", + order: 20, + help: "Setup wizard state tracking fields that record the most recent guided setup run details. Keep these fields for observability and troubleshooting of setup flows across upgrades.", + tags: ["advanced"], + }, + update: { + label: "Updates", + group: "Update", + order: 25, + help: "Update-channel and startup-check behavior for keeping OpenClaw runtime versions current. Use conservative channels in production and more experimental channels only in controlled environments.", + tags: ["advanced"], + }, + cli: { + label: "CLI", + group: "CLI", + order: 26, + help: "CLI presentation controls for local command output behavior such as banner and tagline style. Use this section to keep startup output aligned with operator preference without changing runtime behavior.", + tags: ["advanced"], + }, + diagnostics: { + label: "Diagnostics", + group: "Diagnostics", + order: 27, + help: "Diagnostics controls for targeted tracing, telemetry export, and cache inspection during debugging. Keep baseline diagnostics minimal in production and enable deeper signals only when investigating issues.", + tags: ["observability"], + }, + logging: { + label: "Logging", + group: "Logging", + order: 900, + help: "Logging behavior controls for severity, output destinations, formatting, and sensitive-data redaction. Keep levels and redaction strict enough for production while preserving useful diagnostics.", + tags: ["advanced"], + }, + gateway: { + label: "Gateway", + group: "Gateway", + order: 30, + help: "Gateway runtime surface for bind mode, auth, control UI, remote transport, and operational safety controls. Keep conservative defaults unless you intentionally expose the gateway beyond trusted local interfaces.", + tags: ["advanced"], + }, + nodeHost: { + label: "Node Host", + group: "Node Host", + order: 35, + help: "Node host controls for features exposed from this gateway node to other nodes or clients. Keep defaults unless you intentionally proxy local capabilities across your node network.", + tags: ["advanced"], + }, + agents: { + label: "Agents", + group: "Agents", + order: 40, + help: "Agent runtime configuration root covering defaults and explicit agent entries used for routing and execution context. Keep this section explicit so model/tool behavior stays predictable across multi-agent workflows.", + tags: ["advanced"], + }, + tools: { + label: "Tools", + group: "Tools", + order: 50, + help: "Global tool access policy and capability configuration across web, exec, media, messaging, and elevated surfaces. Use this section to constrain risky capabilities before broad rollout.", + tags: ["advanced"], + }, + bindings: { + label: "Bindings", + group: "Bindings", + order: 55, + help: "Top-level binding rules for routing and persistent ACP conversation ownership. Use type=route for normal routing and type=acp for persistent ACP harness bindings.", + tags: ["advanced"], + }, + audio: { + label: "Audio", + group: "Audio", + order: 60, + help: "Global audio ingestion settings used before higher-level tools process speech or media content. Configure this when you need deterministic transcription behavior for voice notes and clips.", + tags: ["advanced"], + }, + models: { + label: "Models", + group: "Models", + order: 70, + help: "Model catalog root for provider definitions, merge/replace behavior, and optional Bedrock discovery integration. Keep provider definitions explicit and validated before relying on production failover paths.", + tags: ["models"], + }, + messages: { + label: "Messages", + group: "Messages", + order: 80, + help: "Message formatting, acknowledgment, queueing, debounce, and status reaction behavior for inbound/outbound chat flows. Use this section when channel responsiveness or message UX needs adjustment.", + tags: ["advanced"], + }, + commands: { + label: "Commands", + group: "Commands", + order: 85, + help: "Controls chat command surfaces, owner gating, and elevated command access behavior across providers. Keep defaults unless you need stricter operator controls or broader command availability.", + tags: ["advanced"], + }, + session: { + label: "Session", + group: "Session", + order: 90, + help: "Global session routing, reset, delivery policy, and maintenance controls for conversation history behavior. Keep defaults unless you need stricter isolation, retention, or delivery constraints.", + tags: ["storage"], + }, + cron: { + label: "Cron", + group: "Cron", + order: 100, + help: "Global scheduler settings for stored cron jobs, run concurrency, delivery fallback, and run-session retention. Keep defaults unless you are scaling job volume or integrating external webhook receivers.", + tags: ["automation"], + }, + hooks: { + label: "Hooks", + group: "Hooks", + order: 110, + help: "Inbound webhook automation surface for mapping external events into wake or agent actions in OpenClaw. Keep this locked down with explicit token/session/agent controls before exposing it beyond trusted networks.", + tags: ["advanced"], + }, + ui: { + label: "UI", + group: "UI", + order: 120, + help: "UI presentation settings for accenting and assistant identity shown in control surfaces. Use this for branding and readability customization without changing runtime behavior.", + tags: ["advanced"], + }, + browser: { + label: "Browser", + group: "Browser", + order: 130, + help: "Browser runtime controls for local or remote CDP attachment, profile routing, and screenshot/snapshot behavior. Keep defaults unless your automation workflow requires custom browser transport settings.", + tags: ["advanced"], + }, + talk: { + label: "Talk", + group: "Talk", + order: 140, + help: "Talk-mode voice synthesis settings for voice identity, model selection, output format, and interruption behavior. Use this section to tune human-facing voice UX while controlling latency and cost.", + tags: ["advanced"], + }, + channels: { + label: "Channels", + group: "Messaging Channels", + order: 150, + help: "Channel provider configurations plus shared defaults that control access policies, heartbeat visibility, and per-surface behavior. Keep defaults centralized and override per provider only where required.", + tags: ["advanced"], + }, + skills: { + label: "Skills", + group: "Skills", + order: 200, + tags: ["advanced"], + }, + plugins: { + label: "Plugins", + group: "Plugins", + order: 205, + help: "Plugin system controls for enabling extensions, constraining load scope, configuring entries, and tracking installs. Keep plugin policy explicit and least-privilege in production environments.", + tags: ["advanced"], + }, + discovery: { + label: "Discovery", + group: "Discovery", + order: 210, + help: "Service discovery settings for local mDNS advertisement and optional wide-area presence signaling. Keep discovery scoped to expected networks to avoid leaking service metadata.", + tags: ["advanced"], + }, + presence: { + label: "Presence", + group: "Presence", + order: 220, + tags: ["advanced"], + }, + voicewake: { + label: "Voice Wake", + group: "Voice Wake", + order: 230, + tags: ["advanced"], + }, + meta: { + label: "Metadata", + help: "Metadata fields automatically maintained by OpenClaw to record write/version history for this config file. Keep these values system-managed and avoid manual edits unless debugging migration history.", + tags: ["advanced"], + }, + "meta.lastTouchedVersion": { + label: "Config Last Touched Version", + help: "Auto-set when OpenClaw writes the config.", + tags: ["media"], + }, + "meta.lastTouchedAt": { + label: "Config Last Touched At", + help: "ISO timestamp of the last config write (auto-set).", + tags: ["media"], + }, + env: { + label: "Environment", + help: "Environment import and override settings used to supply runtime variables to the gateway process. Use this section to control shell-env loading and explicit variable injection behavior.", + tags: ["advanced"], + }, + "env.shellEnv": { + label: "Shell Environment Import", + help: "Shell environment import controls for loading variables from your login shell during startup. Keep this enabled when you depend on profile-defined secrets or PATH customizations.", + tags: ["advanced"], + }, + "env.shellEnv.enabled": { + label: "Shell Environment Import Enabled", + help: "Enables loading environment variables from the user shell profile during startup initialization. Keep enabled for developer machines, or disable in locked-down service environments with explicit env management.", + tags: ["advanced"], + }, + "env.shellEnv.timeoutMs": { + label: "Shell Environment Import Timeout (ms)", + help: "Maximum time in milliseconds allowed for shell environment resolution before fallback behavior applies. Use tighter timeouts for faster startup, or increase when shell initialization is heavy.", + tags: ["performance"], + }, + "env.vars": { + label: "Environment Variable Overrides", + help: "Explicit key/value environment variable overrides merged into runtime process environment for OpenClaw. Use this for deterministic env configuration instead of relying only on shell profile side effects.", + tags: ["advanced"], + }, + "wizard.lastRunAt": { + label: "Wizard Last Run Timestamp", + help: "ISO timestamp for when the setup wizard most recently completed on this host. Use this to confirm setup recency during support and operational audits.", + tags: ["advanced"], + }, + "wizard.lastRunVersion": { + label: "Wizard Last Run Version", + help: "OpenClaw version recorded at the time of the most recent wizard run on this config. Use this when diagnosing behavior differences across version-to-version setup changes.", + tags: ["advanced"], + }, + "wizard.lastRunCommit": { + label: "Wizard Last Run Commit", + help: "Source commit identifier recorded for the last wizard execution in development builds. Use this to correlate setup behavior with exact source state during debugging.", + tags: ["advanced"], + }, + "wizard.lastRunCommand": { + label: "Wizard Last Run Command", + help: "Command invocation recorded for the latest wizard run to preserve execution context. Use this to reproduce setup steps when verifying setup regressions.", + tags: ["advanced"], + }, + "wizard.lastRunMode": { + label: "Wizard Last Run Mode", + help: 'Wizard execution mode recorded as "local" or "remote" for the most recent setup flow. Use this to understand whether setup targeted direct local runtime or remote gateway topology.', + tags: ["advanced"], + }, + "diagnostics.otel": { + label: "OpenTelemetry", + help: "OpenTelemetry export settings for traces, metrics, and logs emitted by gateway components. Use this when integrating with centralized observability backends and distributed tracing pipelines.", + tags: ["observability"], + }, + "diagnostics.cacheTrace": { + label: "Cache Trace", + help: "Cache-trace logging settings for observing cache decisions and payload context in embedded runs. Enable this temporarily for debugging and disable afterward to reduce sensitive log footprint.", + tags: ["observability", "storage"], + }, + "logging.level": { + label: "Log Level", + help: 'Primary log level threshold for runtime logger output: "silent", "fatal", "error", "warn", "info", "debug", or "trace". Keep "info" or "warn" for production, and use debug/trace only during investigation.', + tags: ["observability"], + }, + "logging.file": { + label: "Log File Path", + help: "Optional file path for persisted log output in addition to or instead of console logging. Use a managed writable path and align retention/rotation with your operational policy.", + tags: ["observability", "storage"], + }, + "logging.consoleLevel": { + label: "Console Log Level", + help: 'Console-specific log threshold: "silent", "fatal", "error", "warn", "info", "debug", or "trace" for terminal output control. Use this to keep local console quieter while retaining richer file logging if needed.', + tags: ["observability"], + }, + "logging.consoleStyle": { + label: "Console Log Style", + help: 'Console output format style: "pretty", "compact", or "json" based on operator and ingestion needs. Use json for machine parsing pipelines and pretty/compact for human-first terminal workflows.', + tags: ["observability"], + }, + "logging.redactSensitive": { + label: "Sensitive Data Redaction Mode", + help: 'Sensitive redaction mode: "off" disables built-in masking, while "tools" redacts sensitive tool/config payload fields. Keep "tools" in shared logs unless you have isolated secure log sinks.', + tags: ["privacy", "observability"], + }, + "logging.redactPatterns": { + label: "Custom Redaction Patterns", + help: "Additional custom redact regex patterns applied to log output before emission/storage. Use this to mask org-specific tokens and identifiers not covered by built-in redaction rules.", + tags: ["privacy", "observability"], + }, + "cli.banner": { + label: "CLI Banner", + help: "CLI startup banner controls for title/version line and tagline style behavior. Keep banner enabled for fast version/context checks, then tune tagline mode to your preferred noise level.", + tags: ["advanced"], + }, + "cli.banner.taglineMode": { + label: "CLI Banner Tagline Mode", + help: 'Controls tagline style in the CLI startup banner: "random" (default) picks from the rotating tagline pool, "default" always shows the neutral default tagline, and "off" hides tagline text while keeping the banner version line.', + tags: ["advanced"], + }, + "update.channel": { + label: "Update Channel", + help: 'Update channel for git + npm installs ("stable", "beta", or "dev").', + tags: ["advanced"], + }, + "update.checkOnStart": { + label: "Update Check on Start", + help: "Check for npm updates when the gateway starts (default: true).", + tags: ["automation"], + }, + "update.auto.enabled": { + label: "Auto Update Enabled", + help: "Enable background auto-update for package installs (default: false).", + tags: ["advanced"], + }, + "update.auto.stableDelayHours": { + label: "Auto Update Stable Delay (hours)", + help: "Minimum delay before stable-channel auto-apply starts (default: 6).", + tags: ["advanced"], + }, + "update.auto.stableJitterHours": { + label: "Auto Update Stable Jitter (hours)", + help: "Extra stable-channel rollout spread window in hours (default: 12).", + tags: ["advanced"], + }, + "update.auto.betaCheckIntervalHours": { + label: "Auto Update Beta Check Interval (hours)", + help: "How often beta-channel checks run in hours (default: 1).", + tags: ["performance"], + }, + "diagnostics.enabled": { + label: "Diagnostics Enabled", + help: "Master toggle for diagnostics instrumentation output in logs and telemetry wiring paths. Keep enabled for normal observability, and disable only in tightly constrained environments.", + tags: ["observability"], + }, + "diagnostics.flags": { + label: "Diagnostics Flags", + help: 'Enable targeted diagnostics logs by flag (e.g. ["telegram.http"]). Supports wildcards like "telegram.*" or "*".', + tags: ["observability"], + }, + "diagnostics.stuckSessionWarnMs": { + label: "Stuck Session Warning Threshold (ms)", + help: "Age threshold in milliseconds for emitting stuck-session warnings while a session remains in processing state. Increase for long multi-tool turns to reduce false positives; decrease for faster hang detection.", + tags: ["observability", "storage"], + }, + "diagnostics.otel.enabled": { + label: "OpenTelemetry Enabled", + help: "Enables OpenTelemetry export pipeline for traces, metrics, and logs based on configured endpoint/protocol settings. Keep disabled unless your collector endpoint and auth are fully configured.", + tags: ["observability"], + }, + "diagnostics.otel.endpoint": { + label: "OpenTelemetry Endpoint", + help: "Collector endpoint URL used for OpenTelemetry export transport, including scheme and port. Use a reachable, trusted collector endpoint and monitor ingestion errors after rollout.", + tags: ["observability"], + }, + "diagnostics.otel.protocol": { + label: "OpenTelemetry Protocol", + help: 'OTel transport protocol for telemetry export: "http/protobuf" or "grpc" depending on collector support. Use the protocol your observability backend expects to avoid dropped telemetry payloads.', + tags: ["observability"], + }, + "diagnostics.otel.headers": { + label: "OpenTelemetry Headers", + help: "Additional HTTP/gRPC metadata headers sent with OpenTelemetry export requests, often used for tenant auth or routing. Keep secrets in env-backed values and avoid unnecessary header sprawl.", + tags: ["observability"], + }, + "diagnostics.otel.serviceName": { + label: "OpenTelemetry Service Name", + help: "Service name reported in telemetry resource attributes to identify this gateway instance in observability backends. Use stable names so dashboards and alerts remain consistent over deployments.", + tags: ["observability"], + }, + "diagnostics.otel.traces": { + label: "OpenTelemetry Traces Enabled", + help: "Enable trace signal export to the configured OpenTelemetry collector endpoint. Keep enabled when latency/debug tracing is needed, and disable if you only want metrics/logs.", + tags: ["observability"], + }, + "diagnostics.otel.metrics": { + label: "OpenTelemetry Metrics Enabled", + help: "Enable metrics signal export to the configured OpenTelemetry collector endpoint. Keep enabled for runtime health dashboards, and disable only if metric volume must be minimized.", + tags: ["observability"], + }, + "diagnostics.otel.logs": { + label: "OpenTelemetry Logs Enabled", + help: "Enable log signal export through OpenTelemetry in addition to local logging sinks. Use this when centralized log correlation is required across services and agents.", + tags: ["observability"], + }, + "diagnostics.otel.sampleRate": { + label: "OpenTelemetry Trace Sample Rate", + help: "Trace sampling rate (0-1) controlling how much trace traffic is exported to observability backends. Lower rates reduce overhead/cost, while higher rates improve debugging fidelity.", + tags: ["observability"], + }, + "diagnostics.otel.flushIntervalMs": { + label: "OpenTelemetry Flush Interval (ms)", + help: "Interval in milliseconds for periodic telemetry flush from buffers to the collector. Increase to reduce export chatter, or lower for faster visibility during active incident response.", + tags: ["observability", "performance"], + }, + "diagnostics.cacheTrace.enabled": { + label: "Cache Trace Enabled", + help: "Log cache trace snapshots for embedded agent runs (default: false).", + tags: ["observability", "storage"], + }, + "diagnostics.cacheTrace.filePath": { + label: "Cache Trace File Path", + help: "JSONL output path for cache trace logs (default: $OPENCLAW_STATE_DIR/logs/cache-trace.jsonl).", + tags: ["observability", "storage"], + }, + "diagnostics.cacheTrace.includeMessages": { + label: "Cache Trace Include Messages", + help: "Include full message payloads in trace output (default: true).", + tags: ["observability", "storage"], + }, + "diagnostics.cacheTrace.includePrompt": { + label: "Cache Trace Include Prompt", + help: "Include prompt text in trace output (default: true).", + tags: ["observability", "storage"], + }, + "diagnostics.cacheTrace.includeSystem": { + label: "Cache Trace Include System", + help: "Include system prompt in trace output (default: true).", + tags: ["observability", "storage"], + }, + "agents.list.*.identity.avatar": { + label: "Identity Avatar", + help: "Agent avatar (workspace-relative path, http(s) URL, or data URI).", + tags: ["advanced"], + }, + "agents.list.*.skills": { + label: "Agent Skill Filter", + help: "Optional allowlist of skills for this agent (omit = all skills; empty = no skills).", + tags: ["advanced"], + }, + "agents.list[].runtime": { + label: "Agent Runtime", + help: "Optional runtime descriptor for this agent. Use embedded for default OpenClaw execution or acp for external ACP harness defaults.", + tags: ["advanced"], + }, + "agents.list[].runtime.type": { + label: "Agent Runtime Type", + help: 'Runtime type for this agent: "embedded" (default OpenClaw runtime) or "acp" (ACP harness defaults).', + tags: ["advanced"], + }, + "agents.list[].runtime.acp": { + label: "Agent ACP Runtime", + help: "ACP runtime defaults for this agent when runtime.type=acp. Binding-level ACP overrides still take precedence per conversation.", + tags: ["advanced"], + }, + "agents.list[].runtime.acp.agent": { + label: "Agent ACP Harness Agent", + help: "Optional ACP harness agent id to use for this OpenClaw agent (for example codex, claude).", + tags: ["advanced"], + }, + "agents.list[].runtime.acp.backend": { + label: "Agent ACP Backend", + help: "Optional ACP backend override for this agent's ACP sessions (falls back to global acp.backend).", + tags: ["advanced"], + }, + "agents.list[].runtime.acp.mode": { + label: "Agent ACP Mode", + help: "Optional ACP session mode default for this agent (persistent or oneshot).", + tags: ["advanced"], + }, + "agents.list[].runtime.acp.cwd": { + label: "Agent ACP Working Directory", + help: "Optional default working directory for this agent's ACP sessions.", + tags: ["advanced"], + }, + "agents.list[].thinkingDefault": { + label: "Agent Thinking Default", + help: "Optional per-agent default thinking level. Overrides agents.defaults.thinkingDefault for this agent when no per-message or session override is set.", + tags: ["advanced"], + }, + "agents.list[].reasoningDefault": { + label: "Agent Reasoning Default", + help: "Optional per-agent default reasoning visibility (on|off|stream). Applies when no per-message or session reasoning override is set.", + tags: ["advanced"], + }, + "agents.list[].fastModeDefault": { + label: "Agent Fast Mode Default", + help: "Optional per-agent default for fast mode. Applies when no per-message or session fast-mode override is set.", + tags: ["advanced"], + }, + "agents.defaults": { + label: "Agent Defaults", + help: "Shared default settings inherited by agents unless overridden per entry in agents.list. Use defaults to enforce consistent baseline behavior and reduce duplicated per-agent configuration.", + tags: ["advanced"], + }, + "agents.list": { + label: "Agent List", + help: "Explicit list of configured agents with IDs and optional overrides for model, tools, identity, and workspace. Keep IDs stable over time so bindings, approvals, and session routing remain deterministic.", + tags: ["advanced"], + }, + "gateway.port": { + label: "Gateway Port", + help: "TCP port used by the gateway listener for API, control UI, and channel-facing ingress paths. Use a dedicated port and avoid collisions with reverse proxies or local developer services.", + tags: ["network"], + }, + "gateway.mode": { + label: "Gateway Mode", + help: 'Gateway operation mode: "local" runs channels and agent runtime on this host, while "remote" connects through remote transport. Keep "local" unless you intentionally run a split remote gateway topology.', + tags: ["network"], + }, + "gateway.bind": { + label: "Gateway Bind Mode", + help: 'Network bind profile: "auto", "lan", "loopback", "custom", or "tailnet" to control interface exposure. Keep "loopback" or "auto" for safest local operation unless external clients must connect.', + tags: ["network"], + }, + "gateway.customBindHost": { + label: "Gateway Custom Bind Host", + help: "Explicit bind host/IP used when gateway.bind is set to custom for manual interface targeting. Use a precise address and avoid wildcard binds unless external exposure is required.", + tags: ["network"], + }, + "gateway.controlUi": { + label: "Control UI", + help: "Control UI hosting settings including enablement, pathing, and browser-origin/auth hardening behavior. Keep UI exposure minimal and pair with strong auth controls before internet-facing deployments.", + tags: ["network"], + }, + "gateway.controlUi.enabled": { + label: "Control UI Enabled", + help: "Enables serving the gateway Control UI from the gateway HTTP process when true. Keep enabled for local administration, and disable when an external control surface replaces it.", + tags: ["network"], + }, + "gateway.auth": { + label: "Gateway Auth", + help: "Authentication policy for gateway HTTP/WebSocket access including mode, credentials, trusted-proxy behavior, and rate limiting. Keep auth enabled for every non-loopback deployment.", + tags: ["network"], + }, + "gateway.auth.mode": { + label: "Gateway Auth Mode", + help: 'Gateway auth mode: "none", "token", "password", or "trusted-proxy" depending on your edge architecture. Use token/password for direct exposure, and trusted-proxy only behind hardened identity-aware proxies.', + tags: ["network"], + }, + "gateway.auth.allowTailscale": { + label: "Gateway Auth Allow Tailscale Identity", + help: "Allows trusted Tailscale identity paths to satisfy gateway auth checks when configured. Use this only when your tailnet identity posture is strong and operator workflows depend on it.", + tags: ["access", "network"], + }, + "gateway.auth.rateLimit": { + label: "Gateway Auth Rate Limit", + help: "Login/auth attempt throttling controls to reduce credential brute-force risk at the gateway boundary. Keep enabled in exposed environments and tune thresholds to your traffic baseline.", + tags: ["network", "performance"], + }, + "gateway.auth.trustedProxy": { + label: "Gateway Trusted Proxy Auth", + help: "Trusted-proxy auth header mapping for upstream identity providers that inject user claims. Use only with known proxy CIDRs and strict header allowlists to prevent spoofed identity headers.", + tags: ["network"], + }, + "gateway.trustedProxies": { + label: "Gateway Trusted Proxy CIDRs", + help: "CIDR/IP allowlist of upstream proxies permitted to provide forwarded client identity headers. Keep this list narrow so untrusted hops cannot impersonate users.", + tags: ["network"], + }, + "gateway.allowRealIpFallback": { + label: "Gateway Allow x-real-ip Fallback", + help: "Enables x-real-ip fallback when x-forwarded-for is missing in proxy scenarios. Keep disabled unless your ingress stack requires this compatibility behavior.", + tags: ["access", "network", "reliability"], + }, + "gateway.tools": { + label: "Gateway Tool Exposure Policy", + help: "Gateway-level tool exposure allow/deny policy that can restrict runtime tool availability independent of agent/tool profiles. Use this for coarse emergency controls and production hardening.", + tags: ["network"], + }, + "gateway.tools.allow": { + label: "Gateway Tool Allowlist", + help: "Explicit gateway-level tool allowlist when you want a narrow set of tools available at runtime. Use this for locked-down environments where tool scope must be tightly controlled.", + tags: ["access", "network"], + }, + "gateway.tools.deny": { + label: "Gateway Tool Denylist", + help: "Explicit gateway-level tool denylist to block risky tools even if lower-level policies allow them. Use deny rules for emergency response and defense-in-depth hardening.", + tags: ["access", "network"], + }, + "gateway.channelHealthCheckMinutes": { + label: "Gateway Channel Health Check Interval (min)", + help: "Interval in minutes for automatic channel health probing and status updates. Use lower intervals for faster detection, or higher intervals to reduce periodic probe noise.", + tags: ["network", "reliability"], + }, + "gateway.channelStaleEventThresholdMinutes": { + label: "Gateway Channel Stale Event Threshold (min)", + help: "How many minutes a connected channel can go without receiving any event before the health monitor treats it as a stale socket and triggers a restart. Default: 30.", + tags: ["network"], + }, + "gateway.channelMaxRestartsPerHour": { + label: "Gateway Channel Max Restarts Per Hour", + help: "Maximum number of health-monitor-initiated channel restarts allowed within a rolling one-hour window. Once hit, further restarts are skipped until the window expires. Default: 10.", + tags: ["network", "performance"], + }, + "gateway.tailscale": { + label: "Gateway Tailscale", + help: "Tailscale integration settings for Serve/Funnel exposure and lifecycle handling on gateway start/exit. Keep off unless your deployment intentionally relies on Tailscale ingress.", + tags: ["network"], + }, + "gateway.tailscale.mode": { + label: "Gateway Tailscale Mode", + help: 'Tailscale publish mode: "off", "serve", or "funnel" for private or public exposure paths. Use "serve" for tailnet-only access and "funnel" only when public internet reachability is required.', + tags: ["network"], + }, + "gateway.tailscale.resetOnExit": { + label: "Gateway Tailscale Reset on Exit", + help: "Resets Tailscale Serve/Funnel state on gateway exit to avoid stale published routes after shutdown. Keep enabled unless another controller manages publish lifecycle outside the gateway.", + tags: ["network"], + }, + "gateway.remote": { + label: "Remote Gateway", + help: "Remote gateway connection settings for direct or SSH transport when this instance proxies to another runtime host. Use remote mode only when split-host operation is intentionally configured.", + tags: ["network"], + }, + "gateway.remote.transport": { + label: "Remote Gateway Transport", + help: 'Remote connection transport: "direct" uses configured URL connectivity, while "ssh" tunnels through SSH. Use SSH when you need encrypted tunnel semantics without exposing remote ports.', + tags: ["network"], + }, + "gateway.reload": { + label: "Config Reload", + help: "Live config-reload policy for how edits are applied and when full restarts are triggered. Keep hybrid behavior for safest operational updates unless debugging reload internals.", + tags: ["network", "reliability"], + }, + "gateway.tls": { + label: "Gateway TLS", + help: "TLS certificate and key settings for terminating HTTPS directly in the gateway process. Use explicit certificates in production and avoid plaintext exposure on untrusted networks.", + tags: ["network"], + }, + "gateway.tls.enabled": { + label: "Gateway TLS Enabled", + help: "Enables TLS termination at the gateway listener so clients connect over HTTPS/WSS directly. Keep enabled for direct internet exposure or any untrusted network boundary.", + tags: ["network"], + }, + "gateway.tls.autoGenerate": { + label: "Gateway TLS Auto-Generate Cert", + help: "Auto-generates a local TLS certificate/key pair when explicit files are not configured. Use only for local/dev setups and replace with real certificates for production traffic.", + tags: ["network"], + }, + "gateway.tls.certPath": { + label: "Gateway TLS Certificate Path", + help: "Filesystem path to the TLS certificate file used by the gateway when TLS is enabled. Use managed certificate paths and keep renewal automation aligned with this location.", + tags: ["network", "storage"], + }, + "gateway.tls.keyPath": { + label: "Gateway TLS Key Path", + help: "Filesystem path to the TLS private key file used by the gateway when TLS is enabled. Keep this key file permission-restricted and rotate per your security policy.", + tags: ["network", "storage"], + }, + "gateway.tls.caPath": { + label: "Gateway TLS CA Path", + help: "Optional CA bundle path for client verification or custom trust-chain requirements at the gateway edge. Use this when private PKI or custom certificate chains are part of deployment.", + tags: ["network", "storage"], + }, + "gateway.http": { + label: "Gateway HTTP API", + help: "Gateway HTTP API configuration grouping endpoint toggles and transport-facing API exposure controls. Keep only required endpoints enabled to reduce attack surface.", + tags: ["network"], + }, + "gateway.http.endpoints": { + label: "Gateway HTTP Endpoints", + help: "HTTP endpoint feature toggles under the gateway API surface for compatibility routes and optional integrations. Enable endpoints intentionally and monitor access patterns after rollout.", + tags: ["network"], + }, + "gateway.http.securityHeaders": { + label: "Gateway HTTP Security Headers", + help: "Optional HTTP response security headers applied by the gateway process itself. Prefer setting these at your reverse proxy when TLS terminates there.", + tags: ["network"], + }, + "gateway.http.securityHeaders.strictTransportSecurity": { + label: "Strict Transport Security Header", + help: "Value for the Strict-Transport-Security response header. Set only on HTTPS origins that you fully control; use false to explicitly disable.", + tags: ["network"], + }, + "gateway.remote.url": { + label: "Remote Gateway URL", + help: "Remote Gateway WebSocket URL (ws:// or wss://).", + placeholder: "ws://host:18789", + tags: ["network"], + }, + "gateway.remote.sshTarget": { + label: "Remote Gateway SSH Target", + help: "Remote gateway over SSH (tunnels the gateway port to localhost). Format: user@host or user@host:port.", + placeholder: "user@host", + tags: ["network"], + }, + "gateway.remote.sshIdentity": { + label: "Remote Gateway SSH Identity", + help: "Optional SSH identity file path (passed to ssh -i).", + tags: ["network"], + }, + "gateway.remote.token": { + label: "Remote Gateway Token", + help: "Bearer token used to authenticate this client to a remote gateway in token-auth deployments. Store via secret/env substitution and rotate alongside remote gateway auth changes.", + tags: ["security", "auth", "network"], + sensitive: true, + }, + "gateway.remote.password": { + label: "Remote Gateway Password", + help: "Password credential used for remote gateway authentication when password mode is enabled. Keep this secret managed externally and avoid plaintext values in committed config.", + tags: ["security", "auth", "network"], + sensitive: true, + }, + "gateway.remote.tlsFingerprint": { + label: "Remote Gateway TLS Fingerprint", + help: "Expected sha256 TLS fingerprint for the remote gateway (pin to avoid MITM).", + placeholder: "sha256:ab12cd34…", + tags: ["security", "auth", "network"], + }, + "gateway.auth.token": { + label: "Gateway Token", + help: "Required by default for gateway access (unless using Tailscale Serve identity); required for non-loopback binds.", + tags: ["security", "auth", "access", "network"], + sensitive: true, + }, + "gateway.auth.password": { + label: "Gateway Password", + help: "Required for Tailscale funnel.", + tags: ["security", "auth", "access", "network"], + sensitive: true, + }, + "browser.enabled": { + label: "Browser Enabled", + help: "Enables browser capability wiring in the gateway so browser tools and CDP-driven workflows can run. Disable when browser automation is not needed to reduce surface area and startup work.", + tags: ["advanced"], + }, + "browser.cdpUrl": { + label: "Browser CDP URL", + help: "Remote CDP websocket URL used to attach to an externally managed browser instance. Use this for centralized browser hosts and keep URL access restricted to trusted network paths.", + tags: ["advanced"], + }, + "browser.color": { + label: "Browser Accent Color", + help: "Default accent color used for browser profile/UI cues where colored identity hints are displayed. Use consistent colors to help operators identify active browser profile context quickly.", + tags: ["advanced"], + }, + "browser.executablePath": { + label: "Browser Executable Path", + help: "Explicit browser executable path when auto-discovery is insufficient for your host environment. Use absolute stable paths so launch behavior stays deterministic across restarts.", + tags: ["storage"], + }, + "browser.headless": { + label: "Browser Headless Mode", + help: "Forces browser launch in headless mode when the local launcher starts browser instances. Keep headless enabled for server environments and disable only when visible UI debugging is required.", + tags: ["advanced"], + }, + "browser.noSandbox": { + label: "Browser No-Sandbox Mode", + help: "Disables Chromium sandbox isolation flags for environments where sandboxing fails at runtime. Keep this off whenever possible because process isolation protections are reduced.", + tags: ["storage"], + }, + "browser.attachOnly": { + label: "Browser Attach-only Mode", + help: "Restricts browser mode to attach-only behavior without starting local browser processes. Use this when all browser sessions are externally managed by a remote CDP provider.", + tags: ["advanced"], + }, + "browser.cdpPortRangeStart": { + label: "Browser CDP Port Range Start", + help: "Starting local CDP port used for auto-allocated browser profile ports. Increase this when host-level port defaults conflict with other local services.", + tags: ["advanced"], + }, + "browser.defaultProfile": { + label: "Browser Default Profile", + help: "Default browser profile name selected when callers do not explicitly choose a profile. Use a stable low-privilege profile as the default to reduce accidental cross-context state use.", + tags: ["storage"], + }, + "browser.profiles": { + label: "Browser Profiles", + help: "Named browser profile connection map used for explicit routing to CDP ports or URLs with optional metadata. Keep profile names consistent and avoid overlapping endpoint definitions.", + tags: ["storage"], + }, + "browser.profiles.*.cdpPort": { + label: "Browser Profile CDP Port", + help: "Per-profile local CDP port used when connecting to browser instances by port instead of URL. Use unique ports per profile to avoid connection collisions.", + tags: ["storage"], + }, + "browser.profiles.*.cdpUrl": { + label: "Browser Profile CDP URL", + help: "Per-profile CDP websocket URL used for explicit remote browser routing by profile name. Use this when profile connections terminate on remote hosts or tunnels.", + tags: ["storage"], + }, + "browser.profiles.*.userDataDir": { + label: "Browser Profile User Data Dir", + help: "Per-profile Chromium user data directory for existing-session attachment through Chrome DevTools MCP. Use this for host-local Brave, Edge, Chromium, or non-default Chrome profiles when the built-in auto-connect path would pick the wrong browser data directory.", + tags: ["storage"], + }, + "browser.profiles.*.driver": { + label: "Browser Profile Driver", + help: 'Per-profile browser driver mode. Use "openclaw" (or legacy "clawd") for CDP-based profiles, or use "existing-session" for host-local Chrome DevTools MCP attachment.', + tags: ["storage"], + }, + "browser.profiles.*.attachOnly": { + label: "Browser Profile Attach-only Mode", + help: "Per-profile attach-only override that skips local browser launch and only attaches to an existing CDP endpoint. Useful when one profile is externally managed but others are locally launched.", + tags: ["storage"], + }, + "browser.profiles.*.color": { + label: "Browser Profile Accent Color", + help: "Per-profile accent color for visual differentiation in dashboards and browser-related UI hints. Use distinct colors for high-signal operator recognition of active profiles.", + tags: ["storage"], + }, + "tools.allow": { + label: "Tool Allowlist", + help: "Absolute tool allowlist that replaces profile-derived defaults for strict environments. Use this only when you intentionally run a tightly curated subset of tool capabilities.", + tags: ["access", "tools"], + }, + "tools.deny": { + label: "Tool Denylist", + help: "Global tool denylist that blocks listed tools even when profile or provider rules would allow them. Use deny rules for emergency lockouts and long-term defense-in-depth.", + tags: ["access", "tools"], + }, + "tools.web": { + label: "Web Tools", + help: "Web-tool policy grouping for search/fetch providers, limits, and fallback behavior tuning. Keep enabled settings aligned with API key availability and outbound networking policy.", + tags: ["tools"], + }, + "tools.exec": { + label: "Exec Tool", + help: "Exec-tool policy grouping for shell execution host, security mode, approval behavior, and runtime bindings. Keep conservative defaults in production and tighten elevated execution paths.", + tags: ["tools"], + }, + "tools.media.image.enabled": { + label: "Enable Image Understanding", + help: "Enable image understanding so attached or referenced images can be interpreted into textual context. Disable if you need text-only operation or want to avoid image-processing cost.", + tags: ["media", "tools"], + }, + "tools.media.image.maxBytes": { + label: "Image Understanding Max Bytes", + help: "Maximum accepted image payload size in bytes before the item is skipped or truncated by policy. Keep limits realistic for your provider caps and infrastructure bandwidth.", + tags: ["performance", "media", "tools"], + }, + "tools.media.image.maxChars": { + label: "Image Understanding Max Chars", + help: "Maximum characters returned from image understanding output after model response normalization. Use tighter limits to reduce prompt bloat and larger limits for detail-heavy OCR tasks.", + tags: ["performance", "media", "tools"], + }, + "tools.media.image.prompt": { + label: "Image Understanding Prompt", + help: "Instruction template used for image understanding requests to shape extraction style and detail level. Keep prompts deterministic so outputs stay consistent across turns and channels.", + tags: ["media", "tools"], + }, + "tools.media.image.timeoutSeconds": { + label: "Image Understanding Timeout (sec)", + help: "Timeout in seconds for each image understanding request before it is aborted. Increase for high-resolution analysis and lower it for latency-sensitive operator workflows.", + tags: ["performance", "media", "tools"], + }, + "tools.media.image.attachments": { + label: "Image Understanding Attachment Policy", + help: "Attachment handling policy for image inputs, including which message attachments qualify for image analysis. Use restrictive settings in untrusted channels to reduce unexpected processing.", + tags: ["media", "tools"], + }, + "tools.media.image.models": { + label: "Image Understanding Models", + help: "Ordered model preferences specifically for image understanding when you want to override shared media models. Put the most reliable multimodal model first to reduce fallback attempts.", + tags: ["models", "media", "tools"], + }, + "tools.media.image.scope": { + label: "Image Understanding Scope", + help: "Scope selector for when image understanding is attempted (for example only explicit requests versus broader auto-detection). Keep narrow scope in busy channels to control token and API spend.", + tags: ["media", "tools"], + }, + "tools.media.models": { + label: "Media Understanding Shared Models", + help: "Shared fallback model list used by media understanding tools when modality-specific model lists are not set. Keep this aligned with available multimodal providers to avoid runtime fallback churn.", + tags: ["models", "media", "tools"], + }, + "tools.media.concurrency": { + label: "Media Understanding Concurrency", + help: "Maximum number of concurrent media understanding operations per turn across image, audio, and video tasks. Lower this in resource-constrained deployments to prevent CPU/network saturation.", + tags: ["performance", "media", "tools"], + }, + "tools.media.audio.enabled": { + label: "Enable Audio Understanding", + help: "Enable audio understanding so voice notes or audio clips can be transcribed/summarized for agent context. Disable when audio ingestion is outside policy or unnecessary for your workflows.", + tags: ["media", "tools"], + }, + "tools.media.audio.maxBytes": { + label: "Audio Understanding Max Bytes", + help: "Maximum accepted audio payload size in bytes before processing is rejected or clipped by policy. Set this based on expected recording length and upstream provider limits.", + tags: ["performance", "media", "tools"], + }, + "tools.media.audio.maxChars": { + label: "Audio Understanding Max Chars", + help: "Maximum characters retained from audio understanding output to prevent oversized transcript injection. Increase for long-form dictation, or lower to keep conversational turns compact.", + tags: ["performance", "media", "tools"], + }, + "tools.media.audio.prompt": { + label: "Audio Understanding Prompt", + help: "Instruction template guiding audio understanding output style, such as concise summary versus near-verbatim transcript. Keep wording consistent so downstream automations can rely on output format.", + tags: ["media", "tools"], + }, + "tools.media.audio.timeoutSeconds": { + label: "Audio Understanding Timeout (sec)", + help: "Timeout in seconds for audio understanding execution before the operation is cancelled. Use longer timeouts for long recordings and tighter ones for interactive chat responsiveness.", + tags: ["performance", "media", "tools"], + }, + "tools.media.audio.language": { + label: "Audio Understanding Language", + help: "Preferred language hint for audio understanding/transcription when provider support is available. Set this to improve recognition accuracy for known primary languages.", + tags: ["media", "tools"], + }, + "tools.media.audio.attachments": { + label: "Audio Understanding Attachment Policy", + help: "Attachment policy for audio inputs indicating which uploaded files are eligible for audio processing. Keep restrictive defaults in mixed-content channels to avoid unintended audio workloads.", + tags: ["media", "tools"], + }, + "tools.media.audio.models": { + label: "Audio Understanding Models", + help: "Ordered model preferences specifically for audio understanding, used before shared media model fallback. Choose models optimized for transcription quality in your primary language/domain.", + tags: ["models", "media", "tools"], + }, + "tools.media.audio.scope": { + label: "Audio Understanding Scope", + help: "Scope selector for when audio understanding runs across inbound messages and attachments. Keep focused scopes in high-volume channels to reduce cost and avoid accidental transcription.", + tags: ["media", "tools"], + }, + "tools.media.audio.echoTranscript": { + label: "Echo Transcript to Chat", + help: "Echo the audio transcript back to the originating chat before agent processing. When enabled, users immediately see what was heard from their voice note, helping them verify transcription accuracy before the agent acts on it. Default: false.", + tags: ["media", "tools"], + }, + "tools.media.audio.echoFormat": { + label: "Transcript Echo Format", + help: "Format string for the echoed transcript message. Use `{transcript}` as a placeholder for the transcribed text. Default: '📝 \"{transcript}\"'.", + tags: ["media", "tools"], + }, + "tools.media.video.enabled": { + label: "Enable Video Understanding", + help: "Enable video understanding so clips can be summarized into text for downstream reasoning and responses. Disable when processing video is out of policy or too expensive for your deployment.", + tags: ["media", "tools"], + }, + "tools.media.video.maxBytes": { + label: "Video Understanding Max Bytes", + help: "Maximum accepted video payload size in bytes before policy rejection or trimming occurs. Tune this to provider and infrastructure limits to avoid repeated timeout/failure loops.", + tags: ["performance", "media", "tools"], + }, + "tools.media.video.maxChars": { + label: "Video Understanding Max Chars", + help: "Maximum characters retained from video understanding output to control prompt growth. Raise for dense scene descriptions and lower when concise summaries are preferred.", + tags: ["performance", "media", "tools"], + }, + "tools.media.video.prompt": { + label: "Video Understanding Prompt", + help: "Instruction template for video understanding describing desired summary granularity and focus areas. Keep this stable so output quality remains predictable across model/provider fallbacks.", + tags: ["media", "tools"], + }, + "tools.media.video.timeoutSeconds": { + label: "Video Understanding Timeout (sec)", + help: "Timeout in seconds for each video understanding request before cancellation. Use conservative values in interactive channels and longer values for offline or batch-heavy processing.", + tags: ["performance", "media", "tools"], + }, + "tools.media.video.attachments": { + label: "Video Understanding Attachment Policy", + help: "Attachment eligibility policy for video analysis, defining which message files can trigger video processing. Keep this explicit in shared channels to prevent accidental large media workloads.", + tags: ["media", "tools"], + }, + "tools.media.video.models": { + label: "Video Understanding Models", + help: "Ordered model preferences specifically for video understanding before shared media fallback applies. Prioritize models with strong multimodal video support to minimize degraded summaries.", + tags: ["models", "media", "tools"], + }, + "tools.media.video.scope": { + label: "Video Understanding Scope", + help: "Scope selector controlling when video understanding is attempted across incoming events. Narrow scope in noisy channels, and broaden only where video interpretation is core to workflow.", + tags: ["media", "tools"], + }, + "tools.links.enabled": { + label: "Enable Link Understanding", + help: "Enable automatic link understanding pre-processing so URLs can be summarized before agent reasoning. Keep enabled for richer context, and disable when strict minimal processing is required.", + tags: ["tools"], + }, + "tools.links.maxLinks": { + label: "Link Understanding Max Links", + help: "Maximum number of links expanded per turn during link understanding. Use lower values to control latency/cost in chatty threads and higher values when multi-link context is critical.", + tags: ["performance", "tools"], + }, + "tools.links.timeoutSeconds": { + label: "Link Understanding Timeout (sec)", + help: "Per-link understanding timeout budget in seconds before unresolved links are skipped. Keep this bounded to avoid long stalls when external sites are slow or unreachable.", + tags: ["performance", "tools"], + }, + "tools.links.models": { + label: "Link Understanding Models", + help: "Preferred model list for link understanding tasks, evaluated in order as fallbacks when supported. Use lightweight models first for routine summarization and heavier models only when needed.", + tags: ["models", "tools"], + }, + "tools.links.scope": { + label: "Link Understanding Scope", + help: "Controls when link understanding runs relative to conversation context and message type. Keep scope conservative to avoid unnecessary fetches on messages where links are not actionable.", + tags: ["tools"], + }, + "tools.profile": { + label: "Tool Profile", + help: "Global tool profile name used to select a predefined tool policy baseline before applying allow/deny overrides. Use this for consistent environment posture across agents and keep profile names stable.", + tags: ["storage", "tools"], + }, + "tools.alsoAllow": { + label: "Tool Allowlist Additions", + help: "Extra tool allowlist entries merged on top of the selected tool profile and default policy. Keep this list small and explicit so audits can quickly identify intentional policy exceptions.", + tags: ["access", "tools"], + }, + "agents.list[].tools.profile": { + label: "Agent Tool Profile", + help: "Per-agent override for tool profile selection when one agent needs a different capability baseline. Use this sparingly so policy differences across agents stay intentional and reviewable.", + tags: ["storage"], + }, + "agents.list[].tools.alsoAllow": { + label: "Agent Tool Allowlist Additions", + help: "Per-agent additive allowlist for tools on top of global and profile policy. Keep narrow to avoid accidental privilege expansion on specialized agents.", + tags: ["access"], + }, + "tools.byProvider": { + label: "Tool Policy by Provider", + help: "Per-provider tool allow/deny overrides keyed by channel/provider ID to tailor capabilities by surface. Use this when one provider needs stricter controls than global tool policy.", + tags: ["tools"], + }, + "agents.list[].tools.byProvider": { + label: "Agent Tool Policy by Provider", + help: "Per-agent provider-specific tool policy overrides for channel-scoped capability control. Use this when a single agent needs tighter restrictions on one provider than others.", + tags: ["advanced"], + }, + "tools.exec.applyPatch.enabled": { + label: "Enable apply_patch", + help: "Experimental. Enables apply_patch for OpenAI models when allowed by tool policy.", + tags: ["tools"], + }, + "tools.exec.applyPatch.workspaceOnly": { + label: "apply_patch Workspace-Only", + help: "Restrict apply_patch paths to the workspace directory (default: true). Set false to allow writing outside the workspace (dangerous).", + tags: ["security", "access", "tools", "advanced"], + }, + "tools.exec.applyPatch.allowModels": { + label: "apply_patch Model Allowlist", + help: 'Optional allowlist of model ids (e.g. "gpt-5.2" or "openai/gpt-5.2").', + tags: ["access", "tools"], + }, + "tools.loopDetection.enabled": { + label: "Tool-loop Detection", + help: "Enable repetitive tool-call loop detection and backoff safety checks (default: false).", + tags: ["tools"], + }, + "tools.loopDetection.historySize": { + label: "Tool-loop History Size", + help: "Tool history window size for loop detection (default: 30).", + tags: ["tools"], + }, + "tools.loopDetection.warningThreshold": { + label: "Tool-loop Warning Threshold", + help: "Warning threshold for repetitive patterns when detector is enabled (default: 10).", + tags: ["tools"], + }, + "tools.loopDetection.criticalThreshold": { + label: "Tool-loop Critical Threshold", + help: "Critical threshold for repetitive patterns when detector is enabled (default: 20).", + tags: ["tools"], + }, + "tools.loopDetection.globalCircuitBreakerThreshold": { + label: "Tool-loop Global Circuit Breaker Threshold", + help: "Global no-progress breaker threshold (default: 30).", + tags: ["reliability", "tools"], + }, + "tools.loopDetection.detectors.genericRepeat": { + label: "Tool-loop Generic Repeat Detection", + help: "Enable generic repeated same-tool/same-params loop detection (default: true).", + tags: ["tools"], + }, + "tools.loopDetection.detectors.knownPollNoProgress": { + label: "Tool-loop Poll No-Progress Detection", + help: "Enable known poll tool no-progress loop detection (default: true).", + tags: ["tools"], + }, + "tools.loopDetection.detectors.pingPong": { + label: "Tool-loop Ping-Pong Detection", + help: "Enable ping-pong loop detection (default: true).", + tags: ["tools"], + }, + "tools.fs.workspaceOnly": { + label: "Workspace-only FS tools", + help: "Restrict filesystem tools (read/write/edit/apply_patch) to the workspace directory (default: false).", + tags: ["tools"], + }, + "tools.sessions.visibility": { + label: "Session Tools Visibility", + help: 'Controls which sessions can be targeted by sessions_list/sessions_history/sessions_send. ("tree" default = current session + spawned subagent sessions; "self" = only current; "agent" = any session in the current agent id; "all" = any session; cross-agent still requires tools.agentToAgent).', + tags: ["storage", "tools"], + }, + "tools.exec.notifyOnExit": { + label: "Exec Notify On Exit", + help: "When true (default), backgrounded exec sessions on exit and node exec lifecycle events enqueue a system event and request a heartbeat.", + tags: ["tools"], + }, + "tools.exec.notifyOnExitEmptySuccess": { + label: "Exec Notify On Empty Success", + help: "When true, successful backgrounded exec exits with empty output still enqueue a completion system event (default: false).", + tags: ["tools"], + }, + "tools.exec.approvalRunningNoticeMs": { + label: "Exec Approval Running Notice (ms)", + help: "Delay in milliseconds before showing an in-progress notice after an exec approval is granted. Increase to reduce flicker for fast commands, or lower for quicker operator feedback.", + tags: ["tools"], + }, + "tools.exec.host": { + label: "Exec Host", + help: "Selects execution host strategy for shell commands, typically controlling local vs delegated execution environment. Use the safest host mode that still satisfies your automation requirements.", + tags: ["tools"], + }, + "tools.exec.security": { + label: "Exec Security", + help: "Execution security posture selector controlling sandbox/approval expectations for command execution. Keep strict security mode for untrusted prompts and relax only for trusted operator workflows.", + tags: ["tools"], + }, + "tools.exec.ask": { + label: "Exec Ask", + help: "Approval strategy for when exec commands require human confirmation before running. Use stricter ask behavior in shared channels and lower-friction settings in private operator contexts.", + tags: ["tools"], + }, + "tools.exec.node": { + label: "Exec Node Binding", + help: "Node binding configuration for exec tooling when command execution is delegated through connected nodes. Use explicit node binding only when multi-node routing is required.", + tags: ["tools"], + }, + "tools.agentToAgent": { + label: "Agent-to-Agent Tool Access", + help: "Policy for allowing agent-to-agent tool calls and constraining which target agents can be reached. Keep disabled or tightly scoped unless cross-agent orchestration is intentionally enabled.", + tags: ["tools"], + }, + "tools.agentToAgent.enabled": { + label: "Enable Agent-to-Agent Tool", + help: "Enables the agent_to_agent tool surface so one agent can invoke another agent at runtime. Keep off in simple deployments and enable only when orchestration value outweighs complexity.", + tags: ["tools"], + }, + "tools.agentToAgent.allow": { + label: "Agent-to-Agent Target Allowlist", + help: "Allowlist of target agent IDs permitted for agent_to_agent calls when orchestration is enabled. Use explicit allowlists to avoid uncontrolled cross-agent call graphs.", + tags: ["access", "tools"], + }, + "tools.elevated": { + label: "Elevated Tool Access", + help: "Elevated tool access controls for privileged command surfaces that should only be reachable from trusted senders. Keep disabled unless operator workflows explicitly require elevated actions.", + tags: ["tools"], + }, + "tools.elevated.enabled": { + label: "Enable Elevated Tool Access", + help: "Enables elevated tool execution path when sender and policy checks pass. Keep disabled in public/shared channels and enable only for trusted owner-operated contexts.", + tags: ["tools"], + }, + "tools.elevated.allowFrom": { + label: "Elevated Tool Allow Rules", + help: "Sender allow rules for elevated tools, usually keyed by channel/provider identity formats. Use narrow, explicit identities so elevated commands cannot be triggered by unintended users.", + tags: ["access", "tools"], + }, + "tools.subagents": { + label: "Subagent Tool Policy", + help: "Tool policy wrapper for spawned subagents to restrict or expand tool availability compared to parent defaults. Use this to keep delegated agent capabilities scoped to task intent.", + tags: ["tools"], + }, + "tools.subagents.tools": { + label: "Subagent Tool Allow/Deny Policy", + help: "Allow/deny tool policy applied to spawned subagent runtimes for per-subagent hardening. Keep this narrower than parent scope when subagents run semi-autonomous workflows.", + tags: ["tools"], + }, + "tools.sandbox": { + label: "Sandbox Tool Policy", + help: "Tool policy wrapper for sandboxed agent executions so sandbox runs can have distinct capability boundaries. Use this to enforce stronger safety in sandbox contexts.", + tags: ["storage", "tools"], + }, + "tools.sandbox.tools": { + label: "Sandbox Tool Allow/Deny Policy", + help: "Allow/deny tool policy applied when agents run in sandboxed execution environments. Keep policies minimal so sandbox tasks cannot escalate into unnecessary external actions.", + tags: ["storage", "tools"], + }, + "tools.exec.pathPrepend": { + label: "Exec PATH Prepend", + help: "Directories to prepend to PATH for exec runs (gateway/sandbox).", + tags: ["storage", "tools"], + }, + "tools.exec.safeBins": { + label: "Exec Safe Bins", + help: "Allow stdin-only safe binaries to run without explicit allowlist entries.", + tags: ["tools"], + }, + "tools.exec.strictInlineEval": { + label: "Require Inline-Eval Approval", + help: "Require explicit approval for interpreter inline-eval forms such as `python -c`, `node -e`, `ruby -e`, or `osascript -e`. Prevents silent allowlist reuse and downgrades allow-always to ask-each-time for those forms.", + tags: ["tools"], + }, + "tools.exec.safeBinTrustedDirs": { + label: "Exec Safe Bin Trusted Dirs", + help: "Additional explicit directories trusted for safe-bin path checks (PATH entries are never auto-trusted).", + tags: ["storage", "tools"], + }, + "tools.exec.safeBinProfiles": { + label: "Exec Safe Bin Profiles", + help: "Optional per-binary safe-bin profiles (positional limits + allowed/denied flags).", + tags: ["storage", "tools"], + }, + approvals: { + label: "Approvals", + help: "Approval routing controls for forwarding exec approval requests to chat destinations outside the originating session. Keep this disabled unless operators need explicit out-of-band approval visibility.", + tags: ["advanced"], + }, + "approvals.exec": { + label: "Exec Approval Forwarding", + help: "Groups exec-approval forwarding behavior including enablement, routing mode, filters, and explicit targets. Configure here when approval prompts must reach operational channels instead of only the origin thread.", + tags: ["advanced"], + }, + "approvals.exec.enabled": { + label: "Forward Exec Approvals", + help: "Enables forwarding of exec approval requests to configured delivery destinations (default: false). Keep disabled in low-risk setups and enable only when human approval responders need channel-visible prompts.", + tags: ["advanced"], + }, + "approvals.exec.mode": { + label: "Approval Forwarding Mode", + help: 'Controls where approval prompts are sent: "session" uses origin chat, "targets" uses configured targets, and "both" sends to both paths. Use "session" as baseline and expand only when operational workflow requires redundancy.', + tags: ["advanced"], + }, + "approvals.exec.agentFilter": { + label: "Approval Agent Filter", + help: 'Optional allowlist of agent IDs eligible for forwarded approvals, for example `["primary", "ops-agent"]`. Use this to limit forwarding blast radius and avoid notifying channels for unrelated agents.', + tags: ["advanced"], + }, + "approvals.exec.sessionFilter": { + label: "Approval Session Filter", + help: 'Optional session-key filters matched as substring or regex-style patterns, for example `["discord:", "^agent:ops:"]`. Use narrow patterns so only intended approval contexts are forwarded to shared destinations.', + tags: ["storage"], + }, + "approvals.exec.targets": { + label: "Approval Forwarding Targets", + help: "Explicit delivery targets used when forwarding mode includes targets, each with channel and destination details. Keep target lists least-privilege and validate each destination before enabling broad forwarding.", + tags: ["advanced"], + }, + "approvals.exec.targets[].channel": { + label: "Approval Target Channel", + help: "Channel/provider ID used for forwarded approval delivery, such as discord, slack, or a plugin channel id. Use valid channel IDs only so approvals do not silently fail due to unknown routes.", + tags: ["advanced"], + }, + "approvals.exec.targets[].to": { + label: "Approval Target Destination", + help: "Destination identifier inside the target channel (channel ID, user ID, or thread root depending on provider). Verify semantics per provider because destination format differs across channel integrations.", + tags: ["advanced"], + }, + "approvals.exec.targets[].accountId": { + label: "Approval Target Account ID", + help: "Optional account selector for multi-account channel setups when approvals must route through a specific account context. Use this only when the target channel has multiple configured identities.", + tags: ["advanced"], + }, + "approvals.exec.targets[].threadId": { + label: "Approval Target Thread ID", + help: "Optional thread/topic target for channels that support threaded delivery of forwarded approvals. Use this to keep approval traffic contained in operational threads instead of main channels.", + tags: ["advanced"], + }, + "tools.message.allowCrossContextSend": { + label: "Allow Cross-Context Messaging", + help: "Legacy override: allow cross-context sends across all providers.", + tags: ["access", "tools"], + }, + "tools.message.crossContext.allowWithinProvider": { + label: "Allow Cross-Context (Same Provider)", + help: "Allow sends to other channels within the same provider (default: true).", + tags: ["access", "tools"], + }, + "tools.message.crossContext.allowAcrossProviders": { + label: "Allow Cross-Context (Across Providers)", + help: "Allow sends across different providers (default: false).", + tags: ["access", "tools"], + }, + "tools.message.crossContext.marker.enabled": { + label: "Cross-Context Marker", + help: "Add a visible origin marker when sending cross-context (default: true).", + tags: ["tools"], + }, + "tools.message.crossContext.marker.prefix": { + label: "Cross-Context Marker Prefix", + help: 'Text prefix for cross-context markers (supports "{channel}").', + tags: ["tools"], + }, + "tools.message.crossContext.marker.suffix": { + label: "Cross-Context Marker Suffix", + help: 'Text suffix for cross-context markers (supports "{channel}").', + tags: ["tools"], + }, + "tools.message.broadcast.enabled": { + label: "Enable Message Broadcast", + help: "Enable broadcast action (default: true).", + tags: ["tools"], + }, + "tools.web.search.enabled": { + label: "Enable Web Search Tool", + help: "Enable the web_search tool (requires a provider API key).", + tags: ["tools"], + }, + "tools.web.search.provider": { + label: "Web Search Provider", + help: "Search provider id. Auto-detected from available API keys if omitted.", + tags: ["tools"], + }, + "tools.web.search.maxResults": { + label: "Web Search Max Results", + help: "Number of results to return (1-10).", + tags: ["performance", "tools"], + }, + "tools.web.search.timeoutSeconds": { + label: "Web Search Timeout (sec)", + help: "Timeout in seconds for web_search requests.", + tags: ["performance", "tools"], + }, + "tools.web.search.cacheTtlMinutes": { + label: "Web Search Cache TTL (min)", + help: "Cache TTL in minutes for web_search results.", + tags: ["performance", "storage", "tools"], + }, + "tools.web.fetch.enabled": { + label: "Enable Web Fetch Tool", + help: "Enable the web_fetch tool (lightweight HTTP fetch).", + tags: ["tools"], + }, + "tools.web.fetch.maxChars": { + label: "Web Fetch Max Chars", + help: "Max characters returned by web_fetch (truncated).", + tags: ["performance", "tools"], + }, + "tools.web.fetch.maxCharsCap": { + label: "Web Fetch Hard Max Chars", + help: "Hard cap for web_fetch maxChars (applies to config and tool calls).", + tags: ["performance", "tools"], + }, + "tools.web.fetch.timeoutSeconds": { + label: "Web Fetch Timeout (sec)", + help: "Timeout in seconds for web_fetch requests.", + tags: ["performance", "tools"], + }, + "tools.web.fetch.cacheTtlMinutes": { + label: "Web Fetch Cache TTL (min)", + help: "Cache TTL in minutes for web_fetch results.", + tags: ["performance", "storage", "tools"], + }, + "tools.web.fetch.maxRedirects": { + label: "Web Fetch Max Redirects", + help: "Maximum redirects allowed for web_fetch (default: 3).", + tags: ["performance", "storage", "tools"], + }, + "tools.web.fetch.userAgent": { + label: "Web Fetch User-Agent", + help: "Override User-Agent header for web_fetch requests.", + tags: ["tools"], + }, + "tools.web.fetch.readability": { + label: "Web Fetch Readability Extraction", + help: "Use Readability to extract main content from HTML (fallbacks to basic HTML cleanup).", + tags: ["tools"], + }, + "tools.web.fetch.firecrawl.enabled": { + label: "Enable Firecrawl Fallback", + help: "Enable Firecrawl fallback for web_fetch (if configured).", + tags: ["tools"], + }, + "tools.web.fetch.firecrawl.apiKey": { + label: "Firecrawl API Key", + help: "Firecrawl API key (fallback: FIRECRAWL_API_KEY env var).", + tags: ["security", "auth", "tools"], + sensitive: true, + }, + "tools.web.fetch.firecrawl.baseUrl": { + label: "Firecrawl Base URL", + help: "Firecrawl base URL (e.g. https://api.firecrawl.dev or custom endpoint).", + tags: ["tools"], + }, + "tools.web.fetch.firecrawl.onlyMainContent": { + label: "Firecrawl Main Content Only", + help: "When true, Firecrawl returns only the main content (default: true).", + tags: ["tools"], + }, + "tools.web.fetch.firecrawl.maxAgeMs": { + label: "Firecrawl Cache Max Age (ms)", + help: "Firecrawl maxAge (ms) for cached results when supported by the API.", + tags: ["performance", "tools"], + }, + "tools.web.fetch.firecrawl.timeoutSeconds": { + label: "Firecrawl Timeout (sec)", + help: "Timeout in seconds for Firecrawl requests.", + tags: ["performance", "tools"], + }, + "gateway.controlUi.basePath": { + label: "Control UI Base Path", + help: "Optional URL prefix where the Control UI is served (e.g. /openclaw).", + placeholder: "/openclaw", + tags: ["network", "storage"], + }, + "gateway.controlUi.root": { + label: "Control UI Assets Root", + help: "Optional filesystem root for Control UI assets (defaults to dist/control-ui).", + placeholder: "dist/control-ui", + tags: ["network"], + }, + "gateway.controlUi.allowedOrigins": { + label: "Control UI Allowed Origins", + help: 'Allowed browser origins for Control UI/WebChat websocket connections (full origins only, e.g. https://control.example.com). Required for non-loopback Control UI deployments unless dangerous Host-header fallback is explicitly enabled. Setting ["*"] means allow any browser origin and should be avoided outside tightly controlled local testing.', + placeholder: "https://control.example.com", + tags: ["access", "network"], + }, + "gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback": { + label: "Dangerously Allow Host-Header Origin Fallback", + help: "DANGEROUS toggle that enables Host-header based origin fallback for Control UI/WebChat websocket checks. This mode is supported when your deployment intentionally relies on Host-header origin policy; explicit gateway.controlUi.allowedOrigins remains the recommended hardened default.", + tags: ["security", "access", "network", "advanced"], + }, + "gateway.controlUi.allowInsecureAuth": { + label: "Insecure Control UI Auth Toggle", + help: "Loosens strict browser auth checks for Control UI when you must run a non-standard setup. Keep this off unless you trust your network and proxy path, because impersonation risk is higher.", + tags: ["security", "access", "network", "advanced"], + }, + "gateway.controlUi.dangerouslyDisableDeviceAuth": { + label: "Dangerously Disable Control UI Device Auth", + help: "Disables Control UI device identity checks and relies on token/password only. Use only for short-lived debugging on trusted networks, then turn it off immediately.", + tags: ["security", "access", "network", "advanced"], + }, + "gateway.push": { + label: "Gateway Push Delivery", + help: "Push-delivery settings used by the gateway when it needs to wake or notify paired devices. Configure relay-backed APNs here for official iOS builds; direct APNs auth remains env-based for local/manual builds.", + tags: ["network"], + }, + "gateway.push.apns": { + label: "Gateway APNs Delivery", + help: "APNs delivery settings for iOS devices paired to this gateway. Use relay settings for official/TestFlight builds that register through the external push relay.", + tags: ["network"], + }, + "gateway.push.apns.relay": { + label: "Gateway APNs Relay", + help: "External relay settings for relay-backed APNs sends. The gateway uses this relay for push.test, wake nudges, and reconnect wakes after a paired official iOS build publishes a relay-backed registration.", + tags: ["network"], + }, + "gateway.push.apns.relay.baseUrl": { + label: "Gateway APNs Relay Base URL", + help: "Base HTTPS URL for the external APNs relay service used by official/TestFlight iOS builds. Keep this aligned with the relay URL baked into the iOS build so registration and send traffic hit the same deployment.", + placeholder: "https://relay.example.com", + tags: ["network", "advanced"], + }, + "gateway.push.apns.relay.timeoutMs": { + label: "Gateway APNs Relay Timeout (ms)", + help: "Timeout in milliseconds for relay send requests from the gateway to the APNs relay (default: 10000). Increase for slower relays or networks, or lower to fail wake attempts faster.", + tags: ["network", "performance"], + }, + "gateway.http.endpoints.chatCompletions.enabled": { + label: "OpenAI Chat Completions Endpoint", + help: "Enable the OpenAI-compatible `POST /v1/chat/completions` endpoint (default: false).", + tags: ["network"], + }, + "gateway.http.endpoints.chatCompletions.maxBodyBytes": { + label: "OpenAI Chat Completions Max Body Bytes", + help: "Max request body size in bytes for `/v1/chat/completions` (default: 20MB).", + tags: ["network", "performance"], + }, + "gateway.http.endpoints.chatCompletions.maxImageParts": { + label: "OpenAI Chat Completions Max Image Parts", + help: "Max number of `image_url` parts accepted from the latest user message (default: 8).", + tags: ["network", "performance", "media"], + }, + "gateway.http.endpoints.chatCompletions.maxTotalImageBytes": { + label: "OpenAI Chat Completions Max Total Image Bytes", + help: "Max cumulative decoded bytes across all `image_url` parts in one request (default: 20MB).", + tags: ["network", "performance", "media"], + }, + "gateway.http.endpoints.chatCompletions.images": { + label: "OpenAI Chat Completions Image Limits", + help: "Image fetch/validation controls for OpenAI-compatible `image_url` parts.", + tags: ["network", "media"], + }, + "gateway.http.endpoints.chatCompletions.images.allowUrl": { + label: "OpenAI Chat Completions Allow Image URLs", + help: "Allow server-side URL fetches for `image_url` parts (default: false; data URIs remain supported). Set this to `false` to disable URL fetching entirely.", + tags: ["access", "network", "media"], + }, + "gateway.http.endpoints.chatCompletions.images.urlAllowlist": { + label: "OpenAI Chat Completions Image URL Allowlist", + help: "Optional hostname allowlist for `image_url` URL fetches; supports exact hosts and `*.example.com` wildcards. Empty or omitted lists mean no hostname allowlist restriction.", + tags: ["access", "network", "media"], + }, + "gateway.http.endpoints.chatCompletions.images.allowedMimes": { + label: "OpenAI Chat Completions Image MIME Allowlist", + help: "Allowed MIME types for `image_url` parts (case-insensitive list).", + tags: ["access", "network", "media"], + }, + "gateway.http.endpoints.chatCompletions.images.maxBytes": { + label: "OpenAI Chat Completions Image Max Bytes", + help: "Max bytes per fetched/decoded `image_url` image (default: 10MB).", + tags: ["network", "performance", "media"], + }, + "gateway.http.endpoints.chatCompletions.images.maxRedirects": { + label: "OpenAI Chat Completions Image Max Redirects", + help: "Max HTTP redirects allowed when fetching `image_url` URLs (default: 3).", + tags: ["network", "performance", "storage", "media"], + }, + "gateway.http.endpoints.chatCompletions.images.timeoutMs": { + label: "OpenAI Chat Completions Image Timeout (ms)", + help: "Timeout in milliseconds for `image_url` URL fetches (default: 10000).", + tags: ["network", "performance", "media"], + }, + "gateway.reload.mode": { + label: "Config Reload Mode", + help: 'Controls how config edits are applied: "off" ignores live edits, "restart" always restarts, "hot" applies in-process, and "hybrid" tries hot then restarts if required. Keep "hybrid" for safest routine updates.', + tags: ["network", "reliability"], + }, + "gateway.reload.debounceMs": { + label: "Config Reload Debounce (ms)", + help: "Debounce window (ms) before applying config changes.", + tags: ["network", "reliability", "performance"], + }, + "gateway.reload.deferralTimeoutMs": { + label: "Restart Deferral Timeout (ms)", + help: "Maximum time (ms) to wait for in-flight operations to complete before forcing a SIGUSR1 restart. Default: 300000 (5 minutes). Lower values risk aborting active subagent LLM calls.", + tags: ["network", "reliability", "performance"], + }, + "gateway.nodes.browser.mode": { + label: "Gateway Node Browser Mode", + help: 'Node browser routing ("auto" = pick single connected browser node, "manual" = require node param, "off" = disable).', + tags: ["network"], + }, + "gateway.nodes.browser.node": { + label: "Gateway Node Browser Pin", + help: "Pin browser routing to a specific node id or name (optional).", + tags: ["network"], + }, + "gateway.nodes.allowCommands": { + label: "Gateway Node Allowlist (Extra Commands)", + help: "Extra node.invoke commands to allow beyond the gateway defaults (array of command strings). Enabling dangerous commands here is a security-sensitive override and is flagged by `openclaw security audit`.", + tags: ["access", "network"], + }, + "gateway.nodes.denyCommands": { + label: "Gateway Node Denylist", + help: "Node command names to block even if present in node claims or default allowlist (exact command-name matching only, e.g. `system.run`; does not inspect shell text inside that command).", + tags: ["access", "network"], + }, + "nodeHost.browserProxy": { + label: "Node Browser Proxy", + help: "Groups browser-proxy settings for exposing local browser control through node routing. Enable only when remote node workflows need your local browser profiles.", + tags: ["network"], + }, + "nodeHost.browserProxy.enabled": { + label: "Node Browser Proxy Enabled", + help: "Expose the local browser control server through node proxy routing so remote clients can use this host's browser capabilities. Keep disabled unless remote automation explicitly depends on it.", + tags: ["network"], + }, + "nodeHost.browserProxy.allowProfiles": { + label: "Node Browser Proxy Allowed Profiles", + help: "Optional allowlist of browser profile names exposed through node proxy routing. Leave empty to expose all configured profiles, or use a tight list to enforce least-privilege profile access.", + tags: ["access", "network", "storage"], + }, + media: { + label: "Media", + help: "Top-level media behavior shared across providers and tools that handle inbound files. Keep defaults unless you need stable filenames for external processing pipelines or longer-lived inbound media retention.", + tags: ["advanced"], + }, + "media.preserveFilenames": { + label: "Preserve Media Filenames", + help: "When enabled, uploaded media keeps its original filename instead of a generated temp-safe name. Turn this on when downstream automations depend on stable names, and leave off to reduce accidental filename leakage.", + tags: ["storage"], + }, + "media.ttlHours": { + label: "Media Retention TTL (hours)", + help: "Optional retention window in hours for persisted inbound media cleanup across the full media tree. Leave unset to preserve legacy behavior, or set values like 24 (1 day) or 168 (7 days) when you want automatic cleanup.", + tags: ["advanced"], + }, + "audio.transcription": { + label: "Audio Transcription", + help: "Command-based transcription settings for converting audio files into text before agent handling. Keep a simple, deterministic command path here so failures are easy to diagnose in logs.", + tags: ["media"], + }, + "audio.transcription.command": { + label: "Audio Transcription Command", + help: 'Executable + args used to transcribe audio (first token must be a safe binary/path), for example `["whisper-cli", "--model", "small", "{input}"]`. Prefer a pinned command so runtime environments behave consistently.', + tags: ["media"], + }, + "audio.transcription.timeoutSeconds": { + label: "Audio Transcription Timeout (sec)", + help: "Maximum time allowed for the transcription command to finish before it is aborted. Increase this for longer recordings, and keep it tight in latency-sensitive deployments.", + tags: ["performance", "media"], + }, + "bindings[].type": { + label: "Binding Type", + help: 'Binding kind. Use "route" (or omit for legacy route entries) for normal routing, and "acp" for persistent ACP conversation bindings.', + tags: ["advanced"], + }, + "bindings[].agentId": { + label: "Binding Agent ID", + help: "Target agent ID that receives traffic when the corresponding binding match rule is satisfied. Use valid configured agent IDs only so routing does not fail at runtime.", + tags: ["advanced"], + }, + "bindings[].match": { + label: "Binding Match Rule", + help: "Match rule object for deciding when a binding applies, including channel and optional account/peer constraints. Keep rules narrow to avoid accidental agent takeover across contexts.", + tags: ["advanced"], + }, + "bindings[].match.channel": { + label: "Binding Channel", + help: "Channel/provider identifier this binding applies to, such as `telegram`, `discord`, or a plugin channel ID. Use the configured channel key exactly so binding evaluation works reliably.", + tags: ["advanced"], + }, + "bindings[].match.accountId": { + label: "Binding Account ID", + help: "Optional account selector for multi-account channel setups so the binding applies only to one identity. Use this when account scoping is required for the route and leave unset otherwise.", + tags: ["advanced"], + }, + "bindings[].match.peer": { + label: "Binding Peer Match", + help: "Optional peer matcher for specific conversations including peer kind and peer id. Use this when only one direct/group/channel target should be pinned to an agent.", + tags: ["advanced"], + }, + "bindings[].match.peer.kind": { + label: "Binding Peer Kind", + help: 'Peer conversation type: "direct", "group", "channel", or legacy "dm" (deprecated alias for direct). Prefer "direct" for new configs and keep kind aligned with channel semantics.', + tags: ["advanced"], + }, + "bindings[].match.peer.id": { + label: "Binding Peer ID", + help: "Conversation identifier used with peer matching, such as a chat ID, channel ID, or group ID from the provider. Keep this exact to avoid silent non-matches.", + tags: ["advanced"], + }, + "bindings[].match.guildId": { + label: "Binding Guild ID", + help: "Optional Discord-style guild/server ID constraint for binding evaluation in multi-server deployments. Use this when the same peer identifiers can appear across different guilds.", + tags: ["advanced"], + }, + "bindings[].match.teamId": { + label: "Binding Team ID", + help: "Optional team/workspace ID constraint used by providers that scope chats under teams. Add this when you need bindings isolated to one workspace context.", + tags: ["advanced"], + }, + "bindings[].match.roles": { + label: "Binding Roles", + help: "Optional role-based filter list used by providers that attach roles to chat context. Use this to route privileged or operational role traffic to specialized agents.", + tags: ["advanced"], + }, + "bindings[].acp": { + label: "ACP Binding Overrides", + help: "Optional per-binding ACP overrides for bindings[].type=acp. This layer overrides agents.list[].runtime.acp defaults for the matched conversation.", + tags: ["advanced"], + }, + "bindings[].acp.mode": { + label: "ACP Binding Mode", + help: "ACP session mode override for this binding (persistent or oneshot).", + tags: ["advanced"], + }, + "bindings[].acp.label": { + label: "ACP Binding Label", + help: "Human-friendly label for ACP status/diagnostics in this bound conversation.", + tags: ["advanced"], + }, + "bindings[].acp.cwd": { + label: "ACP Binding Working Directory", + help: "Working directory override for ACP sessions created from this binding.", + tags: ["advanced"], + }, + "bindings[].acp.backend": { + label: "ACP Binding Backend", + help: "ACP backend override for this binding (falls back to agent runtime ACP backend, then global acp.backend).", + tags: ["advanced"], + }, + broadcast: { + label: "Broadcast", + help: "Broadcast routing map for sending the same outbound message to multiple peer IDs per source conversation. Keep this minimal and audited because one source can fan out to many destinations.", + tags: ["advanced"], + }, + "broadcast.strategy": { + label: "Broadcast Strategy", + help: 'Delivery order for broadcast fan-out: "parallel" sends to all targets concurrently, while "sequential" sends one-by-one. Use "parallel" for speed and "sequential" for stricter ordering/backpressure control.', + tags: ["advanced"], + }, + "broadcast.*": { + label: "Broadcast Destination List", + help: "Per-source broadcast destination list where each key is a source peer ID and the value is an array of destination peer IDs. Keep lists intentional to avoid accidental message amplification.", + tags: ["advanced"], + }, + "skills.load.watch": { + label: "Watch Skills", + help: "Enable filesystem watching for skill-definition changes so updates can be applied without full process restart. Keep enabled in development workflows and disable in immutable production images.", + tags: ["advanced"], + }, + "skills.load.watchDebounceMs": { + label: "Skills Watch Debounce (ms)", + help: "Debounce window in milliseconds for coalescing rapid skill file changes before reload logic runs. Increase to reduce reload churn on frequent writes, or lower for faster edit feedback.", + tags: ["performance", "automation"], + }, + "agents.defaults.workspace": { + label: "Workspace", + help: "Default workspace path exposed to agent runtime tools for filesystem context and repo-aware behavior. Set this explicitly when running from wrappers so path resolution stays deterministic.", + tags: ["advanced"], + }, + "agents.defaults.repoRoot": { + label: "Repo Root", + help: "Optional repository root shown in the system prompt runtime line (overrides auto-detect).", + tags: ["advanced"], + }, + "agents.defaults.bootstrapMaxChars": { + label: "Bootstrap Max Chars", + help: "Max characters of each workspace bootstrap file injected into the system prompt before truncation (default: 20000).", + tags: ["performance"], + }, + "agents.defaults.bootstrapTotalMaxChars": { + label: "Bootstrap Total Max Chars", + help: "Max total characters across all injected workspace bootstrap files (default: 150000).", + tags: ["performance"], + }, + "agents.defaults.bootstrapPromptTruncationWarning": { + label: "Bootstrap Prompt Truncation Warning", + help: 'Inject agent-visible warning text when bootstrap files are truncated: "off", "once" (default), or "always".', + tags: ["advanced"], + }, + "agents.defaults.envelopeTimezone": { + label: "Envelope Timezone", + help: 'Timezone for message envelopes ("utc", "local", "user", or an IANA timezone string).', + tags: ["advanced"], + }, + "agents.defaults.envelopeTimestamp": { + label: "Envelope Timestamp", + help: 'Include absolute timestamps in message envelopes ("on" or "off").', + tags: ["advanced"], + }, + "agents.defaults.envelopeElapsed": { + label: "Envelope Elapsed", + help: 'Include elapsed time in message envelopes ("on" or "off").', + tags: ["advanced"], + }, + "agents.defaults.memorySearch": { + label: "Memory Search", + help: "Vector search over MEMORY.md and memory/*.md (per-agent overrides supported).", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.enabled": { + label: "Enable Memory Search", + help: "Master toggle for memory search indexing and retrieval behavior on this agent profile. Keep enabled for semantic recall, and disable when you want fully stateless responses.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.sources": { + label: "Memory Search Sources", + help: 'Chooses which sources are indexed: "memory" reads MEMORY.md + memory files, and "sessions" includes transcript history. Keep ["memory"] unless you need recall from prior chat transcripts.', + tags: ["advanced"], + }, + "agents.defaults.memorySearch.extraPaths": { + label: "Extra Memory Paths", + help: "Adds extra directories or .md files to the memory index beyond default memory files. Use this when key reference docs live elsewhere in your repo; when multimodal memory is enabled, matching image/audio files under these paths are also eligible for indexing.", + tags: ["storage"], + }, + "agents.defaults.memorySearch.multimodal": { + label: "Memory Search Multimodal", + help: 'Optional multimodal memory settings for indexing image and audio files from configured extra paths. Keep this off unless your embedding model explicitly supports cross-modal embeddings, and set `memorySearch.fallback` to "none" while it is enabled. Matching files are uploaded to the configured remote embedding provider during indexing.', + tags: ["advanced"], + }, + "agents.defaults.memorySearch.multimodal.enabled": { + label: "Enable Memory Search Multimodal", + help: "Enables image/audio memory indexing from extraPaths. This currently requires Gemini embedding-2, keeps the default memory roots Markdown-only, disables memory-search fallback providers, and uploads matching binary content to the configured remote embedding provider.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.multimodal.modalities": { + label: "Memory Search Multimodal Modalities", + help: 'Selects which multimodal file types are indexed from extraPaths: "image", "audio", or "all". Keep this narrow to avoid indexing large binary corpora unintentionally.', + tags: ["advanced"], + }, + "agents.defaults.memorySearch.multimodal.maxFileBytes": { + label: "Memory Search Multimodal Max File Bytes", + help: "Sets the maximum bytes allowed per multimodal file before it is skipped during memory indexing. Use this to cap upload cost and indexing latency, or raise it for short high-quality audio clips.", + tags: ["performance", "storage"], + }, + "agents.defaults.memorySearch.experimental.sessionMemory": { + label: "Memory Search Session Index (Experimental)", + help: "Indexes session transcripts into memory search so responses can reference prior chat turns. Keep this off unless transcript recall is needed, because indexing cost and storage usage both increase.", + tags: ["security", "storage", "advanced"], + }, + "agents.defaults.memorySearch.provider": { + label: "Memory Search Provider", + help: 'Selects the embedding backend used to build/query memory vectors: "openai", "gemini", "voyage", "mistral", "ollama", or "local". Keep your most reliable provider here and configure fallback for resilience.', + tags: ["advanced"], + }, + "agents.defaults.memorySearch.remote.baseUrl": { + label: "Remote Embedding Base URL", + help: "Overrides the embedding API endpoint, such as an OpenAI-compatible proxy or custom Gemini base URL. Use this only when routing through your own gateway or vendor endpoint; keep provider defaults otherwise.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.remote.apiKey": { + label: "Remote Embedding API Key", + help: "Supplies a dedicated API key for remote embedding calls used by memory indexing and query-time embeddings. Use this when memory embeddings should use different credentials than global defaults or environment variables.", + tags: ["security", "auth"], + sensitive: true, + }, + "agents.defaults.memorySearch.remote.headers": { + label: "Remote Embedding Headers", + help: "Adds custom HTTP headers to remote embedding requests, merged with provider defaults. Use this for proxy auth and tenant routing headers, and keep values minimal to avoid leaking sensitive metadata.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.remote.batch.enabled": { + label: "Remote Batch Embedding Enabled", + help: "Enables provider batch APIs for embedding jobs when supported (OpenAI/Gemini), improving throughput on larger index runs. Keep this enabled unless debugging provider batch failures or running very small workloads.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.remote.batch.wait": { + label: "Remote Batch Wait for Completion", + help: "Waits for batch embedding jobs to fully finish before the indexing operation completes. Keep this enabled for deterministic indexing state; disable only if you accept delayed consistency.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.remote.batch.concurrency": { + label: "Remote Batch Concurrency", + help: "Limits how many embedding batch jobs run at the same time during indexing (default: 2). Increase carefully for faster bulk indexing, but watch provider rate limits and queue errors.", + tags: ["performance"], + }, + "agents.defaults.memorySearch.remote.batch.pollIntervalMs": { + label: "Remote Batch Poll Interval (ms)", + help: "Controls how often the system polls provider APIs for batch job status in milliseconds (default: 2000). Use longer intervals to reduce API chatter, or shorter intervals for faster completion detection.", + tags: ["performance"], + }, + "agents.defaults.memorySearch.remote.batch.timeoutMinutes": { + label: "Remote Batch Timeout (min)", + help: "Sets the maximum wait time for a full embedding batch operation in minutes (default: 60). Increase for very large corpora or slower providers, and lower it to fail fast in automation-heavy flows.", + tags: ["performance"], + }, + "agents.defaults.memorySearch.model": { + label: "Memory Search Model", + help: "Embedding model override used by the selected memory provider when a non-default model is required. Set this only when you need explicit recall quality/cost tuning beyond provider defaults.", + tags: ["models"], + }, + "agents.defaults.memorySearch.outputDimensionality": { + label: "Memory Search Output Dimensionality", + help: "Gemini embedding-2 only: chooses the output vector size for memory embeddings. Use 768, 1536, or 3072 (default), and expect a full reindex when you change it because stored vector dimensions must stay consistent.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.fallback": { + label: "Memory Search Fallback", + help: 'Backup provider used when primary embeddings fail: "openai", "gemini", "voyage", "mistral", "ollama", "local", or "none". Set a real fallback for production reliability; use "none" only if you prefer explicit failures.', + tags: ["reliability"], + }, + "agents.defaults.memorySearch.local.modelPath": { + label: "Local Embedding Model Path", + help: "Specifies the local embedding model source for local memory search, such as a GGUF file path or `hf:` URI. Use this only when provider is `local`, and verify model compatibility before large index rebuilds.", + tags: ["storage"], + }, + "agents.defaults.memorySearch.store.path": { + label: "Memory Search Index Path", + help: "Sets where the SQLite memory index is stored on disk for each agent. Keep the default `~/.openclaw/memory/{agentId}.sqlite` unless you need custom storage placement or backup policy alignment.", + tags: ["storage"], + }, + "agents.defaults.memorySearch.store.vector.enabled": { + label: "Memory Search Vector Index", + help: "Enables the sqlite-vec extension used for vector similarity queries in memory search (default: true). Keep this enabled for normal semantic recall; disable only for debugging or fallback-only operation.", + tags: ["storage"], + }, + "agents.defaults.memorySearch.store.vector.extensionPath": { + label: "Memory Search Vector Extension Path", + help: "Overrides the auto-discovered sqlite-vec extension library path (`.dylib`, `.so`, or `.dll`). Use this when your runtime cannot find sqlite-vec automatically or you pin a known-good build.", + tags: ["storage"], + }, + "agents.defaults.memorySearch.chunking.tokens": { + label: "Memory Chunk Tokens", + help: "Chunk size in tokens used when splitting memory sources before embedding/indexing. Increase for broader context per chunk, or lower to improve precision on pinpoint lookups.", + tags: ["security", "auth"], + }, + "agents.defaults.memorySearch.chunking.overlap": { + label: "Memory Chunk Overlap Tokens", + help: "Token overlap between adjacent memory chunks to preserve context continuity near split boundaries. Use modest overlap to reduce boundary misses without inflating index size too aggressively.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.sync.onSessionStart": { + label: "Index on Session Start", + help: "Triggers a memory index sync when a session starts so early turns see fresh memory content. Keep enabled when startup freshness matters more than initial turn latency.", + tags: ["storage", "automation"], + }, + "agents.defaults.memorySearch.sync.onSearch": { + label: "Index on Search (Lazy)", + help: "Uses lazy sync by scheduling reindex on search after content changes are detected. Keep enabled for lower idle overhead, or disable if you require pre-synced indexes before any query.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.sync.watch": { + label: "Watch Memory Files", + help: "Watches memory files and schedules index updates from file-change events (chokidar). Enable for near-real-time freshness; disable on very large workspaces if watch churn is too noisy.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.sync.watchDebounceMs": { + label: "Memory Watch Debounce (ms)", + help: "Debounce window in milliseconds for coalescing rapid file-watch events before reindex runs. Increase to reduce churn on frequently-written files, or lower for faster freshness.", + tags: ["performance", "automation"], + }, + "agents.defaults.memorySearch.sync.sessions.deltaBytes": { + label: "Session Delta Bytes", + help: "Requires at least this many newly appended bytes before session transcript changes trigger reindex (default: 100000). Increase to reduce frequent small reindexes, or lower for faster transcript freshness.", + tags: ["storage"], + }, + "agents.defaults.memorySearch.sync.sessions.deltaMessages": { + label: "Session Delta Messages", + help: "Requires at least this many appended transcript messages before reindex is triggered (default: 50). Lower this for near-real-time transcript recall, or raise it to reduce indexing churn.", + tags: ["storage"], + }, + "agents.defaults.memorySearch.sync.sessions.postCompactionForce": { + label: "Force Reindex After Compaction", + help: "Forces a session memory-search reindex after compaction-triggered transcript updates (default: true). Keep enabled when compacted summaries must be immediately searchable, or disable to reduce write-time indexing pressure.", + tags: ["storage"], + }, + "agents.defaults.memorySearch.query.maxResults": { + label: "Memory Search Max Results", + help: "Maximum number of memory hits returned from search before downstream reranking and prompt injection. Raise for broader recall, or lower for tighter prompts and faster responses.", + tags: ["performance"], + }, + "agents.defaults.memorySearch.query.minScore": { + label: "Memory Search Min Score", + help: "Minimum relevance score threshold for including memory results in final recall output. Increase to reduce weak/noisy matches, or lower when you need more permissive retrieval.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.query.hybrid.enabled": { + label: "Memory Search Hybrid", + help: "Combines BM25 keyword matching with vector similarity for better recall on mixed exact + semantic queries. Keep enabled unless you are isolating ranking behavior for troubleshooting.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.query.hybrid.vectorWeight": { + label: "Memory Search Vector Weight", + help: "Controls how strongly semantic similarity influences hybrid ranking (0-1). Increase when paraphrase matching matters more than exact terms; decrease for stricter keyword emphasis.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.query.hybrid.textWeight": { + label: "Memory Search Text Weight", + help: "Controls how strongly BM25 keyword relevance influences hybrid ranking (0-1). Increase for exact-term matching; decrease when semantic matches should rank higher.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.query.hybrid.candidateMultiplier": { + label: "Memory Search Hybrid Candidate Multiplier", + help: "Expands the candidate pool before reranking (default: 4). Raise this for better recall on noisy corpora, but expect more compute and slightly slower searches.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.query.hybrid.mmr.enabled": { + label: "Memory Search MMR Re-ranking", + help: "Adds MMR reranking to diversify results and reduce near-duplicate snippets in a single answer window. Enable when recall looks repetitive; keep off for strict score ordering.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.query.hybrid.mmr.lambda": { + label: "Memory Search MMR Lambda", + help: "Sets MMR relevance-vs-diversity balance (0 = most diverse, 1 = most relevant, default: 0.7). Lower values reduce repetition; higher values keep tightly relevant but may duplicate.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.query.hybrid.temporalDecay.enabled": { + label: "Memory Search Temporal Decay", + help: "Applies recency decay so newer memory can outrank older memory when scores are close. Enable when timeliness matters; keep off for timeless reference knowledge.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.query.hybrid.temporalDecay.halfLifeDays": { + label: "Memory Search Temporal Decay Half-life (Days)", + help: "Controls how fast older memory loses rank when temporal decay is enabled (half-life in days, default: 30). Lower values prioritize recent context more aggressively.", + tags: ["advanced"], + }, + "agents.defaults.memorySearch.cache.enabled": { + label: "Memory Search Embedding Cache", + help: "Caches computed chunk embeddings in SQLite so reindexing and incremental updates run faster (default: true). Keep this enabled unless investigating cache correctness or minimizing disk usage.", + tags: ["storage"], + }, + "agents.defaults.memorySearch.cache.maxEntries": { + label: "Memory Search Embedding Cache Max Entries", + help: "Sets a best-effort upper bound on cached embeddings kept in SQLite for memory search. Use this when controlling disk growth matters more than peak reindex speed.", + tags: ["performance", "storage"], + }, + memory: { + label: "Memory", + help: "Memory backend configuration (global).", + tags: ["advanced"], + }, + "memory.backend": { + label: "Memory Backend", + help: 'Selects the global memory engine: "builtin" uses OpenClaw memory internals, while "qmd" uses the QMD sidecar pipeline. Keep "builtin" unless you intentionally operate QMD.', + tags: ["storage"], + }, + "memory.citations": { + label: "Memory Citations Mode", + help: 'Controls citation visibility in replies: "auto" shows citations when useful, "on" always shows them, and "off" hides them. Keep "auto" for a balanced signal-to-noise default.', + tags: ["storage"], + }, + "memory.qmd.command": { + label: "QMD Binary", + help: "Sets the executable path for the `qmd` binary used by the QMD backend (default: resolved from PATH). Use an explicit absolute path when multiple qmd installs exist or PATH differs across environments.", + tags: ["storage"], + }, + "memory.qmd.mcporter": { + label: "QMD MCPorter", + help: "Routes QMD work through mcporter (MCP runtime) instead of spawning `qmd` for each call. Use this when cold starts are expensive on large models; keep direct process mode for simpler local setups.", + tags: ["storage"], + }, + "memory.qmd.mcporter.enabled": { + label: "QMD MCPorter Enabled", + help: "Routes QMD through an mcporter daemon instead of spawning qmd per request, reducing cold-start overhead for larger models. Keep disabled unless mcporter is installed and configured.", + tags: ["storage"], + }, + "memory.qmd.mcporter.serverName": { + label: "QMD MCPorter Server Name", + help: "Names the mcporter server target used for QMD calls (default: qmd). Change only when your mcporter setup uses a custom server name for qmd mcp keep-alive.", + tags: ["storage"], + }, + "memory.qmd.mcporter.startDaemon": { + label: "QMD MCPorter Start Daemon", + help: "Automatically starts the mcporter daemon when mcporter-backed QMD mode is enabled (default: true). Keep enabled unless process lifecycle is managed externally by your service supervisor.", + tags: ["storage"], + }, + "memory.qmd.searchMode": { + label: "QMD Search Mode", + help: 'Selects the QMD retrieval path: "query" uses standard query flow, "search" uses search-oriented retrieval, and "vsearch" emphasizes vector retrieval. Keep default unless tuning relevance quality.', + tags: ["storage"], + }, + "memory.qmd.includeDefaultMemory": { + label: "QMD Include Default Memory", + help: "Automatically indexes default memory files (MEMORY.md and memory/**/*.md) into QMD collections. Keep enabled unless you want indexing controlled only through explicit custom paths.", + tags: ["storage"], + }, + "memory.qmd.paths": { + label: "QMD Extra Paths", + help: "Adds custom directories or files to include in QMD indexing, each with an optional name and glob pattern. Use this for project-specific knowledge locations that are outside default memory paths.", + tags: ["storage"], + }, + "memory.qmd.paths.path": { + label: "QMD Path", + help: "Defines the root location QMD should scan, using an absolute path or `~`-relative path. Use stable directories so collection identity does not drift across environments.", + tags: ["storage"], + }, + "memory.qmd.paths.pattern": { + label: "QMD Path Pattern", + help: "Filters files under each indexed root using a glob pattern, with default `**/*.md`. Use narrower patterns to reduce noise and indexing cost when directories contain mixed file types.", + tags: ["storage"], + }, + "memory.qmd.paths.name": { + label: "QMD Path Name", + help: "Sets a stable collection name for an indexed path instead of deriving it from filesystem location. Use this when paths vary across machines but you want consistent collection identity.", + tags: ["storage"], + }, + "memory.qmd.sessions.enabled": { + label: "QMD Session Indexing", + help: "Indexes session transcripts into QMD so recall can include prior conversation content (experimental, default: false). Enable only when transcript memory is required and you accept larger index churn.", + tags: ["storage"], + }, + "memory.qmd.sessions.exportDir": { + label: "QMD Session Export Directory", + help: "Overrides where sanitized session exports are written before QMD indexing. Use this when default state storage is constrained or when exports must land on a managed volume.", + tags: ["storage"], + }, + "memory.qmd.sessions.retentionDays": { + label: "QMD Session Retention (days)", + help: "Defines how long exported session files are kept before automatic pruning, in days (default: unlimited). Set a finite value for storage hygiene or compliance retention policies.", + tags: ["storage"], + }, + "memory.qmd.update.interval": { + label: "QMD Update Interval", + help: "Sets how often QMD refreshes indexes from source content (duration string, default: 5m). Shorter intervals improve freshness but increase background CPU and I/O.", + tags: ["performance", "storage"], + }, + "memory.qmd.update.debounceMs": { + label: "QMD Update Debounce (ms)", + help: "Sets the minimum delay between consecutive QMD refresh attempts in milliseconds (default: 15000). Increase this if frequent file changes cause update thrash or unnecessary background load.", + tags: ["performance", "storage"], + }, + "memory.qmd.update.onBoot": { + label: "QMD Update on Startup", + help: "Runs an initial QMD update once during gateway startup (default: true). Keep enabled so recall starts from a fresh baseline; disable only when startup speed is more important than immediate freshness.", + tags: ["storage"], + }, + "memory.qmd.update.waitForBootSync": { + label: "QMD Wait for Boot Sync", + help: "Blocks startup completion until the initial boot-time QMD sync finishes (default: false). Enable when you need fully up-to-date recall before serving traffic, and keep off for faster boot.", + tags: ["storage"], + }, + "memory.qmd.update.embedInterval": { + label: "QMD Embed Interval", + help: "Sets how often QMD recomputes embeddings (duration string, default: 60m; set 0 to disable periodic embeds). Lower intervals improve freshness but increase embedding workload and cost.", + tags: ["performance", "storage"], + }, + "memory.qmd.update.commandTimeoutMs": { + label: "QMD Command Timeout (ms)", + help: "Sets timeout for QMD maintenance commands such as collection list/add in milliseconds (default: 30000). Increase when running on slower disks or remote filesystems that delay command completion.", + tags: ["performance", "storage"], + }, + "memory.qmd.update.updateTimeoutMs": { + label: "QMD Update Timeout (ms)", + help: "Sets maximum runtime for each `qmd update` cycle in milliseconds (default: 120000). Raise this for larger collections; lower it when you want quicker failure detection in automation.", + tags: ["performance", "storage"], + }, + "memory.qmd.update.embedTimeoutMs": { + label: "QMD Embed Timeout (ms)", + help: "Sets maximum runtime for each `qmd embed` cycle in milliseconds (default: 120000). Increase for heavier embedding workloads or slower hardware, and lower to fail fast under tight SLAs.", + tags: ["performance", "storage"], + }, + "memory.qmd.limits.maxResults": { + label: "QMD Max Results", + help: "Limits how many QMD hits are returned into the agent loop for each recall request (default: 6). Increase for broader recall context, or lower to keep prompts tighter and faster.", + tags: ["performance", "storage"], + }, + "memory.qmd.limits.maxSnippetChars": { + label: "QMD Max Snippet Chars", + help: "Caps per-result snippet length extracted from QMD hits in characters (default: 700). Lower this when prompts bloat quickly, and raise only if answers consistently miss key details.", + tags: ["performance", "storage"], + }, + "memory.qmd.limits.maxInjectedChars": { + label: "QMD Max Injected Chars", + help: "Caps how much QMD text can be injected into one turn across all hits. Use lower values to control prompt bloat and latency; raise only when context is consistently truncated.", + tags: ["performance", "storage"], + }, + "memory.qmd.limits.timeoutMs": { + label: "QMD Search Timeout (ms)", + help: "Sets per-query QMD search timeout in milliseconds (default: 4000). Increase for larger indexes or slower environments, and lower to keep request latency bounded.", + tags: ["performance", "storage"], + }, + "memory.qmd.scope": { + label: "QMD Surface Scope", + help: "Defines which sessions/channels are eligible for QMD recall using session.sendPolicy-style rules. Keep default direct-only scope unless you intentionally want cross-chat memory sharing.", + tags: ["storage"], + }, + auth: { + label: "Auth", + help: "Authentication profile root used for multi-profile provider credentials and cooldown-based failover ordering. Keep profiles minimal and explicit so automatic failover behavior stays auditable.", + tags: ["advanced"], + }, + "auth.profiles": { + label: "Auth Profiles", + help: "Named auth profiles (provider + mode + optional email).", + tags: ["auth", "access", "storage"], + }, + "auth.order": { + label: "Auth Profile Order", + help: "Ordered auth profile IDs per provider (used for automatic failover).", + tags: ["auth", "access"], + }, + "auth.cooldowns": { + label: "Auth Cooldowns", + help: "Cooldown/backoff controls for temporary profile suppression after billing-related failures and retry windows. Use these to prevent rapid re-selection of profiles that are still blocked.", + tags: ["auth", "access"], + }, + acp: { + label: "ACP", + help: "ACP runtime controls for enabling dispatch, selecting backends, constraining allowed agent targets, and tuning streamed turn projection behavior.", + tags: ["advanced"], + }, + "acp.enabled": { + label: "ACP Enabled", + help: "Global ACP feature gate. Keep disabled unless ACP runtime + policy are configured.", + tags: ["advanced"], + }, + "acp.dispatch.enabled": { + label: "ACP Dispatch Enabled", + help: "Independent dispatch gate for ACP session turns (default: true). Set false to keep ACP commands available while blocking ACP turn execution.", + tags: ["advanced"], + }, + "acp.backend": { + label: "ACP Backend", + help: "Default ACP runtime backend id (for example: acpx). Must match a registered ACP runtime plugin backend.", + tags: ["advanced"], + }, + "acp.defaultAgent": { + label: "ACP Default Agent", + help: "Fallback ACP target agent id used when ACP spawns do not specify an explicit target.", + tags: ["advanced"], + }, + "acp.allowedAgents": { + label: "ACP Allowed Agents", + help: "Allowlist of ACP target agent ids permitted for ACP runtime sessions. Empty means no additional allowlist restriction.", + tags: ["access"], + }, + "acp.maxConcurrentSessions": { + label: "ACP Max Concurrent Sessions", + help: "Maximum concurrently active ACP sessions across this gateway process.", + tags: ["performance", "storage"], + }, + "acp.stream": { + label: "ACP Stream", + help: "ACP streaming projection controls for chunk sizing, metadata visibility, and deduped delivery behavior.", + tags: ["advanced"], + }, + "acp.stream.coalesceIdleMs": { + label: "ACP Stream Coalesce Idle (ms)", + help: "Coalescer idle flush window in milliseconds for ACP streamed text before block replies are emitted.", + tags: ["advanced"], + }, + "acp.stream.maxChunkChars": { + label: "ACP Stream Max Chunk Chars", + help: "Maximum chunk size for ACP streamed block projection before splitting into multiple block replies.", + tags: ["performance"], + }, + "acp.stream.repeatSuppression": { + label: "ACP Stream Repeat Suppression", + help: "When true (default), suppress repeated ACP status/tool projection lines in a turn while keeping raw ACP events unchanged.", + tags: ["advanced"], + }, + "acp.stream.deliveryMode": { + label: "ACP Stream Delivery Mode", + help: "ACP delivery style: live streams projected output incrementally, final_only buffers all projected ACP output until terminal turn events.", + tags: ["advanced"], + }, + "acp.stream.hiddenBoundarySeparator": { + label: "ACP Stream Hidden Boundary Separator", + help: "Separator inserted before next visible assistant text when hidden ACP tool lifecycle events occurred (none|space|newline|paragraph). Default: paragraph.", + tags: ["advanced"], + }, + "acp.stream.maxOutputChars": { + label: "ACP Stream Max Output Chars", + help: "Maximum assistant output characters projected per ACP turn before truncation notice is emitted.", + tags: ["performance"], + }, + "acp.stream.maxSessionUpdateChars": { + label: "ACP Stream Max Session Update Chars", + help: "Maximum characters for projected ACP session/update lines (tool/status updates).", + tags: ["performance", "storage"], + }, + "acp.stream.tagVisibility": { + label: "ACP Stream Tag Visibility", + help: "Per-sessionUpdate visibility overrides for ACP projection (for example usage_update, available_commands_update).", + tags: ["advanced"], + }, + "acp.runtime.ttlMinutes": { + label: "ACP Runtime TTL (minutes)", + help: "Idle runtime TTL in minutes for ACP session workers before eligible cleanup.", + tags: ["advanced"], + }, + "acp.runtime.installCommand": { + label: "ACP Runtime Install Command", + help: "Optional operator install/setup command shown by `/acp install` and `/acp doctor` when ACP backend wiring is missing.", + tags: ["advanced"], + }, + "models.mode": { + label: "Model Catalog Mode", + help: 'Controls provider catalog behavior: "merge" keeps built-ins and overlays your custom providers, while "replace" uses only your configured providers. In "merge", matching provider IDs preserve non-empty agent models.json baseUrl values, while apiKey values are preserved only when the provider is not SecretRef-managed in current config/auth-profile context; SecretRef-managed providers refresh apiKey from current source markers, and matching model contextWindow/maxTokens use the higher value between explicit and implicit entries.', + tags: ["models"], + }, + "models.providers": { + label: "Model Providers", + help: "Provider map keyed by provider ID containing connection/auth settings and concrete model definitions. Use stable provider keys so references from agents and tooling remain portable across environments.", + tags: ["models"], + }, + "models.providers.*.baseUrl": { + label: "Model Provider Base URL", + help: "Base URL for the provider endpoint used to serve model requests for that provider entry. Use HTTPS endpoints and keep URLs environment-specific through config templating where needed.", + tags: ["models"], + }, + "models.providers.*.apiKey": { + label: "Model Provider API Key", + help: "Provider credential used for API-key based authentication when the provider requires direct key auth. Use secret/env substitution and avoid storing real keys in committed config files.", + tags: ["security", "auth", "models"], + sensitive: true, + }, + "models.providers.*.auth": { + label: "Model Provider Auth Mode", + help: 'Selects provider auth style: "api-key" for API key auth, "token" for bearer token auth, "oauth" for OAuth credentials, and "aws-sdk" for AWS credential resolution. Match this to your provider requirements.', + tags: ["models"], + }, + "models.providers.*.api": { + label: "Model Provider API Adapter", + help: "Provider API adapter selection controlling request/response compatibility handling for model calls. Use the adapter that matches your upstream provider protocol to avoid feature mismatch.", + tags: ["models"], + }, + "models.providers.*.injectNumCtxForOpenAICompat": { + label: "Model Provider Inject num_ctx (OpenAI Compat)", + help: "Controls whether OpenClaw injects `options.num_ctx` for Ollama providers configured with the OpenAI-compatible adapter (`openai-completions`). Default is true. Set false only if your proxy/upstream rejects unknown `options` payload fields.", + tags: ["models"], + }, + "models.providers.*.headers": { + label: "Model Provider Headers", + help: "Static HTTP headers merged into provider requests for tenant routing, proxy auth, or custom gateway requirements. Use this sparingly and keep sensitive header values in secrets.", + tags: ["models"], + }, + "models.providers.*.authHeader": { + label: "Model Provider Authorization Header", + help: "When true, credentials are sent via the HTTP Authorization header even if alternate auth is possible. Use this only when your provider or proxy explicitly requires Authorization forwarding.", + tags: ["models"], + }, + "models.providers.*.models": { + label: "Model Provider Model List", + help: "Declared model list for a provider including identifiers, metadata, and optional compatibility/cost hints. Keep IDs exact to provider catalog values so selection and fallback resolve correctly.", + tags: ["models"], + }, + "models.bedrockDiscovery": { + label: "Bedrock Model Discovery", + help: "Automatic AWS Bedrock model discovery settings used to synthesize provider model entries from account visibility. Keep discovery scoped and refresh intervals conservative to reduce API churn.", + tags: ["models"], + }, + "models.bedrockDiscovery.enabled": { + label: "Bedrock Discovery Enabled", + help: "Enables periodic Bedrock model discovery and catalog refresh for Bedrock-backed providers. Keep disabled unless Bedrock is actively used and IAM permissions are correctly configured.", + tags: ["models"], + }, + "models.bedrockDiscovery.region": { + label: "Bedrock Discovery Region", + help: "AWS region used for Bedrock discovery calls when discovery is enabled for your deployment. Use the region where your Bedrock models are provisioned to avoid empty discovery results.", + tags: ["models"], + }, + "models.bedrockDiscovery.providerFilter": { + label: "Bedrock Discovery Provider Filter", + help: "Optional provider allowlist filter for Bedrock discovery so only selected providers are refreshed. Use this to limit discovery scope in multi-provider environments.", + tags: ["models"], + }, + "models.bedrockDiscovery.refreshInterval": { + label: "Bedrock Discovery Refresh Interval (s)", + help: "Refresh cadence for Bedrock discovery polling in seconds to detect newly available models over time. Use longer intervals in production to reduce API cost and control-plane noise.", + tags: ["performance", "models"], + }, + "models.bedrockDiscovery.defaultContextWindow": { + label: "Bedrock Default Context Window", + help: "Fallback context-window value applied to discovered models when provider metadata lacks explicit limits. Use realistic defaults to avoid oversized prompts that exceed true provider constraints.", + tags: ["models"], + }, + "models.bedrockDiscovery.defaultMaxTokens": { + label: "Bedrock Default Max Tokens", + help: "Fallback max-token value applied to discovered models without explicit output token limits. Use conservative defaults to reduce truncation surprises and unexpected token spend.", + tags: ["security", "auth", "performance", "models"], + }, + "auth.cooldowns.billingBackoffHours": { + label: "Billing Backoff (hours)", + help: "Base backoff (hours) when a profile fails due to billing/insufficient credits (default: 5).", + tags: ["auth", "access", "reliability"], + }, + "auth.cooldowns.billingBackoffHoursByProvider": { + label: "Billing Backoff Overrides", + help: "Optional per-provider overrides for billing backoff (hours).", + tags: ["auth", "access", "reliability"], + }, + "auth.cooldowns.billingMaxHours": { + label: "Billing Backoff Cap (hours)", + help: "Cap (hours) for billing backoff (default: 24).", + tags: ["auth", "access", "performance"], + }, + "auth.cooldowns.failureWindowHours": { + label: "Failover Window (hours)", + help: "Failure window (hours) for backoff counters (default: 24).", + tags: ["auth", "access"], + }, + "agents.defaults.models": { + label: "Models", + help: "Configured model catalog (keys are full provider/model IDs).", + tags: ["models"], + }, + "agents.defaults.model.primary": { + label: "Primary Model", + help: "Primary model (provider/model).", + tags: ["models"], + }, + "agents.defaults.model.fallbacks": { + label: "Model Fallbacks", + help: "Ordered fallback models (provider/model). Used when the primary model fails.", + tags: ["reliability", "models"], + }, + "agents.defaults.imageModel.primary": { + label: "Image Model", + help: "Optional image model (provider/model) used when the primary model lacks image input.", + tags: ["models", "media"], + }, + "agents.defaults.imageModel.fallbacks": { + label: "Image Model Fallbacks", + help: "Ordered fallback image models (provider/model).", + tags: ["reliability", "models", "media"], + }, + "agents.defaults.imageGenerationModel.primary": { + label: "Image Generation Model", + help: "Optional image-generation model (provider/model) used by the shared image generation capability.", + tags: ["media"], + }, + "agents.defaults.imageGenerationModel.fallbacks": { + label: "Image Generation Model Fallbacks", + help: "Ordered fallback image-generation models (provider/model).", + tags: ["reliability", "media"], + }, + "agents.defaults.pdfModel.primary": { + label: "PDF Model", + help: "Optional PDF model (provider/model) for the PDF analysis tool. Defaults to imageModel, then session model.", + tags: ["advanced"], + }, + "agents.defaults.pdfModel.fallbacks": { + label: "PDF Model Fallbacks", + help: "Ordered fallback PDF models (provider/model).", + tags: ["reliability"], + }, + "agents.defaults.pdfMaxBytesMb": { + label: "PDF Max Size (MB)", + help: "Maximum PDF file size in megabytes for the PDF tool (default: 10).", + tags: ["performance"], + }, + "agents.defaults.pdfMaxPages": { + label: "PDF Max Pages", + help: "Maximum number of PDF pages to process for the PDF tool (default: 20).", + tags: ["performance"], + }, + "agents.defaults.imageMaxDimensionPx": { + label: "Image Max Dimension (px)", + help: "Max image side length in pixels when sanitizing transcript/tool-result image payloads (default: 1200).", + tags: ["performance", "media"], + }, + "agents.defaults.humanDelay.mode": { + label: "Human Delay Mode", + help: 'Delay style for block replies ("off", "natural", "custom").', + tags: ["advanced"], + }, + "agents.defaults.humanDelay.minMs": { + label: "Human Delay Min (ms)", + help: "Minimum delay in ms for custom humanDelay (default: 800).", + tags: ["advanced"], + }, + "agents.defaults.humanDelay.maxMs": { + label: "Human Delay Max (ms)", + help: "Maximum delay in ms for custom humanDelay (default: 2500).", + tags: ["performance"], + }, + "agents.defaults.cliBackends": { + label: "CLI Backends", + help: "Optional CLI backends for text-only fallback (claude-cli, etc.).", + tags: ["advanced"], + }, + "agents.defaults.compaction": { + label: "Compaction", + help: "Compaction tuning for when context nears token limits, including history share, reserve headroom, and pre-compaction memory flush behavior. Use this when long-running sessions need stable continuity under tight context windows.", + tags: ["advanced"], + }, + "agents.defaults.compaction.mode": { + label: "Compaction Mode", + help: 'Compaction strategy mode: "default" uses baseline behavior, while "safeguard" applies stricter guardrails to preserve recent context. Keep "default" unless you observe aggressive history loss near limit boundaries.', + tags: ["advanced"], + }, + "agents.defaults.compaction.reserveTokens": { + label: "Compaction Reserve Tokens", + help: "Token headroom reserved for reply generation and tool output after compaction runs. Use higher reserves for verbose/tool-heavy sessions, and lower reserves when maximizing retained history matters more.", + tags: ["security", "auth"], + }, + "agents.defaults.compaction.keepRecentTokens": { + label: "Compaction Keep Recent Tokens", + help: "Minimum token budget preserved from the most recent conversation window during compaction. Use higher values to protect immediate context continuity and lower values to keep more long-tail history.", + tags: ["security", "auth"], + }, + "agents.defaults.compaction.reserveTokensFloor": { + label: "Compaction Reserve Token Floor", + help: "Minimum floor enforced for reserveTokens in Pi compaction paths (0 disables the floor guard). Use a non-zero floor to avoid over-aggressive compression under fluctuating token estimates.", + tags: ["security", "auth"], + }, + "agents.defaults.compaction.maxHistoryShare": { + label: "Compaction Max History Share", + help: "Maximum fraction of total context budget allowed for retained history after compaction (range 0.1-0.9). Use lower shares for more generation headroom or higher shares for deeper historical continuity.", + tags: ["performance"], + }, + "agents.defaults.compaction.identifierPolicy": { + label: "Compaction Identifier Policy", + help: 'Identifier-preservation policy for compaction summaries: "strict" prepends built-in opaque-identifier retention guidance (default), "off" disables this prefix, and "custom" uses identifierInstructions. Keep "strict" unless you have a specific compatibility need.', + tags: ["access"], + }, + "agents.defaults.compaction.identifierInstructions": { + label: "Compaction Identifier Instructions", + help: 'Custom identifier-preservation instruction text used when identifierPolicy="custom". Keep this explicit and safety-focused so compaction summaries do not rewrite opaque IDs, URLs, hosts, or ports.', + tags: ["advanced"], + }, + "agents.defaults.compaction.recentTurnsPreserve": { + label: "Compaction Preserve Recent Turns", + help: "Number of most recent user/assistant turns kept verbatim outside safeguard summarization (default: 3). Raise this to preserve exact recent dialogue context, or lower it to maximize compaction savings.", + tags: ["advanced"], + }, + "agents.defaults.compaction.qualityGuard": { + label: "Compaction Quality Guard", + help: "Optional quality-audit retry settings for safeguard compaction summaries. Leave this disabled unless you explicitly want summary audits and one-shot regeneration on failed checks.", + tags: ["advanced"], + }, + "agents.defaults.compaction.qualityGuard.enabled": { + label: "Compaction Quality Guard Enabled", + help: "Enables summary quality audits and regeneration retries for safeguard compaction. Default: false, so safeguard mode alone does not turn on retry behavior.", + tags: ["advanced"], + }, + "agents.defaults.compaction.qualityGuard.maxRetries": { + label: "Compaction Quality Guard Max Retries", + help: "Maximum number of regeneration retries after a failed safeguard summary quality audit. Use small values to bound extra latency and token cost.", + tags: ["performance"], + }, + "agents.defaults.compaction.postIndexSync": { + label: "Compaction Post-Index Sync", + help: 'Controls post-compaction session memory reindex mode: "off", "async", or "await" (default: "async"). Use "await" for strongest freshness, "async" for lower compaction latency, and "off" only when session-memory sync is handled elsewhere.', + tags: ["advanced"], + }, + "agents.defaults.compaction.postCompactionSections": { + label: "Post-Compaction Context Sections", + help: 'AGENTS.md H2/H3 section names re-injected after compaction so the agent reruns critical startup guidance. Leave unset to use "Session Startup"/"Red Lines" with legacy fallback to "Every Session"/"Safety"; set to [] to disable reinjection entirely.', + tags: ["advanced"], + }, + "agents.defaults.compaction.timeoutSeconds": { + label: "Compaction Timeout (Seconds)", + help: "Maximum time in seconds allowed for a single compaction operation before it is aborted (default: 900). Increase this for very large sessions that need more time to summarize, or decrease it to fail faster on unresponsive models.", + tags: ["performance"], + }, + "agents.defaults.compaction.model": { + label: "Compaction Model Override", + help: "Optional provider/model override used only for compaction summarization. Set this when you want compaction to run on a different model than the session default, and leave it unset to keep using the primary agent model.", + tags: ["models"], + }, + "agents.defaults.compaction.truncateAfterCompaction": { + label: "Truncate After Compaction", + help: "When enabled, rewrites the session JSONL file after compaction to remove entries that were summarized. Prevents unbounded file growth in long-running sessions with many compaction cycles. Default: false.", + tags: ["advanced"], + }, + "agents.defaults.compaction.memoryFlush": { + label: "Compaction Memory Flush", + help: "Pre-compaction memory flush settings that run an agentic memory write before heavy compaction. Keep enabled for long sessions so salient context is persisted before aggressive trimming.", + tags: ["advanced"], + }, + "agents.defaults.compaction.memoryFlush.enabled": { + label: "Compaction Memory Flush Enabled", + help: "Enables pre-compaction memory flush before the runtime performs stronger history reduction near token limits. Keep enabled unless you intentionally disable memory side effects in constrained environments.", + tags: ["advanced"], + }, + "agents.defaults.compaction.memoryFlush.softThresholdTokens": { + label: "Compaction Memory Flush Soft Threshold", + help: "Threshold distance to compaction (in tokens) that triggers pre-compaction memory flush execution. Use earlier thresholds for safer persistence, or tighter thresholds for lower flush frequency.", + tags: ["security", "auth"], + }, + "agents.defaults.compaction.memoryFlush.forceFlushTranscriptBytes": { + label: "Compaction Memory Flush Transcript Size Threshold", + help: 'Forces pre-compaction memory flush when transcript file size reaches this threshold (bytes or strings like "2mb"). Use this to prevent long-session hangs even when token counters are stale; set to 0 to disable.', + tags: ["advanced"], + }, + "agents.defaults.compaction.memoryFlush.prompt": { + label: "Compaction Memory Flush Prompt", + help: "User-prompt template used for the pre-compaction memory flush turn when generating memory candidates. Use this only when you need custom extraction instructions beyond the default memory flush behavior.", + tags: ["advanced"], + }, + "agents.defaults.compaction.memoryFlush.systemPrompt": { + label: "Compaction Memory Flush System Prompt", + help: "System-prompt override for the pre-compaction memory flush turn to control extraction style and safety constraints. Use carefully so custom instructions do not reduce memory quality or leak sensitive context.", + tags: ["advanced"], + }, + "agents.defaults.embeddedPi": { + label: "Embedded Pi", + help: "Embedded Pi runner hardening controls for how workspace-local Pi settings are trusted and applied in OpenClaw sessions.", + tags: ["advanced"], + }, + "agents.defaults.embeddedPi.projectSettingsPolicy": { + label: "Embedded Pi Project Settings Policy", + help: 'How embedded Pi handles workspace-local `.pi/config/settings.json`: "sanitize" (default) strips shellPath/shellCommandPrefix, "ignore" disables project settings entirely, and "trusted" applies project settings as-is.', + tags: ["access"], + }, + "agents.defaults.heartbeat.directPolicy": { + label: "Heartbeat Direct Policy", + help: 'Controls whether heartbeat delivery may target direct/DM chats: "allow" (default) permits DM delivery and "block" suppresses direct-target sends.', + tags: ["access", "storage", "automation"], + }, + "agents.list.*.heartbeat.directPolicy": { + label: "Heartbeat Direct Policy", + help: 'Per-agent override for heartbeat direct/DM delivery policy; use "block" for agents that should only send heartbeat alerts to non-DM destinations.', + tags: ["access", "storage", "automation"], + }, + "agents.defaults.heartbeat.suppressToolErrorWarnings": { + label: "Heartbeat Suppress Tool Error Warnings", + help: "Suppress tool error warning payloads during heartbeat runs.", + tags: ["automation"], + }, + "agents.defaults.sandbox.browser.network": { + label: "Sandbox Browser Network", + help: "Docker network for sandbox browser containers (default: openclaw-sandbox-browser). Avoid bridge if you need stricter isolation.", + tags: ["storage"], + }, + "agents.defaults.sandbox.browser.cdpSourceRange": { + label: "Sandbox Browser CDP Source Port Range", + help: "Optional CIDR allowlist for container-edge CDP ingress (for example 172.21.0.1/32).", + tags: ["storage"], + }, + "agents.defaults.sandbox.docker.dangerouslyAllowContainerNamespaceJoin": { + label: "Sandbox Docker Allow Container Namespace Join", + help: "DANGEROUS break-glass override that allows sandbox Docker network mode container:. This joins another container namespace and weakens sandbox isolation.", + tags: ["security", "access", "storage", "advanced"], + }, + "commands.native": { + label: "Native Commands", + help: "Registers native slash/menu commands with channels that support command registration (Discord, Slack, Telegram). Keep enabled for discoverability unless you intentionally run text-only command workflows.", + tags: ["advanced"], + }, + "commands.nativeSkills": { + label: "Native Skill Commands", + help: "Registers native skill commands so users can invoke skills directly from provider command menus where supported. Keep aligned with your skill policy so exposed commands match what operators expect.", + tags: ["advanced"], + }, + "commands.text": { + label: "Text Commands", + help: "Enables text-command parsing in chat input in addition to native command surfaces where available. Keep this enabled for compatibility across channels that do not support native command registration.", + tags: ["advanced"], + }, + "commands.bash": { + label: "Allow Bash Chat Command", + help: "Allow bash chat command (`!`; `/bash` alias) to run host shell commands (default: false; requires tools.elevated).", + tags: ["advanced"], + }, + "commands.bashForegroundMs": { + label: "Bash Foreground Window (ms)", + help: "How long bash waits before backgrounding (default: 2000; 0 backgrounds immediately).", + tags: ["advanced"], + }, + "commands.config": { + label: "Allow /config", + help: "Allow /config chat command to read/write config on disk (default: false).", + tags: ["advanced"], + }, + "commands.mcp": { + label: "Allow /mcp", + help: "Allow /mcp chat command to manage OpenClaw MCP server config under mcp.servers (default: false).", + tags: ["advanced"], + }, + "commands.plugins": { + label: "Allow /plugins", + help: "Allow /plugins chat command to list discovered plugins and toggle plugin enablement in config (default: false).", + tags: ["advanced"], + }, + "commands.debug": { + label: "Allow /debug", + help: "Allow /debug chat command for runtime-only overrides (default: false).", + tags: ["advanced"], + }, + "commands.restart": { + label: "Allow Restart", + help: "Allow /restart and gateway restart tool actions (default: true).", + tags: ["advanced"], + }, + "commands.useAccessGroups": { + label: "Use Access Groups", + help: "Enforce access-group allowlists/policies for commands.", + tags: ["access"], + }, + "commands.ownerAllowFrom": { + label: "Command Owners", + help: "Explicit owner allowlist for owner-only tools/commands. Use channel-native IDs (optionally prefixed like \"whatsapp:+15551234567\"). '*' is ignored.", + tags: ["access"], + }, + "commands.ownerDisplay": { + label: "Owner ID Display", + help: "Controls how owner IDs are rendered in the system prompt. Allowed values: raw, hash. Default: raw.", + tags: ["access"], + }, + "commands.ownerDisplaySecret": { + label: "Owner ID Hash Secret", + help: "Optional secret used to HMAC hash owner IDs when ownerDisplay=hash. Prefer env substitution.", + tags: ["security", "auth", "access"], + sensitive: true, + }, + "commands.allowFrom": { + label: "Command Elevated Access Rules", + help: "Defines elevated command allow rules by channel and sender for owner-level command surfaces. Use narrow provider-specific identities so privileged commands are not exposed to broad chat audiences.", + tags: ["access"], + }, + mcp: { + label: "MCP", + help: "Global MCP server definitions managed by OpenClaw. Embedded Pi and other runtime adapters can consume these servers without storing them inside Pi-owned project settings.", + tags: ["advanced"], + }, + "mcp.servers": { + label: "MCP Servers", + help: "Named MCP server definitions. OpenClaw stores them in its own config and runtime adapters decide which transports are supported at execution time.", + tags: ["advanced"], + }, + "ui.seamColor": { + label: "Accent Color", + help: "Primary accent color used by UI surfaces for emphasis, badges, and visual identity cues. Use high-contrast values that remain readable across light/dark themes.", + tags: ["advanced"], + }, + "ui.assistant": { + label: "Assistant Appearance", + help: "Assistant display identity settings for name and avatar shown in UI surfaces. Keep these values aligned with your operator-facing persona and support expectations.", + tags: ["advanced"], + }, + "ui.assistant.name": { + label: "Assistant Name", + help: "Display name shown for the assistant in UI views, chat chrome, and status contexts. Keep this stable so operators can reliably identify which assistant persona is active.", + tags: ["advanced"], + }, + "ui.assistant.avatar": { + label: "Assistant Avatar", + help: "Assistant avatar image source used in UI surfaces (URL, path, or data URI depending on runtime support). Use trusted assets and consistent branding dimensions for clean rendering.", + tags: ["advanced"], + }, + "browser.evaluateEnabled": { + label: "Browser Evaluate Enabled", + help: "Enables browser-side evaluate helpers for runtime script evaluation capabilities where supported. Keep disabled unless your workflows require evaluate semantics beyond snapshots/navigation.", + tags: ["advanced"], + }, + "browser.snapshotDefaults": { + label: "Browser Snapshot Defaults", + help: "Default snapshot capture configuration used when callers do not provide explicit snapshot options. Tune this for consistent capture behavior across channels and automation paths.", + tags: ["advanced"], + }, + "browser.snapshotDefaults.mode": { + label: "Browser Snapshot Mode", + help: "Default snapshot extraction mode controlling how page content is transformed for agent consumption. Choose the mode that balances readability, fidelity, and token footprint for your workflows.", + tags: ["advanced"], + }, + "browser.ssrfPolicy": { + label: "Browser SSRF Policy", + help: "Server-side request forgery guardrail settings for browser/network fetch paths that could reach internal hosts. Keep restrictive defaults in production and open only explicitly approved targets.", + tags: ["access"], + }, + "browser.ssrfPolicy.allowPrivateNetwork": { + label: "Browser Allow Private Network", + help: "Legacy alias for browser.ssrfPolicy.dangerouslyAllowPrivateNetwork. Prefer the dangerously-named key so risk intent is explicit.", + tags: ["access"], + }, + "browser.ssrfPolicy.dangerouslyAllowPrivateNetwork": { + label: "Browser Dangerously Allow Private Network", + help: "Allows access to private-network address ranges from browser tooling. Default is enabled for trusted-network operator setups; disable to enforce strict public-only resolution checks.", + tags: ["security", "access", "advanced"], + }, + "browser.ssrfPolicy.allowedHostnames": { + label: "Browser Allowed Hostnames", + help: "Explicit hostname allowlist exceptions for SSRF policy checks on browser/network requests. Keep this list minimal and review entries regularly to avoid stale broad access.", + tags: ["access"], + }, + "browser.ssrfPolicy.hostnameAllowlist": { + label: "Browser Hostname Allowlist", + help: "Legacy/alternate hostname allowlist field used by SSRF policy consumers for explicit host exceptions. Use stable exact hostnames and avoid wildcard-like broad patterns.", + tags: ["access"], + }, + "browser.remoteCdpTimeoutMs": { + label: "Remote CDP Timeout (ms)", + help: "Timeout in milliseconds for connecting to a remote CDP endpoint before failing the browser attach attempt. Increase for high-latency tunnels, or lower for faster failure detection.", + tags: ["performance"], + }, + "browser.remoteCdpHandshakeTimeoutMs": { + label: "Remote CDP Handshake Timeout (ms)", + help: "Timeout in milliseconds for post-connect CDP handshake readiness checks against remote browser targets. Raise this for slow-start remote browsers and lower to fail fast in automation loops.", + tags: ["performance"], + }, + "session.scope": { + label: "Session Scope", + help: 'Sets base session grouping strategy: "per-sender" isolates by sender and "global" shares one session per channel context. Keep "per-sender" for safer multi-user behavior unless deliberate shared context is required.', + tags: ["storage"], + }, + "session.dmScope": { + label: "DM Session Scope", + help: 'DM session scoping: "main" keeps continuity, while "per-peer", "per-channel-peer", and "per-account-channel-peer" increase isolation. Use isolated modes for shared inboxes or multi-account deployments.', + tags: ["storage"], + }, + "session.identityLinks": { + label: "Session Identity Links", + help: "Maps canonical identities to provider-prefixed peer IDs so equivalent users resolve to one DM thread (example: telegram:123456). Use this when the same human appears across multiple channels or accounts.", + tags: ["storage"], + }, + "session.resetTriggers": { + label: "Session Reset Triggers", + help: "Lists message triggers that force a session reset when matched in inbound content. Use sparingly for explicit reset phrases so context is not dropped unexpectedly during normal conversation.", + tags: ["storage"], + }, + "session.idleMinutes": { + label: "Session Idle Minutes", + help: "Applies a legacy idle reset window in minutes for session reuse behavior across inactivity gaps. Use this only for compatibility and prefer structured reset policies under session.reset/session.resetByType.", + tags: ["storage"], + }, + "session.reset": { + label: "Session Reset Policy", + help: "Defines the default reset policy object used when no type-specific or channel-specific override applies. Set this first, then layer resetByType or resetByChannel only where behavior must differ.", + tags: ["storage"], + }, + "session.reset.mode": { + label: "Session Reset Mode", + help: 'Selects reset strategy: "daily" resets at a configured hour and "idle" resets after inactivity windows. Keep one clear mode per policy to avoid surprising context turnover patterns.', + tags: ["storage"], + }, + "session.reset.atHour": { + label: "Session Daily Reset Hour", + help: "Sets local-hour boundary (0-23) for daily reset mode so sessions roll over at predictable times. Use with mode=daily and align to operator timezone expectations for human-readable behavior.", + tags: ["storage"], + }, + "session.reset.idleMinutes": { + label: "Session Reset Idle Minutes", + help: "Sets inactivity window before reset for idle mode and can also act as secondary guard with daily mode. Use larger values to preserve continuity or smaller values for fresher short-lived threads.", + tags: ["storage"], + }, + "session.resetByType": { + label: "Session Reset by Chat Type", + help: "Overrides reset behavior by chat type (direct, group, thread) when defaults are not sufficient. Use this when group/thread traffic needs different reset cadence than direct messages.", + tags: ["storage"], + }, + "session.resetByType.direct": { + label: "Session Reset (Direct)", + help: "Defines reset policy for direct chats and supersedes the base session.reset configuration for that type. Use this as the canonical direct-message override instead of the legacy dm alias.", + tags: ["storage"], + }, + "session.resetByType.dm": { + label: "Session Reset (DM Deprecated Alias)", + help: "Deprecated alias for direct reset behavior kept for backward compatibility with older configs. Use session.resetByType.direct instead so future tooling and validation remain consistent.", + tags: ["storage"], + }, + "session.resetByType.group": { + label: "Session Reset (Group)", + help: "Defines reset policy for group chat sessions where continuity and noise patterns differ from DMs. Use shorter idle windows for busy groups if context drift becomes a problem.", + tags: ["storage"], + }, + "session.resetByType.thread": { + label: "Session Reset (Thread)", + help: "Defines reset policy for thread-scoped sessions, including focused channel thread workflows. Use this when thread sessions should expire faster or slower than other chat types.", + tags: ["storage"], + }, + "session.resetByChannel": { + label: "Session Reset by Channel", + help: "Provides channel-specific reset overrides keyed by provider/channel id for fine-grained behavior control. Use this only when one channel needs exceptional reset behavior beyond type-level policies.", + tags: ["storage"], + }, + "session.store": { + label: "Session Store Path", + help: "Sets the session storage file path used to persist session records across restarts. Use an explicit path only when you need custom disk layout, backup routing, or mounted-volume storage.", + tags: ["storage"], + }, + "session.typingIntervalSeconds": { + label: "Session Typing Interval (seconds)", + help: "Controls interval for repeated typing indicators while replies are being prepared in typing-capable channels. Increase to reduce chatty updates or decrease for more active typing feedback.", + tags: ["performance", "storage"], + }, + "session.typingMode": { + label: "Session Typing Mode", + help: 'Controls typing behavior timing: "never", "instant", "thinking", or "message" based emission points. Keep conservative modes in high-volume channels to avoid unnecessary typing noise.', + tags: ["storage"], + }, + "session.parentForkMaxTokens": { + label: "Session Parent Fork Max Tokens", + help: "Maximum parent-session token count allowed for thread/session inheritance forking. If the parent exceeds this, OpenClaw starts a fresh thread session instead of forking; set 0 to disable this protection.", + tags: ["security", "auth", "performance", "storage"], + }, + "session.mainKey": { + label: "Session Main Key", + help: 'Overrides the canonical main session key used for continuity when dmScope or routing logic points to "main". Use a stable value only if you intentionally need custom session anchoring.', + tags: ["storage"], + }, + "session.sendPolicy": { + label: "Session Send Policy", + help: "Controls cross-session send permissions using allow/deny rules evaluated against channel, chatType, and key prefixes. Use this to fence where session tools can deliver messages in complex environments.", + tags: ["access", "storage"], + }, + "session.sendPolicy.default": { + label: "Session Send Policy Default Action", + help: 'Sets fallback action when no sendPolicy rule matches: "allow" or "deny". Keep "allow" for simpler setups, or choose "deny" when you require explicit allow rules for every destination.', + tags: ["access", "storage"], + }, + "session.sendPolicy.rules": { + label: "Session Send Policy Rules", + help: 'Ordered allow/deny rules evaluated before the default action, for example `{ action: "deny", match: { channel: "discord" } }`. Put most specific rules first so broad rules do not shadow exceptions.', + tags: ["access", "storage"], + }, + "session.sendPolicy.rules[].action": { + label: "Session Send Rule Action", + help: 'Defines rule decision as "allow" or "deny" when the corresponding match criteria are satisfied. Use deny-first ordering when enforcing strict boundaries with explicit allow exceptions.', + tags: ["access", "storage"], + }, + "session.sendPolicy.rules[].match": { + label: "Session Send Rule Match", + help: "Defines optional rule match conditions that can combine channel, chatType, and key-prefix constraints. Keep matches narrow so policy intent stays readable and debugging remains straightforward.", + tags: ["access", "storage"], + }, + "session.sendPolicy.rules[].match.channel": { + label: "Session Send Rule Channel", + help: "Matches rule application to a specific channel/provider id (for example discord, telegram, slack). Use this when one channel should permit or deny delivery independently of others.", + tags: ["access", "storage"], + }, + "session.sendPolicy.rules[].match.chatType": { + label: "Session Send Rule Chat Type", + help: "Matches rule application to chat type (direct, group, thread) so behavior varies by conversation form. Use this when DM and group destinations require different safety boundaries.", + tags: ["access", "storage"], + }, + "session.sendPolicy.rules[].match.keyPrefix": { + label: "Session Send Rule Key Prefix", + help: "Matches a normalized session-key prefix after internal key normalization steps in policy consumers. Use this for general prefix controls, and prefer rawKeyPrefix when exact full-key matching is required.", + tags: ["access", "storage"], + }, + "session.sendPolicy.rules[].match.rawKeyPrefix": { + label: "Session Send Rule Raw Key Prefix", + help: "Matches the raw, unnormalized session-key prefix for exact full-key policy targeting. Use this when normalized keyPrefix is too broad and you need agent-prefixed or transport-specific precision.", + tags: ["access", "storage"], + }, + "session.agentToAgent": { + label: "Session Agent-to-Agent", + help: "Groups controls for inter-agent session exchanges, including loop prevention limits on reply chaining. Keep defaults unless you run advanced agent-to-agent automation with strict turn caps.", + tags: ["storage"], + }, + "session.agentToAgent.maxPingPongTurns": { + label: "Agent-to-Agent Ping-Pong Turns", + help: "Max reply-back turns between requester and target agents during agent-to-agent exchanges (0-5). Use lower values to hard-limit chatter loops and preserve predictable run completion.", + tags: ["performance", "storage"], + }, + "session.threadBindings": { + label: "Session Thread Bindings", + help: "Shared defaults for thread-bound session routing behavior across providers that support thread focus workflows. Configure global defaults here and override per channel only when behavior differs.", + tags: ["storage"], + }, + "session.threadBindings.enabled": { + label: "Thread Binding Enabled", + help: "Global master switch for thread-bound session routing features and focused thread delivery behavior. Keep enabled for modern thread workflows unless you need to disable thread binding globally.", + tags: ["storage"], + }, + "session.threadBindings.idleHours": { + label: "Thread Binding Idle Timeout (hours)", + help: "Default inactivity window in hours for thread-bound sessions across providers/channels (0 disables idle auto-unfocus). Default: 24.", + tags: ["storage"], + }, + "session.threadBindings.maxAgeHours": { + label: "Thread Binding Max Age (hours)", + help: "Optional hard max age in hours for thread-bound sessions across providers/channels (0 disables hard cap). Default: 0.", + tags: ["performance", "storage"], + }, + "session.maintenance": { + label: "Session Maintenance", + help: "Automatic session-store maintenance controls for pruning age, entry caps, and file rotation behavior. Start in warn mode to observe impact, then enforce once thresholds are tuned.", + tags: ["storage"], + }, + "session.maintenance.mode": { + label: "Session Maintenance Mode", + help: 'Determines whether maintenance policies are only reported ("warn") or actively applied ("enforce"). Keep "warn" during rollout and switch to "enforce" after validating safe thresholds.', + tags: ["storage"], + }, + "session.maintenance.pruneAfter": { + label: "Session Prune After", + help: "Removes entries older than this duration (for example `30d` or `12h`) during maintenance passes. Use this as the primary age-retention control and align it with data retention policy.", + tags: ["storage"], + }, + "session.maintenance.pruneDays": { + label: "Session Prune Days (Deprecated)", + help: "Deprecated age-retention field kept for compatibility with legacy configs using day counts. Use session.maintenance.pruneAfter instead so duration syntax and behavior are consistent.", + tags: ["storage"], + }, + "session.maintenance.maxEntries": { + label: "Session Max Entries", + help: "Caps total session entry count retained in the store to prevent unbounded growth over time. Use lower limits for constrained environments, or higher limits when longer history is required.", + tags: ["performance", "storage"], + }, + "session.maintenance.rotateBytes": { + label: "Session Rotate Size", + help: "Rotates the session store when file size exceeds a threshold such as `10mb` or `1gb`. Use this to bound single-file growth and keep backup/restore operations manageable.", + tags: ["storage"], + }, + "session.maintenance.resetArchiveRetention": { + label: "Session Reset Archive Retention", + help: "Retention for reset transcript archives (`*.reset.`). Accepts a duration (for example `30d`), or `false` to disable cleanup. Defaults to pruneAfter so reset artifacts do not grow forever.", + tags: ["storage"], + }, + "session.maintenance.maxDiskBytes": { + label: "Session Max Disk Budget", + help: "Optional per-agent sessions-directory disk budget (for example `500mb`). Use this to cap session storage per agent; when exceeded, warn mode reports pressure and enforce mode performs oldest-first cleanup.", + tags: ["performance", "storage"], + }, + "session.maintenance.highWaterBytes": { + label: "Session Disk High-water Target", + help: "Target size after disk-budget cleanup (high-water mark). Defaults to 80% of maxDiskBytes; set explicitly for tighter reclaim behavior on constrained disks.", + tags: ["storage"], + }, + "cron.enabled": { + label: "Cron Enabled", + help: "Enables cron job execution for stored schedules managed by the gateway. Keep enabled for normal reminder/automation flows, and disable only to pause all cron execution without deleting jobs.", + tags: ["automation"], + }, + "cron.store": { + label: "Cron Store Path", + help: "Path to the cron job store file used to persist scheduled jobs across restarts. Set an explicit path only when you need custom storage layout, backups, or mounted volumes.", + tags: ["storage", "automation"], + }, + "cron.maxConcurrentRuns": { + label: "Cron Max Concurrent Runs", + help: "Limits how many cron jobs can execute at the same time when multiple schedules fire together. Use lower values to protect CPU/memory under heavy automation load, or raise carefully for higher throughput.", + tags: ["performance", "automation"], + }, + "cron.retry": { + label: "Cron Retry Policy", + help: "Overrides the default retry policy for one-shot jobs when they fail with transient errors (rate limit, overloaded, network, server_error). Omit to use defaults: maxAttempts 3, backoffMs [30000, 60000, 300000], retry all transient types.", + tags: ["reliability", "automation"], + }, + "cron.retry.maxAttempts": { + label: "Cron Retry Max Attempts", + help: "Max retries for one-shot jobs on transient errors before permanent disable (default: 3).", + tags: ["reliability", "performance", "automation"], + }, + "cron.retry.backoffMs": { + label: "Cron Retry Backoff (ms)", + help: "Backoff delays in ms for each retry attempt (default: [30000, 60000, 300000]). Use shorter values for faster retries.", + tags: ["reliability", "automation"], + }, + "cron.retry.retryOn": { + label: "Cron Retry Error Types", + help: "Error types to retry: rate_limit, overloaded, network, timeout, server_error. Use to restrict which errors trigger retries; omit to retry all transient types.", + tags: ["reliability", "automation"], + }, + "cron.webhook": { + label: "Cron Legacy Webhook (Deprecated)", + help: 'Deprecated legacy fallback webhook URL used only for old jobs with `notify=true`. Migrate to per-job delivery using `delivery.mode="webhook"` plus `delivery.to`, and avoid relying on this global field.', + tags: ["automation"], + }, + "cron.webhookToken": { + label: "Cron Webhook Bearer Token", + help: "Bearer token attached to cron webhook POST deliveries when webhook mode is used. Prefer secret/env substitution and rotate this token regularly if shared webhook endpoints are internet-reachable.", + tags: ["security", "auth", "automation"], + sensitive: true, + }, + "cron.sessionRetention": { + label: "Cron Session Retention", + help: "Controls how long completed cron run sessions are kept before pruning (`24h`, `7d`, `1h30m`, or `false` to disable pruning; default: `24h`). Use shorter retention to reduce storage growth on high-frequency schedules.", + tags: ["storage", "automation"], + }, + "cron.runLog": { + label: "Cron Run Log Pruning", + help: "Pruning controls for per-job cron run history files under `cron/runs/.jsonl`, including size and line retention.", + tags: ["automation"], + }, + "cron.runLog.maxBytes": { + label: "Cron Run Log Max Bytes", + help: "Maximum bytes per cron run-log file before pruning rewrites to the last keepLines entries (for example `2mb`, default `2000000`).", + tags: ["performance", "automation"], + }, + "cron.runLog.keepLines": { + label: "Cron Run Log Keep Lines", + help: "How many trailing run-log lines to retain when a file exceeds maxBytes (default `2000`). Increase for longer forensic history or lower for smaller disks.", + tags: ["automation"], + }, + "hooks.enabled": { + label: "Hooks Enabled", + help: "Enables the hooks endpoint and mapping execution pipeline for inbound webhook requests. Keep disabled unless you are actively routing external events into the gateway.", + tags: ["advanced"], + }, + "hooks.path": { + label: "Hooks Endpoint Path", + help: "HTTP path used by the hooks endpoint (for example `/hooks`) on the gateway control server. Use a non-guessable path and combine it with token validation for defense in depth.", + tags: ["storage"], + }, + "hooks.token": { + label: "Hooks Auth Token", + help: "Shared bearer token checked by hooks ingress for request authentication before mappings run. Treat holders as full-trust callers for the hook ingress surface, not as a separate non-owner role. Use environment substitution and rotate regularly when webhook endpoints are internet-accessible.", + tags: ["security", "auth"], + sensitive: true, + }, + "hooks.defaultSessionKey": { + label: "Hooks Default Session Key", + help: "Fallback session key used for hook deliveries when a request does not provide one through allowed channels. Use a stable but scoped key to avoid mixing unrelated automation conversations.", + tags: ["storage"], + }, + "hooks.allowRequestSessionKey": { + label: "Hooks Allow Request Session Key", + help: "Allows callers to supply a session key in hook requests when true, enabling caller-controlled routing. Keep false unless trusted integrators explicitly need custom session threading.", + tags: ["access", "storage"], + }, + "hooks.allowedSessionKeyPrefixes": { + label: "Hooks Allowed Session Key Prefixes", + help: "Allowlist of accepted session-key prefixes for inbound hook requests when caller-provided keys are enabled. Use narrow prefixes to prevent arbitrary session-key injection.", + tags: ["access", "storage"], + }, + "hooks.allowedAgentIds": { + label: "Hooks Allowed Agent IDs", + help: "Allowlist of agent IDs that hook mappings are allowed to target when selecting execution agents. Use this to constrain automation events to dedicated service agents and reduce blast radius if a hook token is exposed.", + tags: ["access"], + }, + "hooks.maxBodyBytes": { + label: "Hooks Max Body Bytes", + help: "Maximum accepted webhook payload size in bytes before the request is rejected. Keep this bounded to reduce abuse risk and protect memory usage under bursty integrations.", + tags: ["performance"], + }, + "hooks.presets": { + label: "Hooks Presets", + help: "Named hook preset bundles applied at load time to seed standard mappings and behavior defaults. Keep preset usage explicit so operators can audit which automations are active.", + tags: ["advanced"], + }, + "hooks.transformsDir": { + label: "Hooks Transforms Directory", + help: "Base directory for hook transform modules referenced by mapping transform.module paths. Use a controlled repo directory so dynamic imports remain reviewable and predictable.", + tags: ["storage"], + }, + "hooks.mappings": { + label: "Hook Mappings", + help: "Ordered mapping rules that match inbound hook requests and choose wake or agent actions with optional delivery routing. Use specific mappings first to avoid broad pattern rules capturing everything.", + tags: ["advanced"], + }, + "hooks.mappings[].id": { + label: "Hook Mapping ID", + help: "Optional stable identifier for a hook mapping entry used for auditing, troubleshooting, and targeted updates. Use unique IDs so logs and config diffs can reference mappings unambiguously.", + tags: ["advanced"], + }, + "hooks.mappings[].match": { + label: "Hook Mapping Match", + help: "Grouping object for mapping match predicates such as path and source before action routing is applied. Keep match criteria specific so unrelated webhook traffic does not trigger automations.", + tags: ["advanced"], + }, + "hooks.mappings[].match.path": { + label: "Hook Mapping Match Path", + help: "Path match condition for a hook mapping, usually compared against the inbound request path. Use this to split automation behavior by webhook endpoint path families.", + tags: ["storage"], + }, + "hooks.mappings[].match.source": { + label: "Hook Mapping Match Source", + help: "Source match condition for a hook mapping, typically set by trusted upstream metadata or adapter logic. Use stable source identifiers so routing remains deterministic across retries.", + tags: ["advanced"], + }, + "hooks.mappings[].action": { + label: "Hook Mapping Action", + help: 'Mapping action type: "wake" triggers agent wake flow, while "agent" sends directly to agent handling. Use "agent" for immediate execution and "wake" when heartbeat-driven processing is preferred.', + tags: ["advanced"], + }, + "hooks.mappings[].wakeMode": { + label: "Hook Mapping Wake Mode", + help: 'Wake scheduling mode: "now" wakes immediately, while "next-heartbeat" defers until the next heartbeat cycle. Use deferred mode for lower-priority automations that can tolerate slight delay.', + tags: ["advanced"], + }, + "hooks.mappings[].name": { + label: "Hook Mapping Name", + help: "Human-readable mapping display name used in diagnostics and operator-facing config UIs. Keep names concise and descriptive so routing intent is obvious during incident review.", + tags: ["advanced"], + }, + "hooks.mappings[].agentId": { + label: "Hook Mapping Agent ID", + help: "Target agent ID for mapping execution when action routing should not use defaults. Use dedicated automation agents to isolate webhook behavior from interactive operator sessions.", + tags: ["advanced"], + }, + "hooks.mappings[].sessionKey": { + label: "Hook Mapping Session Key", + help: "Explicit session key override for mapping-delivered messages to control thread continuity. Use stable scoped keys so repeated events correlate without leaking into unrelated conversations.", + tags: ["security", "storage"], + sensitive: true, + }, + "hooks.mappings[].messageTemplate": { + label: "Hook Mapping Message Template", + help: "Template for synthesizing structured mapping input into the final message content sent to the target action path. Keep templates deterministic so downstream parsing and behavior remain stable.", + tags: ["advanced"], + }, + "hooks.mappings[].textTemplate": { + label: "Hook Mapping Text Template", + help: "Text-only fallback template used when rich payload rendering is not desired or not supported. Use this to provide a concise, consistent summary string for chat delivery surfaces.", + tags: ["advanced"], + }, + "hooks.mappings[].deliver": { + label: "Hook Mapping Deliver Reply", + help: "Controls whether mapping execution results are delivered back to a channel destination versus being processed silently. Disable delivery for background automations that should not post user-facing output.", + tags: ["advanced"], + }, + "hooks.mappings[].allowUnsafeExternalContent": { + label: "Hook Mapping Allow Unsafe External Content", + help: "When true, mapping content may include less-sanitized external payload data in generated messages. Keep false by default and enable only for trusted sources with reviewed transform logic.", + tags: ["access"], + }, + "hooks.mappings[].channel": { + label: "Hook Mapping Delivery Channel", + help: 'Delivery channel override for mapping outputs (for example "last", "telegram", "discord", "slack", "signal", "imessage", or "msteams"). Keep channel overrides explicit to avoid accidental cross-channel sends.', + tags: ["advanced"], + }, + "hooks.mappings[].to": { + label: "Hook Mapping Delivery Destination", + help: "Destination identifier inside the selected channel when mapping replies should route to a fixed target. Verify provider-specific destination formats before enabling production mappings.", + tags: ["advanced"], + }, + "hooks.mappings[].model": { + label: "Hook Mapping Model Override", + help: "Optional model override for mapping-triggered runs when automation should use a different model than agent defaults. Use this sparingly so behavior remains predictable across mapping executions.", + tags: ["models"], + }, + "hooks.mappings[].thinking": { + label: "Hook Mapping Thinking Override", + help: "Optional thinking-effort override for mapping-triggered runs to tune latency versus reasoning depth. Keep low or minimal for high-volume hooks unless deeper reasoning is clearly required.", + tags: ["advanced"], + }, + "hooks.mappings[].timeoutSeconds": { + label: "Hook Mapping Timeout (sec)", + help: "Maximum runtime allowed for mapping action execution before timeout handling applies. Use tighter limits for high-volume webhook sources to prevent queue pileups.", + tags: ["performance"], + }, + "hooks.mappings[].transform": { + label: "Hook Mapping Transform", + help: "Transform configuration block defining module/export preprocessing before mapping action handling. Use transforms only from reviewed code paths and keep behavior deterministic for repeatable automation.", + tags: ["advanced"], + }, + "hooks.mappings[].transform.module": { + label: "Hook Transform Module", + help: "Relative transform module path loaded from hooks.transformsDir to rewrite incoming payloads before delivery. Keep modules local, reviewed, and free of path traversal patterns.", + tags: ["advanced"], + }, + "hooks.mappings[].transform.export": { + label: "Hook Transform Export", + help: "Named export to invoke from the transform module; defaults to module default export when omitted. Set this when one file hosts multiple transform handlers.", + tags: ["advanced"], + }, + "hooks.gmail": { + label: "Gmail Hook", + help: "Gmail push integration settings used for Pub/Sub notifications and optional local callback serving. Keep this scoped to dedicated Gmail automation accounts where possible.", + tags: ["advanced"], + }, + "hooks.gmail.account": { + label: "Gmail Hook Account", + help: "Google account identifier used for Gmail watch/subscription operations in this hook integration. Use a dedicated automation mailbox account to isolate operational permissions.", + tags: ["advanced"], + }, + "hooks.gmail.label": { + label: "Gmail Hook Label", + help: "Optional Gmail label filter limiting which labeled messages trigger hook events. Keep filters narrow to avoid flooding automations with unrelated inbox traffic.", + tags: ["advanced"], + }, + "hooks.gmail.topic": { + label: "Gmail Hook Pub/Sub Topic", + help: "Google Pub/Sub topic name used by Gmail watch to publish change notifications for this account. Ensure the topic IAM grants Gmail publish access before enabling watches.", + tags: ["advanced"], + }, + "hooks.gmail.subscription": { + label: "Gmail Hook Subscription", + help: "Pub/Sub subscription consumed by the gateway to receive Gmail change notifications from the configured topic. Keep subscription ownership clear so multiple consumers do not race unexpectedly.", + tags: ["advanced"], + }, + "hooks.gmail.pushToken": { + label: "Gmail Hook Push Token", + help: "Shared secret token required on Gmail push hook callbacks before processing notifications. Use env substitution and rotate if callback endpoints are exposed externally.", + tags: ["security", "auth"], + sensitive: true, + }, + "hooks.gmail.hookUrl": { + label: "Gmail Hook Callback URL", + help: "Public callback URL Gmail or intermediaries invoke to deliver notifications into this hook pipeline. Keep this URL protected with token validation and restricted network exposure.", + tags: ["advanced"], + }, + "hooks.gmail.includeBody": { + label: "Gmail Hook Include Body", + help: "When true, fetch and include email body content for downstream mapping/agent processing. Keep false unless body text is required, because this increases payload size and sensitivity.", + tags: ["advanced"], + }, + "hooks.gmail.maxBytes": { + label: "Gmail Hook Max Body Bytes", + help: "Maximum Gmail payload bytes processed per event when includeBody is enabled. Keep conservative limits to reduce oversized message processing cost and risk.", + tags: ["performance"], + }, + "hooks.gmail.renewEveryMinutes": { + label: "Gmail Hook Renew Interval (min)", + help: "Renewal cadence in minutes for Gmail watch subscriptions to prevent expiration. Set below provider expiration windows and monitor renew failures in logs.", + tags: ["advanced"], + }, + "hooks.gmail.allowUnsafeExternalContent": { + label: "Gmail Hook Allow Unsafe External Content", + help: "Allows less-sanitized external Gmail content to pass into processing when enabled. Keep disabled for safer defaults, and enable only for trusted mail streams with controlled transforms.", + tags: ["access"], + }, + "hooks.gmail.serve": { + label: "Gmail Hook Local Server", + help: "Local callback server settings block for directly receiving Gmail notifications without a separate ingress layer. Enable only when this process should terminate webhook traffic itself.", + tags: ["advanced"], + }, + "hooks.gmail.serve.bind": { + label: "Gmail Hook Server Bind Address", + help: "Bind address for the local Gmail callback HTTP server used when serving hooks directly. Keep loopback-only unless external ingress is intentionally required.", + tags: ["advanced"], + }, + "hooks.gmail.serve.port": { + label: "Gmail Hook Server Port", + help: "Port for the local Gmail callback HTTP server when serve mode is enabled. Use a dedicated port to avoid collisions with gateway/control interfaces.", + tags: ["advanced"], + }, + "hooks.gmail.serve.path": { + label: "Gmail Hook Server Path", + help: "HTTP path on the local Gmail callback server where push notifications are accepted. Keep this consistent with subscription configuration to avoid dropped events.", + tags: ["storage"], + }, + "hooks.gmail.tailscale": { + label: "Gmail Hook Tailscale", + help: "Tailscale exposure configuration block for publishing Gmail callbacks through Serve/Funnel routes. Use private tailnet modes before enabling any public ingress path.", + tags: ["advanced"], + }, + "hooks.gmail.tailscale.mode": { + label: "Gmail Hook Tailscale Mode", + help: 'Tailscale exposure mode for Gmail callbacks: "off", "serve", or "funnel". Use "serve" for private tailnet delivery and "funnel" only when public internet ingress is required.', + tags: ["advanced"], + }, + "hooks.gmail.tailscale.path": { + label: "Gmail Hook Tailscale Path", + help: "Path published by Tailscale Serve/Funnel for Gmail callback forwarding when enabled. Keep it aligned with Gmail webhook config so requests reach the expected handler.", + tags: ["storage"], + }, + "hooks.gmail.tailscale.target": { + label: "Gmail Hook Tailscale Target", + help: "Local service target forwarded by Tailscale Serve/Funnel (for example http://127.0.0.1:8787). Use explicit loopback targets to avoid ambiguous routing.", + tags: ["advanced"], + }, + "hooks.gmail.model": { + label: "Gmail Hook Model Override", + help: "Optional model override for Gmail-triggered runs when mailbox automations should use dedicated model behavior. Keep unset to inherit agent defaults unless mailbox tasks need specialization.", + tags: ["models"], + }, + "hooks.gmail.thinking": { + label: "Gmail Hook Thinking Override", + help: 'Thinking effort override for Gmail-driven agent runs: "off", "minimal", "low", "medium", or "high". Keep modest defaults for routine inbox automations to control cost and latency.', + tags: ["advanced"], + }, + "hooks.internal": { + label: "Internal Hooks", + help: "Internal hook runtime settings for bundled/custom event handlers loaded from module paths. Use this for trusted in-process automations and keep handler loading tightly scoped.", + tags: ["advanced"], + }, + "hooks.internal.enabled": { + label: "Internal Hooks Enabled", + help: "Enables processing for internal hook handlers and configured entries in the internal hook runtime. Keep disabled unless internal hook handlers are intentionally configured.", + tags: ["advanced"], + }, + "hooks.internal.handlers": { + label: "Internal Hook Handlers", + help: "List of internal event handlers mapping event names to modules and optional exports. Keep handler definitions explicit so event-to-code routing is auditable.", + tags: ["advanced"], + }, + "hooks.internal.handlers[].event": { + label: "Internal Hook Event", + help: "Internal event name that triggers this handler module when emitted by the runtime. Use stable event naming conventions to avoid accidental overlap across handlers.", + tags: ["advanced"], + }, + "hooks.internal.handlers[].module": { + label: "Internal Hook Module", + help: "Safe relative module path for the internal hook handler implementation loaded at runtime. Keep module files in reviewed directories and avoid dynamic path composition.", + tags: ["advanced"], + }, + "hooks.internal.handlers[].export": { + label: "Internal Hook Export", + help: "Optional named export for the internal hook handler function when module default export is not used. Set this when one module ships multiple handler entrypoints.", + tags: ["advanced"], + }, + "hooks.internal.entries": { + label: "Internal Hook Entries", + help: "Configured internal hook entry records used to register concrete runtime handlers and metadata. Keep entries explicit and versioned so production behavior is auditable.", + tags: ["advanced"], + }, + "hooks.internal.load": { + label: "Internal Hook Loader", + help: "Internal hook loader settings controlling where handler modules are discovered at startup. Use constrained load roots to reduce accidental module conflicts or shadowing.", + tags: ["advanced"], + }, + "hooks.internal.load.extraDirs": { + label: "Internal Hook Extra Directories", + help: "Additional directories searched for internal hook modules beyond default load paths. Keep this minimal and controlled to reduce accidental module shadowing.", + tags: ["storage"], + }, + "hooks.internal.installs": { + label: "Internal Hook Install Records", + help: "Install metadata for internal hook modules, including source and resolved artifacts for repeatable deployments. Use this as operational provenance and avoid manual drift edits.", + tags: ["advanced"], + }, + web: { + label: "Web Channel", + help: "Web channel runtime settings for heartbeat and reconnect behavior when operating web-based chat surfaces. Use reconnect values tuned to your network reliability profile and expected uptime needs.", + tags: ["advanced"], + }, + "web.enabled": { + label: "Web Channel Enabled", + help: "Enables the web channel runtime and related websocket lifecycle behavior. Keep disabled when web chat is unused to reduce active connection management overhead.", + tags: ["advanced"], + }, + "web.heartbeatSeconds": { + label: "Web Channel Heartbeat Interval (sec)", + help: "Heartbeat interval in seconds for web channel connectivity and liveness maintenance. Use shorter intervals for faster detection, or longer intervals to reduce keepalive chatter.", + tags: ["automation"], + }, + "web.reconnect": { + label: "Web Channel Reconnect Policy", + help: "Reconnect backoff policy for web channel reconnect attempts after transport failure. Keep bounded retries and jitter tuned to avoid thundering-herd reconnect behavior.", + tags: ["advanced"], + }, + "web.reconnect.initialMs": { + label: "Web Reconnect Initial Delay (ms)", + help: "Initial reconnect delay in milliseconds before the first retry after disconnection. Use modest delays to recover quickly without immediate retry storms.", + tags: ["advanced"], + }, + "web.reconnect.maxMs": { + label: "Web Reconnect Max Delay (ms)", + help: "Maximum reconnect backoff cap in milliseconds to bound retry delay growth over repeated failures. Use a reasonable cap so recovery remains timely after prolonged outages.", + tags: ["performance"], + }, + "web.reconnect.factor": { + label: "Web Reconnect Backoff Factor", + help: "Exponential backoff multiplier used between reconnect attempts in web channel retry loops. Keep factor above 1 and tune with jitter for stable large-fleet reconnect behavior.", + tags: ["advanced"], + }, + "web.reconnect.jitter": { + label: "Web Reconnect Jitter", + help: "Randomization factor (0-1) applied to reconnect delays to desynchronize clients after outage events. Keep non-zero jitter in multi-client deployments to reduce synchronized spikes.", + tags: ["advanced"], + }, + "web.reconnect.maxAttempts": { + label: "Web Reconnect Max Attempts", + help: "Maximum reconnect attempts before giving up for the current failure sequence (0 means no retries). Use finite caps for controlled failure handling in automation-sensitive environments.", + tags: ["performance"], + }, + "discovery.wideArea": { + label: "Wide-area Discovery", + help: "Wide-area discovery configuration group for exposing discovery signals beyond local-link scopes. Enable only in deployments that intentionally aggregate gateway presence across sites.", + tags: ["network"], + }, + "discovery.wideArea.enabled": { + label: "Wide-area Discovery Enabled", + help: "Enables wide-area discovery signaling when your environment needs non-local gateway discovery. Keep disabled unless cross-network discovery is operationally required.", + tags: ["network"], + }, + "discovery.wideArea.domain": { + label: "Wide-area Discovery Domain", + help: "Optional unicast DNS-SD domain for wide-area discovery, such as openclaw.internal. Use this when you intentionally publish gateway discovery beyond local mDNS scopes.", + tags: ["network"], + }, + "discovery.mdns": { + label: "mDNS Discovery", + help: "mDNS discovery configuration group for local network advertisement and discovery behavior tuning. Keep minimal mode for routine LAN discovery unless extra metadata is required.", + tags: ["network"], + }, + canvasHost: { + label: "Canvas Host", + help: "Canvas host settings for serving canvas assets and local live-reload behavior used by canvas-enabled workflows. Keep disabled unless canvas-hosted assets are actively used.", + tags: ["advanced"], + }, + "canvasHost.enabled": { + label: "Canvas Host Enabled", + help: "Enables the canvas host server process and routes for serving canvas files. Keep disabled when canvas workflows are inactive to reduce exposed local services.", + tags: ["advanced"], + }, + "canvasHost.root": { + label: "Canvas Host Root Directory", + help: "Filesystem root directory served by canvas host for canvas content and static assets. Use a dedicated directory and avoid broad repo roots for least-privilege file exposure.", + tags: ["advanced"], + }, + "canvasHost.port": { + label: "Canvas Host Port", + help: "TCP port used by the canvas host HTTP server when canvas hosting is enabled. Choose a non-conflicting port and align firewall/proxy policy accordingly.", + tags: ["advanced"], + }, + "canvasHost.liveReload": { + label: "Canvas Host Live Reload", + help: "Enables automatic live-reload behavior for canvas assets during development workflows. Keep disabled in production-like environments where deterministic output is preferred.", + tags: ["reliability"], + }, + "talk.voiceId": { + label: "Talk Voice ID", + help: "Legacy ElevenLabs default voice ID for Talk mode. Prefer talk.providers.elevenlabs.voiceId.", + tags: ["media"], + }, + "talk.voiceAliases": { + label: "Talk Voice Aliases", + help: 'Use this legacy ElevenLabs voice alias map (for example {"Clawd":"EXAVITQu4vr4xnSDxMaL"}) only during migration. Prefer talk.providers.elevenlabs.voiceAliases.', + tags: ["media"], + }, + "talk.modelId": { + label: "Talk Model ID", + help: "Legacy ElevenLabs model ID for Talk mode (default: eleven_v3). Prefer talk.providers.elevenlabs.modelId.", + tags: ["models", "media"], + }, + "talk.outputFormat": { + label: "Talk Output Format", + help: "Use this legacy ElevenLabs output format for Talk mode (for example pcm_44100 or mp3_44100_128) only during migration. Prefer talk.providers.elevenlabs.outputFormat.", + tags: ["media"], + }, + "talk.interruptOnSpeech": { + label: "Talk Interrupt on Speech", + help: "If true (default), stop assistant speech when the user starts speaking in Talk mode. Keep enabled for conversational turn-taking.", + tags: ["media"], + }, + "talk.silenceTimeoutMs": { + label: "Talk Silence Timeout (ms)", + help: "Milliseconds of user silence before Talk mode finalizes and sends the current transcript. Leave unset to keep the platform default pause window (700 ms on macOS and Android, 900 ms on iOS).", + tags: ["performance", "media"], + }, + "messages.messagePrefix": { + label: "Inbound Message Prefix", + help: "Prefix text prepended to inbound user messages before they are handed to the agent runtime. Use this sparingly for channel context markers and keep it stable across sessions.", + tags: ["advanced"], + }, + "messages.responsePrefix": { + label: "Outbound Response Prefix", + help: "Prefix text prepended to outbound assistant replies before sending to channels. Use for lightweight branding/context tags and avoid long prefixes that reduce content density.", + tags: ["advanced"], + }, + "messages.groupChat": { + label: "Group Chat Rules", + help: "Group-message handling controls including mention triggers and history window sizing. Keep mention patterns narrow so group channels do not trigger on every message.", + tags: ["advanced"], + }, + "messages.groupChat.mentionPatterns": { + label: "Group Mention Patterns", + help: "Safe case-insensitive regex patterns used to detect explicit mentions/trigger phrases in group chats. Use precise patterns to reduce false positives in high-volume channels; invalid or unsafe nested-repetition patterns are ignored.", + tags: ["advanced"], + }, + "messages.groupChat.historyLimit": { + label: "Group History Limit", + help: "Maximum number of prior group messages loaded as context per turn for group sessions. Use higher values for richer continuity, or lower values for faster and cheaper responses.", + tags: ["performance"], + }, + "messages.queue": { + label: "Inbound Queue", + help: "Inbound message queue strategy used to buffer bursts before processing turns. Tune this for busy channels where sequential processing or batching behavior matters.", + tags: ["advanced"], + }, + "messages.queue.mode": { + label: "Queue Mode", + help: 'Queue behavior mode: "steer", "followup", "collect", "steer-backlog", "steer+backlog", "queue", or "interrupt". Keep conservative modes unless you intentionally need aggressive interruption/backlog semantics.', + tags: ["advanced"], + }, + "messages.queue.byChannel": { + label: "Queue Mode by Channel", + help: "Per-channel queue mode overrides keyed by provider id (for example telegram, discord, slack). Use this when one channel’s traffic pattern needs different queue behavior than global defaults.", + tags: ["advanced"], + }, + "messages.queue.debounceMs": { + label: "Queue Debounce (ms)", + help: "Global queue debounce window in milliseconds before processing buffered inbound messages. Use higher values to coalesce rapid bursts, or lower values for reduced response latency.", + tags: ["performance"], + }, + "messages.queue.debounceMsByChannel": { + label: "Queue Debounce by Channel (ms)", + help: "Per-channel debounce overrides for queue behavior keyed by provider id. Use this to tune burst handling independently for chat surfaces with different pacing.", + tags: ["performance"], + }, + "messages.queue.cap": { + label: "Queue Capacity", + help: "Maximum number of queued inbound items retained before drop policy applies. Keep caps bounded in noisy channels so memory usage remains predictable.", + tags: ["advanced"], + }, + "messages.queue.drop": { + label: "Queue Drop Strategy", + help: 'Drop strategy when queue cap is exceeded: "old", "new", or "summarize". Use summarize when preserving intent matters, or old/new when deterministic dropping is preferred.', + tags: ["advanced"], + }, + "messages.inbound": { + label: "Inbound Debounce", + help: "Direct inbound debounce settings used before queue/turn processing starts. Configure this for provider-specific rapid message bursts from the same sender.", + tags: ["advanced"], + }, + "messages.suppressToolErrors": { + label: "Suppress Tool Error Warnings", + help: "When true, suppress ⚠️ tool-error warnings from being shown to the user. The agent already sees errors in context and can retry. Default: false.", + tags: ["advanced"], + }, + "messages.ackReaction": { + label: "Ack Reaction Emoji", + help: "Emoji reaction used to acknowledge inbound messages (empty disables).", + tags: ["advanced"], + }, + "messages.ackReactionScope": { + label: "Ack Reaction Scope", + help: 'When to send ack reactions ("group-mentions", "group-all", "direct", "all", "off", "none"). "off"/"none" disables ack reactions entirely.', + tags: ["advanced"], + }, + "messages.removeAckAfterReply": { + label: "Remove Ack Reaction After Reply", + help: "Removes the acknowledgment reaction after final reply delivery when enabled. Keep enabled for cleaner UX in channels where persistent ack reactions create clutter.", + tags: ["advanced"], + }, + "messages.statusReactions": { + label: "Status Reactions", + help: "Lifecycle status reactions that update the emoji on the trigger message as the agent progresses (queued → thinking → tool → done/error).", + tags: ["advanced"], + }, + "messages.statusReactions.enabled": { + label: "Enable Status Reactions", + help: "Enable lifecycle status reactions for Telegram. When enabled, the ack reaction becomes the initial 'queued' state and progresses through thinking, tool, done/error automatically. Default: false.", + tags: ["advanced"], + }, + "messages.statusReactions.emojis": { + label: "Status Reaction Emojis", + help: "Override default status reaction emojis. Keys: thinking, compacting, tool, coding, web, done, error, stallSoft, stallHard. Must be valid Telegram reaction emojis.", + tags: ["advanced"], + }, + "messages.statusReactions.timing": { + label: "Status Reaction Timing", + help: "Override default timing. Keys: debounceMs (700), stallSoftMs (25000), stallHardMs (60000), doneHoldMs (1500), errorHoldMs (2500).", + tags: ["advanced"], + }, + "messages.inbound.debounceMs": { + label: "Inbound Message Debounce (ms)", + help: "Debounce window (ms) for batching rapid inbound messages from the same sender (0 to disable).", + tags: ["performance"], + }, + "messages.inbound.byChannel": { + label: "Inbound Debounce by Channel (ms)", + help: "Per-channel inbound debounce overrides keyed by provider id in milliseconds. Use this where some providers send message fragments more aggressively than others.", + tags: ["advanced"], + }, + "messages.tts": { + label: "Message Text-to-Speech", + help: "Text-to-speech policy for reading agent replies aloud on supported voice or audio surfaces. Keep disabled unless voice playback is part of your operator/user workflow.", + tags: ["media"], + }, + "talk.provider": { + label: "Talk Active Provider", + help: 'Active Talk provider id (for example "elevenlabs").', + tags: ["media"], + }, + "talk.providers": { + label: "Talk Provider Settings", + help: "Provider-specific Talk settings keyed by provider id. During migration, prefer this over legacy talk.* keys.", + tags: ["media"], + }, + "talk.providers.*.voiceId": { + label: "Talk Provider Voice ID", + help: "Provider default voice ID for Talk mode.", + tags: ["media"], + }, + "talk.providers.*.voiceAliases": { + label: "Talk Provider Voice Aliases", + help: "Optional provider voice alias map for Talk directives.", + tags: ["media"], + }, + "talk.providers.*.modelId": { + label: "Talk Provider Model ID", + help: "Provider default model ID for Talk mode.", + tags: ["models", "media"], + }, + "talk.providers.*.outputFormat": { + label: "Talk Provider Output Format", + help: "Provider default output format for Talk mode.", + tags: ["media"], + }, + "talk.providers.*.apiKey": { + label: "Talk Provider API Key", + help: "Provider API key for Talk mode.", + tags: ["security", "auth", "media"], + sensitive: true, + }, + "talk.apiKey": { + label: "Talk API Key", + help: "Use this legacy ElevenLabs API key for Talk mode only during migration, and keep secrets in env-backed storage. Prefer talk.providers.elevenlabs.apiKey (fallback: ELEVENLABS_API_KEY).", + tags: ["security", "auth", "media"], + sensitive: true, + }, + "channels.defaults": { + label: "Channel Defaults", + help: "Default channel behavior applied across providers when provider-specific settings are not set. Use this to enforce consistent baseline policy before per-provider tuning.", + tags: ["network", "channels"], + }, + "channels.defaults.groupPolicy": { + label: "Default Group Policy", + help: 'Default group policy across channels: "open", "disabled", or "allowlist". Keep "allowlist" for safer production setups unless broad group participation is intentional.', + tags: ["access", "network", "channels"], + }, + "channels.defaults.heartbeat": { + label: "Default Heartbeat Visibility", + help: "Default heartbeat visibility settings for status messages emitted by providers/channels. Tune this globally to reduce noisy healthy-state updates while keeping alerts visible.", + tags: ["network", "automation", "channels"], + }, + "channels.defaults.heartbeat.showOk": { + label: "Heartbeat Show OK", + help: "Shows healthy/OK heartbeat status entries when true in channel status outputs. Keep false in noisy environments and enable only when operators need explicit healthy confirmations.", + tags: ["network", "automation", "channels"], + }, + "channels.defaults.heartbeat.showAlerts": { + label: "Heartbeat Show Alerts", + help: "Shows degraded/error heartbeat alerts when true so operator channels surface problems promptly. Keep enabled in production so broken channel states are visible.", + tags: ["network", "automation", "channels"], + }, + "channels.defaults.heartbeat.useIndicator": { + label: "Heartbeat Use Indicator", + help: "Enables concise indicator-style heartbeat rendering instead of verbose status text where supported. Use indicator mode for dense dashboards with many active channels.", + tags: ["network", "automation", "channels"], + }, + "channels.whatsapp": { + label: "WhatsApp", + help: "WhatsApp channel provider configuration for access policy and message batching behavior. Use this section to tune responsiveness and direct-message routing safety for WhatsApp chats.", + tags: ["network", "channels"], + }, + "channels.telegram": { + label: "Telegram", + help: "Telegram channel provider configuration including auth tokens, retry behavior, and message rendering controls. Use this section to tune bot behavior for Telegram-specific API semantics.", + tags: ["network", "channels"], + }, + "channels.telegram.customCommands": { + label: "Telegram Custom Commands", + help: "Additional Telegram bot menu commands (merged with native; conflicts ignored).", + tags: ["network", "channels"], + }, + "channels.discord": { + label: "Discord", + help: "Discord channel provider configuration for bot auth, retry policy, streaming, thread bindings, and optional voice capabilities. Keep privileged intents and advanced features disabled unless needed.", + tags: ["network", "channels"], + }, + "channels.slack": { + label: "Slack", + help: "Slack channel provider configuration for bot/app tokens, streaming behavior, and DM policy controls. Keep token handling and thread behavior explicit to avoid noisy workspace interactions.", + tags: ["network", "channels"], + }, + "channels.mattermost": { + label: "Mattermost", + help: "Mattermost channel provider configuration for bot credentials, base URL, and message trigger modes. Keep mention/trigger rules strict in high-volume team channels.", + tags: ["network", "channels"], + }, + "channels.signal": { + label: "Signal", + help: "Signal channel provider configuration including account identity and DM policy behavior. Keep account mapping explicit so routing remains stable across multi-device setups.", + tags: ["network", "channels"], + }, + "channels.imessage": { + label: "iMessage", + help: "iMessage channel provider configuration for CLI integration and DM access policy handling. Use explicit CLI paths when runtime environments have non-standard binary locations.", + tags: ["network", "channels"], + }, + "channels.bluebubbles": { + label: "BlueBubbles", + help: "BlueBubbles channel provider configuration used for Apple messaging bridge integrations. Keep DM policy aligned with your trusted sender model in shared deployments.", + tags: ["network", "channels"], + }, + "channels.msteams": { + label: "MS Teams", + help: "Microsoft Teams channel provider configuration and provider-specific policy toggles. Use this section to isolate Teams behavior from other enterprise chat providers.", + tags: ["network", "channels"], + }, + "channels.modelByChannel": { + label: "Channel Model Overrides", + help: "Map provider -> channel id -> model override (values are provider/model or aliases).", + tags: ["network", "channels"], + }, + "channels.irc": { + label: "IRC", + help: "IRC channel provider configuration and compatibility settings for classic IRC transport workflows. Use this section when bridging legacy chat infrastructure into OpenClaw.", + tags: ["network", "channels"], + }, + "channels.irc.dmPolicy": { + label: "IRC DM Policy", + help: 'Direct message access control ("pairing" recommended). "open" requires channels.irc.allowFrom=["*"].', + tags: ["access", "network", "channels"], + }, + "channels.irc.nickserv.enabled": { + label: "IRC NickServ Enabled", + help: "Enable NickServ identify/register after connect (defaults to enabled when password is configured).", + tags: ["network", "channels"], + }, + "channels.irc.nickserv.service": { + label: "IRC NickServ Service", + help: "NickServ service nick (default: NickServ).", + tags: ["network", "channels"], + }, + "channels.irc.nickserv.password": { + label: "IRC NickServ Password", + help: "NickServ password used for IDENTIFY/REGISTER (sensitive).", + tags: ["security", "auth", "network", "channels"], + sensitive: true, + }, + "channels.irc.nickserv.passwordFile": { + label: "IRC NickServ Password File", + help: "Optional file path containing NickServ password.", + tags: ["security", "auth", "network", "storage", "channels"], + }, + "channels.irc.nickserv.register": { + label: "IRC NickServ Register", + help: "If true, send NickServ REGISTER on every connect. Use once for initial registration, then disable.", + tags: ["network", "channels"], + }, + "channels.irc.nickserv.registerEmail": { + label: "IRC NickServ Register Email", + help: "Email used with NickServ REGISTER (required when register=true).", + tags: ["network", "channels"], + }, + "channels.telegram.botToken": { + label: "Telegram Bot Token", + help: "Telegram bot token used to authenticate Bot API requests for this account/provider config. Use secret/env substitution and rotate tokens if exposure is suspected.", + tags: ["security", "auth", "network", "channels"], + sensitive: true, + }, + "channels.telegram.dmPolicy": { + label: "Telegram DM Policy", + help: 'Direct message access control ("pairing" recommended). "open" requires channels.telegram.allowFrom=["*"].', + tags: ["access", "network", "channels"], + }, + "channels.telegram.configWrites": { + label: "Telegram Config Writes", + help: "Allow Telegram to write config in response to channel events/commands (default: true).", + tags: ["network", "channels"], + }, + "channels.telegram.commands.native": { + label: "Telegram Native Commands", + help: 'Override native commands for Telegram (bool or "auto").', + tags: ["network", "channels"], + }, + "channels.telegram.commands.nativeSkills": { + label: "Telegram Native Skill Commands", + help: 'Override native skill commands for Telegram (bool or "auto").', + tags: ["network", "channels"], + }, + "channels.telegram.streaming": { + label: "Telegram Streaming Mode", + help: 'Unified Telegram stream preview mode: "off" | "partial" | "block" | "progress" (default: "partial"). "progress" maps to "partial" on Telegram. Legacy boolean/streamMode keys are auto-mapped.', + tags: ["network", "channels"], + }, + "channels.telegram.retry.attempts": { + label: "Telegram Retry Attempts", + help: "Max retry attempts for outbound Telegram API calls (default: 3).", + tags: ["network", "reliability", "channels"], + }, + "channels.telegram.retry.minDelayMs": { + label: "Telegram Retry Min Delay (ms)", + help: "Minimum retry delay in ms for Telegram outbound calls.", + tags: ["network", "reliability", "channels"], + }, + "channels.telegram.retry.maxDelayMs": { + label: "Telegram Retry Max Delay (ms)", + help: "Maximum retry delay cap in ms for Telegram outbound calls.", + tags: ["network", "reliability", "performance", "channels"], + }, + "channels.telegram.retry.jitter": { + label: "Telegram Retry Jitter", + help: "Jitter factor (0-1) applied to Telegram retry delays.", + tags: ["network", "reliability", "channels"], + }, + "channels.telegram.network.autoSelectFamily": { + label: "Telegram autoSelectFamily", + help: "Override Node autoSelectFamily for Telegram (true=enable, false=disable).", + tags: ["network", "channels"], + }, + "channels.telegram.timeoutSeconds": { + label: "Telegram API Timeout (seconds)", + help: "Max seconds before Telegram API requests are aborted (default: 500 per grammY).", + tags: ["network", "performance", "channels"], + }, + "channels.telegram.silentErrorReplies": { + label: "Telegram Silent Error Replies", + help: "When true, Telegram bot replies marked as errors are sent silently (no notification sound). Default: false.", + tags: ["network", "channels"], + }, + "channels.telegram.apiRoot": { + label: "Telegram API Root URL", + help: "Custom Telegram Bot API root URL. Use for self-hosted Bot API servers (https://github.com/tdlib/telegram-bot-api) or reverse proxies in regions where api.telegram.org is blocked.", + tags: ["network", "channels"], + }, + "channels.telegram.autoTopicLabel": { + label: "Telegram Auto Topic Label", + help: "Auto-rename DM forum topics on first message using LLM. Default: true. Set to false to disable, or use object form { enabled: true, prompt: '...' } for custom prompt.", + tags: ["network", "channels"], + }, + "channels.telegram.autoTopicLabel.enabled": { + label: "Telegram Auto Topic Label Enabled", + help: "Whether auto topic labeling is enabled. Default: true.", + tags: ["network", "channels"], + }, + "channels.telegram.autoTopicLabel.prompt": { + label: "Telegram Auto Topic Label Prompt", + help: "Custom prompt for LLM-based topic naming. The user message is appended after the prompt.", + tags: ["network", "channels"], + }, + "channels.telegram.capabilities.inlineButtons": { + label: "Telegram Inline Buttons", + help: "Enable Telegram inline button components for supported command and interaction surfaces. Disable if your deployment needs plain-text-only compatibility behavior.", + tags: ["network", "channels"], + }, + "channels.telegram.execApprovals": { + label: "Telegram Exec Approvals", + help: "Telegram-native exec approval routing and approver authorization. Enable this only when Telegram should act as an explicit exec-approval client for the selected bot account.", + tags: ["network", "channels"], + }, + "channels.telegram.execApprovals.enabled": { + label: "Telegram Exec Approvals Enabled", + help: "Enable Telegram exec approvals for this account. When false or unset, Telegram messages/buttons cannot approve exec requests.", + tags: ["network", "channels"], + }, + "channels.telegram.execApprovals.approvers": { + label: "Telegram Exec Approval Approvers", + help: "Telegram user IDs allowed to approve exec requests for this bot account. Use numeric Telegram user IDs; prompts are only delivered to these approvers when target includes dm.", + tags: ["network", "channels"], + }, + "channels.telegram.execApprovals.agentFilter": { + label: "Telegram Exec Approval Agent Filter", + help: 'Optional allowlist of agent IDs eligible for Telegram exec approvals, for example `["main", "ops-agent"]`. Use this to keep approval prompts scoped to the agents you actually operate from Telegram.', + tags: ["network", "channels"], + }, + "channels.telegram.execApprovals.sessionFilter": { + label: "Telegram Exec Approval Session Filter", + help: "Optional session-key filters matched as substring or regex-style patterns before Telegram approval routing is used. Use narrow patterns so Telegram approvals only appear for intended sessions.", + tags: ["network", "storage", "channels"], + }, + "channels.telegram.execApprovals.target": { + label: "Telegram Exec Approval Target", + help: 'Controls where Telegram approval prompts are sent: "dm" sends to approver DMs (default), "channel" sends to the originating Telegram chat/topic, and "both" sends to both. Channel delivery exposes the command text to the chat, so only use it in trusted groups/topics.', + tags: ["network", "channels"], + }, + "channels.telegram.threadBindings.enabled": { + label: "Telegram Thread Binding Enabled", + help: "Enable Telegram conversation binding features (/focus, /unfocus, /agents, and /session idle|max-age). Overrides session.threadBindings.enabled when set.", + tags: ["network", "storage", "channels"], + }, + "channels.telegram.threadBindings.idleHours": { + label: "Telegram Thread Binding Idle Timeout (hours)", + help: "Inactivity window in hours for Telegram bound sessions. Set 0 to disable idle auto-unfocus (default: 24). Overrides session.threadBindings.idleHours when set.", + tags: ["network", "storage", "channels"], + }, + "channels.telegram.threadBindings.maxAgeHours": { + label: "Telegram Thread Binding Max Age (hours)", + help: "Optional hard max age in hours for Telegram bound sessions. Set 0 to disable hard cap (default: 0). Overrides session.threadBindings.maxAgeHours when set.", + tags: ["network", "performance", "storage", "channels"], + }, + "channels.telegram.threadBindings.spawnSubagentSessions": { + label: "Telegram Thread-Bound Subagent Spawn", + help: "Allow subagent spawns with thread=true to auto-bind Telegram current conversations when supported.", + tags: ["network", "storage", "channels"], + }, + "channels.telegram.threadBindings.spawnAcpSessions": { + label: "Telegram Thread-Bound ACP Spawn", + help: "Allow ACP spawns with thread=true to auto-bind Telegram current conversations when supported.", + tags: ["network", "storage", "channels"], + }, + "channels.whatsapp.dmPolicy": { + label: "WhatsApp DM Policy", + help: 'Direct message access control ("pairing" recommended). "open" requires channels.whatsapp.allowFrom=["*"].', + tags: ["access", "network", "channels"], + }, + "channels.whatsapp.selfChatMode": { + label: "WhatsApp Self-Phone Mode", + help: "Same-phone setup (bot uses your personal WhatsApp number).", + tags: ["network", "channels"], + }, + "channels.whatsapp.debounceMs": { + label: "WhatsApp Message Debounce (ms)", + help: "Debounce window (ms) for batching rapid consecutive messages from the same sender (0 to disable).", + tags: ["network", "performance", "channels"], + }, + "channels.whatsapp.configWrites": { + label: "WhatsApp Config Writes", + help: "Allow WhatsApp to write config in response to channel events/commands (default: true).", + tags: ["network", "channels"], + }, + "channels.signal.dmPolicy": { + label: "Signal DM Policy", + help: 'Direct message access control ("pairing" recommended). "open" requires channels.signal.allowFrom=["*"].', + tags: ["access", "network", "channels"], + }, + "channels.signal.configWrites": { + label: "Signal Config Writes", + help: "Allow Signal to write config in response to channel events/commands (default: true).", + tags: ["network", "channels"], + }, + "channels.imessage.dmPolicy": { + label: "iMessage DM Policy", + help: 'Direct message access control ("pairing" recommended). "open" requires channels.imessage.allowFrom=["*"].', + tags: ["access", "network", "channels"], + }, + "channels.imessage.configWrites": { + label: "iMessage Config Writes", + help: "Allow iMessage to write config in response to channel events/commands (default: true).", + tags: ["network", "channels"], + }, + "channels.bluebubbles.dmPolicy": { + label: "BlueBubbles DM Policy", + help: 'Direct message access control ("pairing" recommended). "open" requires channels.bluebubbles.allowFrom=["*"].', + tags: ["access", "network", "channels"], + }, + "channels.msteams.configWrites": { + label: "MS Teams Config Writes", + help: "Allow Microsoft Teams to write config in response to channel events/commands (default: true).", + tags: ["network", "channels"], + }, + "channels.irc.configWrites": { + label: "IRC Config Writes", + help: "Allow IRC to write config in response to channel events/commands (default: true).", + tags: ["network", "channels"], + }, + "channels.discord.dmPolicy": { + label: "Discord DM Policy", + help: 'Direct message access control ("pairing" recommended). "open" requires channels.discord.allowFrom=["*"].', + tags: ["access", "network", "channels"], + }, + "channels.discord.dm.policy": { + label: "Discord DM Policy", + help: 'Direct message access control ("pairing" recommended). "open" requires channels.discord.allowFrom=["*"] (legacy: channels.discord.dm.allowFrom).', + tags: ["access", "network", "channels"], + }, + "channels.discord.configWrites": { + label: "Discord Config Writes", + help: "Allow Discord to write config in response to channel events/commands (default: true).", + tags: ["network", "channels"], + }, + "channels.discord.proxy": { + label: "Discord Proxy URL", + help: "Proxy URL for Discord gateway + API requests (app-id lookup and allowlist resolution). Set per account via channels.discord.accounts..proxy.", + tags: ["network", "channels"], + }, + "channels.discord.commands.native": { + label: "Discord Native Commands", + help: 'Override native commands for Discord (bool or "auto").', + tags: ["network", "channels"], + }, + "channels.discord.commands.nativeSkills": { + label: "Discord Native Skill Commands", + help: 'Override native skill commands for Discord (bool or "auto").', + tags: ["network", "channels"], + }, + "channels.discord.streaming": { + label: "Discord Streaming Mode", + help: 'Unified Discord stream preview mode: "off" | "partial" | "block" | "progress". "progress" maps to "partial" on Discord. Legacy boolean/streamMode keys are auto-mapped.', + tags: ["network", "channels"], + }, + "channels.discord.streamMode": { + label: "Discord Stream Mode (Legacy)", + help: "Legacy Discord preview mode alias (off | partial | block); auto-migrated to channels.discord.streaming.", + tags: ["network", "channels"], + }, + "channels.discord.draftChunk.minChars": { + label: "Discord Draft Chunk Min Chars", + help: 'Minimum chars before emitting a Discord stream preview update when channels.discord.streaming="block" (default: 200).', + tags: ["network", "channels"], + }, + "channels.discord.draftChunk.maxChars": { + label: "Discord Draft Chunk Max Chars", + help: 'Target max size for a Discord stream preview chunk when channels.discord.streaming="block" (default: 800; clamped to channels.discord.textChunkLimit).', + tags: ["network", "performance", "channels"], + }, + "channels.discord.draftChunk.breakPreference": { + label: "Discord Draft Chunk Break Preference", + help: "Preferred breakpoints for Discord draft chunks (paragraph | newline | sentence). Default: paragraph.", + tags: ["network", "channels"], + }, + "channels.discord.retry.attempts": { + label: "Discord Retry Attempts", + help: "Max retry attempts for outbound Discord API calls (default: 3).", + tags: ["network", "reliability", "channels"], + }, + "channels.discord.retry.minDelayMs": { + label: "Discord Retry Min Delay (ms)", + help: "Minimum retry delay in ms for Discord outbound calls.", + tags: ["network", "reliability", "channels"], + }, + "channels.discord.retry.maxDelayMs": { + label: "Discord Retry Max Delay (ms)", + help: "Maximum retry delay cap in ms for Discord outbound calls.", + tags: ["network", "reliability", "performance", "channels"], + }, + "channels.discord.retry.jitter": { + label: "Discord Retry Jitter", + help: "Jitter factor (0-1) applied to Discord retry delays.", + tags: ["network", "reliability", "channels"], + }, + "channels.discord.maxLinesPerMessage": { + label: "Discord Max Lines Per Message", + help: "Soft max line count per Discord message (default: 17).", + tags: ["network", "performance", "channels"], + }, + "channels.discord.inboundWorker.runTimeoutMs": { + label: "Discord Inbound Worker Timeout (ms)", + help: "Optional queued Discord inbound worker timeout in ms. This is separate from Carbon listener timeouts; defaults to 1800000 and can be disabled with 0. Set per account via channels.discord.accounts..inboundWorker.runTimeoutMs.", + tags: ["network", "performance", "channels"], + }, + "channels.discord.eventQueue.listenerTimeout": { + label: "Discord EventQueue Listener Timeout (ms)", + help: "Canonical Discord listener timeout control in ms for gateway normalization/enqueue handlers. Default is 120000 in OpenClaw; set per account via channels.discord.accounts..eventQueue.listenerTimeout.", + tags: ["network", "performance", "channels"], + }, + "channels.discord.eventQueue.maxQueueSize": { + label: "Discord EventQueue Max Queue Size", + help: "Optional Discord EventQueue capacity override (max queued events before backpressure). Set per account via channels.discord.accounts..eventQueue.maxQueueSize.", + tags: ["network", "performance", "channels"], + }, + "channels.discord.eventQueue.maxConcurrency": { + label: "Discord EventQueue Max Concurrency", + help: "Optional Discord EventQueue concurrency override (max concurrent handler executions). Set per account via channels.discord.accounts..eventQueue.maxConcurrency.", + tags: ["network", "performance", "channels"], + }, + "channels.discord.threadBindings.enabled": { + label: "Discord Thread Binding Enabled", + help: "Enable Discord thread binding features (/focus, bound-thread routing/delivery, and thread-bound subagent sessions). Overrides session.threadBindings.enabled when set.", + tags: ["network", "storage", "channels"], + }, + "channels.discord.threadBindings.idleHours": { + label: "Discord Thread Binding Idle Timeout (hours)", + help: "Inactivity window in hours for Discord thread-bound sessions (/focus and spawned thread sessions). Set 0 to disable idle auto-unfocus (default: 24). Overrides session.threadBindings.idleHours when set.", + tags: ["network", "storage", "channels"], + }, + "channels.discord.threadBindings.maxAgeHours": { + label: "Discord Thread Binding Max Age (hours)", + help: "Optional hard max age in hours for Discord thread-bound sessions. Set 0 to disable hard cap (default: 0). Overrides session.threadBindings.maxAgeHours when set.", + tags: ["network", "performance", "storage", "channels"], + }, + "channels.discord.threadBindings.spawnSubagentSessions": { + label: "Discord Thread-Bound Subagent Spawn", + help: "Allow subagent spawns with thread=true to auto-create and bind Discord threads (default: false; opt-in). Set true to enable thread-bound subagent spawns for this account/channel.", + tags: ["network", "storage", "channels"], + }, + "channels.discord.threadBindings.spawnAcpSessions": { + label: "Discord Thread-Bound ACP Spawn", + help: "Allow /acp spawn to auto-create and bind Discord threads for ACP sessions (default: false; opt-in). Set true to enable thread-bound ACP spawns for this account/channel.", + tags: ["network", "storage", "channels"], + }, + "channels.discord.ui.components.accentColor": { + label: "Discord Component Accent Color", + help: "Accent color for Discord component containers (hex). Set per account via channels.discord.accounts..ui.components.accentColor.", + tags: ["network", "channels"], + }, + "channels.discord.intents.presence": { + label: "Discord Presence Intent", + help: "Enable the Guild Presences privileged intent. Must also be enabled in the Discord Developer Portal. Allows tracking user activities (e.g. Spotify). Default: false.", + tags: ["network", "channels"], + }, + "channels.discord.intents.guildMembers": { + label: "Discord Guild Members Intent", + help: "Enable the Guild Members privileged intent. Must also be enabled in the Discord Developer Portal. Default: false.", + tags: ["network", "channels"], + }, + "channels.discord.voice.enabled": { + label: "Discord Voice Enabled", + help: "Enable Discord voice channel conversations (default: true). Omit channels.discord.voice to keep voice support disabled for the account.", + tags: ["network", "channels"], + }, + "channels.discord.voice.autoJoin": { + label: "Discord Voice Auto-Join", + help: "Voice channels to auto-join on startup (list of guildId/channelId entries).", + tags: ["network", "channels"], + }, + "channels.discord.voice.daveEncryption": { + label: "Discord Voice DAVE Encryption", + help: "Toggle DAVE end-to-end encryption for Discord voice joins (default: true in @discordjs/voice; Discord may require this).", + tags: ["network", "channels"], + }, + "channels.discord.voice.decryptionFailureTolerance": { + label: "Discord Voice Decrypt Failure Tolerance", + help: "Consecutive decrypt failures before DAVE attempts session recovery (passed to @discordjs/voice; default: 24).", + tags: ["network", "channels"], + }, + "channels.discord.voice.tts": { + label: "Discord Voice Text-to-Speech", + help: "Optional TTS overrides for Discord voice playback (merged with messages.tts).", + tags: ["network", "media", "channels"], + }, + "channels.discord.pluralkit.enabled": { + label: "Discord PluralKit Enabled", + help: "Resolve PluralKit proxied messages and treat system members as distinct senders.", + tags: ["network", "channels"], + }, + "channels.discord.pluralkit.token": { + label: "Discord PluralKit Token", + help: "Optional PluralKit token for resolving private systems or members.", + tags: ["security", "auth", "network", "channels"], + sensitive: true, + }, + "channels.discord.activity": { + label: "Discord Presence Activity", + help: "Discord presence activity text (defaults to custom status).", + tags: ["network", "channels"], + }, + "channels.discord.status": { + label: "Discord Presence Status", + help: "Discord presence status (online, dnd, idle, invisible).", + tags: ["network", "channels"], + }, + "channels.discord.autoPresence.enabled": { + label: "Discord Auto Presence Enabled", + help: "Enable automatic Discord bot presence updates based on runtime/model availability signals. When enabled: healthy=>online, degraded/unknown=>idle, exhausted/unavailable=>dnd.", + tags: ["network", "channels"], + }, + "channels.discord.autoPresence.intervalMs": { + label: "Discord Auto Presence Check Interval (ms)", + help: "How often to evaluate Discord auto-presence state in milliseconds (default: 30000).", + tags: ["network", "performance", "channels"], + }, + "channels.discord.autoPresence.minUpdateIntervalMs": { + label: "Discord Auto Presence Min Update Interval (ms)", + help: "Minimum time between actual Discord presence update calls in milliseconds (default: 15000). Prevents status spam on noisy state changes.", + tags: ["network", "performance", "channels"], + }, + "channels.discord.autoPresence.healthyText": { + label: "Discord Auto Presence Healthy Text", + help: "Optional custom status text while runtime is healthy (online). If omitted, falls back to static channels.discord.activity when set.", + tags: ["network", "reliability", "channels"], + }, + "channels.discord.autoPresence.degradedText": { + label: "Discord Auto Presence Degraded Text", + help: "Optional custom status text while runtime/model availability is degraded or unknown (idle).", + tags: ["network", "channels"], + }, + "channels.discord.autoPresence.exhaustedText": { + label: "Discord Auto Presence Exhausted Text", + help: "Optional custom status text while runtime detects exhausted/unavailable model quota (dnd). Supports {reason} template placeholder.", + tags: ["network", "channels"], + }, + "channels.discord.activityType": { + label: "Discord Presence Activity Type", + help: "Discord presence activity type (0=Playing,1=Streaming,2=Listening,3=Watching,4=Custom,5=Competing).", + tags: ["network", "channels"], + }, + "channels.discord.activityUrl": { + label: "Discord Presence Activity URL", + help: "Discord presence streaming URL (required for activityType=1).", + tags: ["network", "channels"], + }, + "channels.slack.dm.policy": { + label: "Slack DM Policy", + help: 'Direct message access control ("pairing" recommended). "open" requires channels.slack.allowFrom=["*"] (legacy: channels.slack.dm.allowFrom).', + tags: ["access", "network", "channels"], + }, + "channels.slack.dmPolicy": { + label: "Slack DM Policy", + help: 'Direct message access control ("pairing" recommended). "open" requires channels.slack.allowFrom=["*"].', + tags: ["access", "network", "channels"], + }, + "channels.slack.configWrites": { + label: "Slack Config Writes", + help: "Allow Slack to write config in response to channel events/commands (default: true).", + tags: ["network", "channels"], + }, + "channels.slack.commands.native": { + label: "Slack Native Commands", + help: 'Override native commands for Slack (bool or "auto").', + tags: ["network", "channels"], + }, + "channels.slack.commands.nativeSkills": { + label: "Slack Native Skill Commands", + help: 'Override native skill commands for Slack (bool or "auto").', + tags: ["network", "channels"], + }, + "channels.slack.allowBots": { + label: "Slack Allow Bot Messages", + help: "Allow bot-authored messages to trigger Slack replies (default: false).", + tags: ["access", "network", "channels"], + }, + "channels.discord.allowBots": { + label: "Discord Allow Bot Messages", + help: 'Allow bot-authored messages to trigger Discord replies (default: false). Set "mentions" to only accept bot messages that mention the bot.', + tags: ["access", "network", "channels"], + }, + "channels.matrix.allowBots": { + label: "Matrix Allow Bot Messages", + help: 'Allow messages from other configured Matrix bot accounts to trigger replies (default: false). Set "mentions" to only accept bot messages that visibly mention this bot.', + tags: ["access", "network", "channels"], + }, + "channels.discord.token": { + label: "Discord Bot Token", + help: "Discord bot token used for gateway and REST API authentication for this provider account. Keep this secret out of committed config and rotate immediately after any leak.", + tags: ["security", "auth", "network", "channels"], + sensitive: true, + }, + "channels.slack.botToken": { + label: "Slack Bot Token", + help: "Slack bot token used for standard chat actions in the configured workspace. Keep this credential scoped and rotate if workspace app permissions change.", + tags: ["security", "auth", "network", "channels"], + sensitive: true, + }, + "channels.slack.appToken": { + label: "Slack App Token", + help: "Slack app-level token used for Socket Mode connections and event transport when enabled. Use least-privilege app scopes and store this token as a secret.", + tags: ["security", "auth", "network", "channels"], + sensitive: true, + }, + "channels.slack.userToken": { + label: "Slack User Token", + help: "Optional Slack user token for workflows requiring user-context API access beyond bot permissions. Use sparingly and audit scopes because this token can carry broader authority.", + tags: ["security", "auth", "network", "channels"], + sensitive: true, + }, + "channels.slack.userTokenReadOnly": { + label: "Slack User Token Read Only", + help: "When true, treat configured Slack user token usage as read-only helper behavior where possible. Keep enabled if you only need supplemental reads without user-context writes.", + tags: ["security", "auth", "network", "channels"], + }, + "channels.slack.capabilities.interactiveReplies": { + label: "Slack Interactive Replies", + help: "Enable agent-authored Slack interactive reply directives (`[[slack_buttons: ...]]`, `[[slack_select: ...]]`). Default: false.", + tags: ["network", "channels"], + }, + "channels.slack.streaming": { + label: "Slack Streaming Mode", + help: 'Unified Slack stream preview mode: "off" | "partial" | "block" | "progress". Legacy boolean/streamMode keys are auto-mapped.', + tags: ["network", "channels"], + }, + "channels.slack.nativeStreaming": { + label: "Slack Native Streaming", + help: "Enable native Slack text streaming (chat.startStream/chat.appendStream/chat.stopStream) when channels.slack.streaming is partial (default: true).", + tags: ["network", "channels"], + }, + "channels.slack.streamMode": { + label: "Slack Stream Mode (Legacy)", + help: "Legacy Slack preview mode alias (replace | status_final | append); auto-migrated to channels.slack.streaming.", + tags: ["network", "channels"], + }, + "channels.slack.thread.historyScope": { + label: "Slack Thread History Scope", + help: 'Scope for Slack thread history context ("thread" isolates per thread; "channel" reuses channel history).', + tags: ["network", "channels"], + }, + "channels.slack.thread.inheritParent": { + label: "Slack Thread Parent Inheritance", + help: "If true, Slack thread sessions inherit the parent channel transcript (default: false).", + tags: ["network", "channels"], + }, + "channels.slack.thread.initialHistoryLimit": { + label: "Slack Thread Initial History Limit", + help: "Maximum number of existing Slack thread messages to fetch when starting a new thread session (default: 20, set to 0 to disable).", + tags: ["network", "performance", "channels"], + }, + "channels.mattermost.botToken": { + label: "Mattermost Bot Token", + help: "Bot token from Mattermost System Console -> Integrations -> Bot Accounts.", + tags: ["security", "auth", "network", "channels"], + }, + "channels.mattermost.baseUrl": { + label: "Mattermost Base URL", + help: "Base URL for your Mattermost server (e.g., https://chat.example.com).", + placeholder: "https://chat.example.com", + tags: ["network", "channels"], + }, + "channels.mattermost.configWrites": { + label: "Mattermost Config Writes", + help: "Allow Mattermost to write config in response to channel events/commands (default: true).", + tags: ["network", "channels"], + }, + "channels.mattermost.chatmode": { + label: "Mattermost Chat Mode", + help: 'Reply to channel messages on mention ("oncall"), on trigger chars (">" or "!") ("onchar"), or on every message ("onmessage").', + tags: ["network", "channels"], + }, + "channels.mattermost.oncharPrefixes": { + label: "Mattermost Onchar Prefixes", + help: 'Trigger prefixes for onchar mode (default: [">", "!"]).', + tags: ["network", "channels"], + }, + "channels.mattermost.requireMention": { + label: "Mattermost Require Mention", + help: "Require @mention in channels before responding (default: true).", + tags: ["network", "channels"], + }, + "channels.signal.account": { + label: "Signal Account", + help: "Signal account identifier (phone/number handle) used to bind this channel config to a specific Signal identity. Keep this aligned with your linked device/session state.", + tags: ["network", "channels"], + }, + "channels.imessage.cliPath": { + label: "iMessage CLI Path", + help: "Filesystem path to the iMessage bridge CLI binary used for send/receive operations. Set explicitly when the binary is not on PATH in service runtime environments.", + tags: ["network", "storage", "channels"], + }, + "agents.list[].skills": { + label: "Agent Skill Filter", + help: "Optional allowlist of skills for this agent (omit = all skills; empty = no skills).", + tags: ["advanced"], + }, + "agents.list[].identity.avatar": { + label: "Agent Avatar", + help: "Avatar image path (relative to the agent workspace only) or a remote URL/data URL.", + placeholder: "avatars/openclaw.png", + tags: ["advanced"], + }, + "agents.list[].heartbeat.suppressToolErrorWarnings": { + label: "Agent Heartbeat Suppress Tool Error Warnings", + help: "Suppress tool error warning payloads during heartbeat runs.", + tags: ["automation"], + }, + "agents.list[].sandbox.browser.network": { + label: "Agent Sandbox Browser Network", + help: "Per-agent override for sandbox browser Docker network.", + tags: ["storage"], + }, + "agents.list[].sandbox.browser.cdpSourceRange": { + label: "Agent Sandbox Browser CDP Source Port Range", + help: "Per-agent override for CDP source CIDR allowlist.", + tags: ["storage"], + }, + "agents.list[].sandbox.docker.dangerouslyAllowContainerNamespaceJoin": { + label: "Agent Sandbox Docker Allow Container Namespace Join", + help: "Per-agent DANGEROUS override for container namespace joins in sandbox Docker network mode.", + tags: ["security", "access", "storage", "advanced"], + }, + "discovery.mdns.mode": { + label: "mDNS Discovery Mode", + help: 'mDNS broadcast mode ("minimal" default, "full" includes cliPath/sshPort, "off" disables mDNS).', + tags: ["network"], + }, + "plugins.enabled": { + label: "Enable Plugins", + help: "Enable or disable plugin/extension loading globally during startup and config reload (default: true). Keep enabled only when extension capabilities are required by your deployment.", + tags: ["advanced"], + }, + "plugins.allow": { + label: "Plugin Allowlist", + help: "Optional allowlist of plugin IDs; when set, only listed plugins are eligible to load. Use this to enforce approved extension inventories in controlled environments.", + tags: ["access"], + }, + "plugins.deny": { + label: "Plugin Denylist", + help: "Optional denylist of plugin IDs that are blocked even if allowlists or paths include them. Use deny rules for emergency rollback and hard blocks on risky plugins.", + tags: ["access"], + }, + "plugins.load": { + label: "Plugin Loader", + help: "Plugin loader configuration group for specifying filesystem paths where plugins are discovered. Keep load paths explicit and reviewed to avoid accidental untrusted extension loading.", + tags: ["advanced"], + }, + "plugins.load.paths": { + label: "Plugin Load Paths", + help: "Additional plugin files or directories scanned by the loader beyond built-in defaults. Use dedicated extension directories and avoid broad paths with unrelated executable content.", + tags: ["storage"], + }, + "plugins.slots": { + label: "Plugin Slots", + help: "Selects which plugins own exclusive runtime slots such as memory so only one plugin provides that capability. Use explicit slot ownership to avoid overlapping providers with conflicting behavior.", + tags: ["advanced"], + }, + "plugins.slots.memory": { + label: "Memory Plugin", + help: 'Select the active memory plugin by id, or "none" to disable memory plugins.', + tags: ["advanced"], + }, + "plugins.slots.contextEngine": { + label: "Context Engine Plugin", + help: "Selects the active context engine plugin by id so one plugin provides context orchestration behavior.", + tags: ["advanced"], + }, + "plugins.entries": { + label: "Plugin Entries", + help: "Per-plugin settings keyed by plugin ID including enablement and plugin-specific runtime configuration payloads. Use this for scoped plugin tuning without changing global loader policy.", + tags: ["advanced"], + }, + "plugins.entries.*.enabled": { + label: "Plugin Enabled", + help: "Per-plugin enablement override for a specific entry, applied on top of global plugin policy (restart required). Use this to stage plugin rollout gradually across environments.", + tags: ["advanced"], + }, + "plugins.entries.*.hooks": { + label: "Plugin Hook Policy", + help: "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", + tags: ["advanced"], + }, + "plugins.entries.*.hooks.allowPromptInjection": { + label: "Allow Prompt Injection Hooks", + help: "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", + tags: ["access"], + }, + "plugins.entries.*.subagent": { + label: "Plugin Subagent Policy", + help: "Per-plugin subagent runtime controls for model override trust and allowlists. Keep this unset unless a plugin must explicitly steer subagent model selection.", + tags: ["advanced"], + }, + "plugins.entries.*.subagent.allowModelOverride": { + label: "Allow Plugin Subagent Model Override", + help: "Explicitly allows this plugin to request provider/model overrides in background subagent runs. Keep false unless the plugin is trusted to steer model selection.", + tags: ["access"], + }, + "plugins.entries.*.subagent.allowedModels": { + label: "Plugin Subagent Allowed Models", + help: 'Allowed override targets for trusted plugin subagent runs as canonical "provider/model" refs. Use "*" only when you intentionally allow any model.', + tags: ["access"], + }, + "plugins.entries.*.apiKey": { + label: "Plugin API Key", + help: "Optional API key field consumed by plugins that accept direct key configuration in entry settings. Use secret/env substitution and avoid committing real credentials into config files.", + tags: ["security", "auth"], + }, + "plugins.entries.*.env": { + label: "Plugin Environment Variables", + help: "Per-plugin environment variable map injected for that plugin runtime context only. Use this to scope provider credentials to one plugin instead of sharing global process environment.", + tags: ["advanced"], + }, + "plugins.entries.*.config": { + label: "Plugin Config", + help: "Plugin-defined configuration payload interpreted by that plugin's own schema and validation rules. Use only documented fields from the plugin to prevent ignored or invalid settings.", + tags: ["advanced"], + }, + "plugins.installs": { + label: "Plugin Install Records", + help: "CLI-managed install metadata (used by `openclaw plugins update` to locate install sources).", + tags: ["advanced"], + }, + "plugins.installs.*.source": { + label: "Plugin Install Source", + help: 'Install source ("npm", "archive", or "path").', + tags: ["advanced"], + }, + "plugins.installs.*.spec": { + label: "Plugin Install Spec", + help: "Original npm spec used for install (if source is npm).", + tags: ["advanced"], + }, + "plugins.installs.*.sourcePath": { + label: "Plugin Install Source Path", + help: "Original archive/path used for install (if any).", + tags: ["storage"], + }, + "plugins.installs.*.installPath": { + label: "Plugin Install Path", + help: "Resolved install directory (usually ~/.openclaw/extensions/).", + tags: ["storage"], + }, + "plugins.installs.*.version": { + label: "Plugin Install Version", + help: "Version recorded at install time (if available).", + tags: ["advanced"], + }, + "plugins.installs.*.resolvedName": { + label: "Plugin Resolved Package Name", + help: "Resolved npm package name from the fetched artifact.", + tags: ["advanced"], + }, + "plugins.installs.*.resolvedVersion": { + label: "Plugin Resolved Package Version", + help: "Resolved npm package version from the fetched artifact (useful for non-pinned specs).", + tags: ["advanced"], + }, + "plugins.installs.*.resolvedSpec": { + label: "Plugin Resolved Package Spec", + help: "Resolved exact npm spec (@) from the fetched artifact.", + tags: ["advanced"], + }, + "plugins.installs.*.integrity": { + label: "Plugin Resolved Integrity", + help: "Resolved npm dist integrity hash for the fetched artifact (if reported by npm).", + tags: ["advanced"], + }, + "plugins.installs.*.shasum": { + label: "Plugin Resolved Shasum", + help: "Resolved npm dist shasum for the fetched artifact (if reported by npm).", + tags: ["advanced"], + }, + "plugins.installs.*.resolvedAt": { + label: "Plugin Resolution Time", + help: "ISO timestamp when npm package metadata was last resolved for this install record.", + tags: ["advanced"], + }, + "plugins.installs.*.installedAt": { + label: "Plugin Install Time", + help: "ISO timestamp of last install/update.", + tags: ["advanced"], + }, + "plugins.installs.*.marketplaceName": { + label: "Plugin Marketplace Name", + help: "Marketplace display name recorded for marketplace-backed plugin installs (if available).", + tags: ["advanced"], + }, + "plugins.installs.*.marketplaceSource": { + label: "Plugin Marketplace Source", + help: "Original marketplace source used to resolve the install (for example a repo path or Git URL).", + tags: ["advanced"], + }, + "plugins.installs.*.marketplacePlugin": { + label: "Plugin Marketplace Plugin", + help: "Plugin entry name inside the source marketplace, used for later updates.", + tags: ["advanced"], + }, + "models.providers.*.headers.*": { + sensitive: true, + tags: ["security", "models"], + }, + "agents.defaults.sandbox.ssh.identityData": { + sensitive: true, + tags: ["security", "storage"], + }, + "agents.defaults.sandbox.ssh.certificateData": { + sensitive: true, + tags: ["security", "storage"], + }, + "agents.defaults.sandbox.ssh.knownHostsData": { + sensitive: true, + tags: ["security", "storage"], + }, + "agents.list[].memorySearch.remote.apiKey": { + sensitive: true, + tags: ["security", "auth"], + }, + "agents.list[].sandbox.ssh.identityData": { + sensitive: true, + tags: ["security", "storage"], + }, + "agents.list[].sandbox.ssh.certificateData": { + sensitive: true, + tags: ["security", "storage"], + }, + "agents.list[].sandbox.ssh.knownHostsData": { + sensitive: true, + tags: ["security", "storage"], + }, + "tools.web.search.apiKey": { + sensitive: true, + tags: ["security", "auth", "tools"], + }, + "tools.web.search.brave.apiKey": { + sensitive: true, + tags: ["security", "auth", "tools"], + }, + "tools.web.search.firecrawl.apiKey": { + sensitive: true, + tags: ["security", "auth", "tools"], + }, + "tools.web.search.gemini.apiKey": { + sensitive: true, + tags: ["security", "auth", "tools"], + }, + "tools.web.search.grok.apiKey": { + sensitive: true, + tags: ["security", "auth", "tools"], + }, + "tools.web.search.kimi.apiKey": { + sensitive: true, + tags: ["security", "auth", "tools"], + }, + "tools.web.search.perplexity.apiKey": { + sensitive: true, + tags: ["security", "auth", "tools"], + }, + "messages.tts.elevenlabs.apiKey": { + sensitive: true, + tags: ["security", "auth", "media"], + }, + "messages.tts.openai.apiKey": { + sensitive: true, + tags: ["security", "auth", "media"], + }, + "channels.telegram.webhookSecret": { + sensitive: true, + tags: ["security", "auth", "network", "channels"], + }, + "channels.telegram.accounts.*.botToken": { + sensitive: true, + tags: ["security", "auth", "network", "channels"], + }, + "channels.telegram.accounts.*.webhookSecret": { + sensitive: true, + tags: ["security", "auth", "network", "channels"], + }, + "channels.discord.voice.tts.elevenlabs.apiKey": { + sensitive: true, + tags: ["security", "auth", "network", "media", "channels"], + }, + "channels.discord.voice.tts.openai.apiKey": { + sensitive: true, + tags: ["security", "auth", "network", "media", "channels"], + }, + "channels.discord.accounts.*.token": { + sensitive: true, + tags: ["security", "auth", "network", "channels"], + }, + "channels.discord.accounts.*.voice.tts.elevenlabs.apiKey": { + sensitive: true, + tags: ["security", "auth", "network", "media", "channels"], + }, + "channels.discord.accounts.*.voice.tts.openai.apiKey": { + sensitive: true, + tags: ["security", "auth", "network", "media", "channels"], + }, + "channels.discord.accounts.*.pluralkit.token": { + sensitive: true, + tags: ["security", "auth", "network", "channels"], + }, + "channels.irc.password": { + sensitive: true, + tags: ["security", "auth", "network", "channels"], + }, + "channels.irc.accounts.*.password": { + sensitive: true, + tags: ["security", "auth", "network", "channels"], + }, + "channels.irc.accounts.*.nickserv.password": { + sensitive: true, + tags: ["security", "auth", "network", "channels"], + }, + "channels.googlechat.serviceAccount": { + sensitive: true, + tags: ["security", "network", "channels"], + }, + "channels.googlechat.serviceAccountRef": { + sensitive: true, + tags: ["security", "network", "channels"], + }, + "channels.googlechat.accounts.*.serviceAccount": { + sensitive: true, + tags: ["security", "network", "channels"], + }, + "channels.googlechat.accounts.*.serviceAccountRef": { + sensitive: true, + tags: ["security", "network", "channels"], + }, + "channels.slack.signingSecret": { + sensitive: true, + tags: ["security", "auth", "network", "channels"], + }, + "channels.slack.accounts.*.signingSecret": { + sensitive: true, + tags: ["security", "auth", "network", "channels"], + }, + "channels.slack.accounts.*.botToken": { + sensitive: true, + tags: ["security", "auth", "network", "channels"], + }, + "channels.slack.accounts.*.appToken": { + sensitive: true, + tags: ["security", "auth", "network", "channels"], + }, + "channels.slack.accounts.*.userToken": { + sensitive: true, + tags: ["security", "auth", "network", "channels"], + }, + "channels.bluebubbles.password": { + sensitive: true, + tags: ["security", "auth", "network", "channels"], + }, + "channels.bluebubbles.accounts.*.password": { + sensitive: true, + tags: ["security", "auth", "network", "channels"], + }, + "channels.msteams.appPassword": { + sensitive: true, + tags: ["security", "auth", "network", "channels"], + }, + "skills.entries.*.apiKey": { + sensitive: true, + tags: ["security", "auth"], + }, + }, + version: "2026.3.22", + generatedAt: "2026-03-22T21:17:33.302Z", +} as const satisfies BaseConfigSchemaResponse; diff --git a/src/config/schema.ts b/src/config/schema.ts index 2329d8fbc78..3ce1a1b2cc9 100644 --- a/src/config/schema.ts +++ b/src/config/schema.ts @@ -1,15 +1,14 @@ import crypto from "node:crypto"; import { CHANNEL_IDS } from "../channels/registry.js"; -import { VERSION } from "../version.js"; +import { GENERATED_BASE_CONFIG_SCHEMA } from "./schema.base.generated.js"; import type { ConfigUiHint, ConfigUiHints } from "./schema.hints.js"; -import { applySensitiveHints, buildBaseHints, mapSensitivePaths } from "./schema.hints.js"; +import { applySensitiveHints } from "./schema.hints.js"; import { findWildcardHintMatch, schemaHasChildren } from "./schema.shared.js"; import { applyDerivedTags } from "./schema.tags.js"; -import { OpenClawSchema } from "./zod-schema.js"; export type { ConfigUiHint, ConfigUiHints } from "./schema.hints.js"; -export type ConfigSchema = ReturnType; +export type ConfigSchema = Record; type JsonSchemaNode = Record; @@ -406,43 +405,11 @@ function setMergedSchemaCache(key: string, value: ConfigSchemaResponse): void { mergedSchemaCache.set(key, value); } -function stripChannelSchema(schema: ConfigSchema): ConfigSchema { - const next = cloneSchema(schema); - const root = asSchemaObject(next); - if (!root || !root.properties) { - return next; - } - // Allow `$schema` in config files for editor tooling, but hide it from the - // Control UI form schema so it does not show up as a configurable section. - delete root.properties.$schema; - if (Array.isArray(root.required)) { - root.required = root.required.filter((key) => key !== "$schema"); - } - const channelsNode = asSchemaObject(root.properties.channels); - if (channelsNode) { - channelsNode.properties = {}; - channelsNode.required = []; - channelsNode.additionalProperties = true; - } - return next; -} - function buildBaseConfigSchema(): ConfigSchemaResponse { if (cachedBase) { return cachedBase; } - const schema = OpenClawSchema.toJSONSchema({ - target: "draft-07", - unrepresentable: "any", - }); - schema.title = "OpenClawConfig"; - const hints = applyDerivedTags(mapSensitivePaths(OpenClawSchema, "", buildBaseHints())); - const next = { - schema: stripChannelSchema(schema), - uiHints: hints, - version: VERSION, - generatedAt: new Date().toISOString(), - }; + const next = GENERATED_BASE_CONFIG_SCHEMA as unknown as ConfigSchemaResponse; cachedBase = next; return next; }