Skip to main content
agtOS reads configuration from environment variables, with optional file-based config as a fallback. Environment variables always take precedence over config file values.

Configuration Loading Order

1

Load .env.local

Secrets and local overrides. Never committed to git.
2

Load .env

Shared defaults. Can be committed to git.
3

Load JSON config file

~/.agtos/config.json (desktop/user default) or /etc/agtos/config.json (system default), or the path in AGTOS_CONFIG_PATH. Only fills gaps not covered by env vars.
Environment variables set in .env.local or .env override the JSON config file. The JSON file is useful for Docker deployments and for storing model slot configuration.
~/.agtos/config.json

Server Ports

The Tauri desktop app and web dashboard connect to the same ports via localhost. The health port serves the REST API, Prometheus metrics, static dashboard files, and health checks.

Authentication

Claude / Anthropic

OpenAI

Claude Transport

Cloud provider selection (Claude vs OpenAI) is no longer configured via environment variable. It is now set per slot in ~/.agtos/config.json via the Model Slot Registry (ADR-020). Run agtos setup to configure slots interactively.
See Authentication and Providers for detailed setup instructions.

API Security

In production, always set AGTOS_API_KEY to protect the REST API. Without it, all endpoints are unauthenticated.

Claude Options

Ollama Options

STT / TTS

sherpa-onnx (In-Process Speech Engine)

sherpa-onnx is the default provider. These variables tune its behavior. Set STT_PROVIDER=speaches or TTS_PROVIDER=speaches to use the external server instead.

STT Configuration

TTS Configuration

VAD Configuration

Model Storage

Voice Pipeline

Cognitive Task Providers

These variables configure independent provider selection for specialized AI tasks (ADR-018). Each task can use a different provider (ollama, claude, or openrouter), allowing you to optimize cost, quality, and privacy per task.
These settings are also configurable at runtime via PUT /api/settings. Changes to provider settings require a provider restart to take effect.

Memory Maintenance

These variables control the periodic memory lint sweep and its background-work gating (ADR-021, ADR-027). See Memory System for the user-facing description.

Provider Catalog

These variables control model discovery and caching for the ProviderCatalog system (ADR-026).

Redis

Redis is optional but recommended. Without it, the scheduler, episodic/semantic memory, device registry, and user preferences are disabled. Session management falls back to in-memory storage.

Networking

Tauri 2 desktop app origins (tauri://localhost, https://tauri.localhost) are always included regardless of CORS_ORIGIN.

Logging

Feature Flags

Runtime Configuration (Hot-Reload)

These variables are managed by the Settings API (PUT /api/settings) and the legacy config API (PUT /api/config). They can be changed at runtime without restarting the server.
The API_RATE_LIMIT and CHAT_RATE_LIMIT variables (without the AGTOS_ prefix) are used at server startup. The AGTOS_ prefixed versions are used by the runtime config system for hot-reload. Both control the same behavior — set the non-prefixed versions in .env.local for startup defaults, and use the Settings API to adjust at runtime.

Credentials / Encryption

Credentials are stored encrypted at ~/.agtos/credentials.json with 0o600 permissions. Key derivation uses scrypt (N=16384, r=8, p=1) with AAD binding per provider. The machine secret (~/.agtos/.secret) and salt (~/.agtos/.salt) are auto-generated on first use. For Docker deployments, set AGTOS_CREDENTIAL_SECRET and AGTOS_CREDENTIAL_SALT as environment variables so credentials persist across container restarts.
Generate values for Docker:

Config File

CLI

Complete .env.local Example

Docker Environment

When running with Docker, set variables via docker-compose.yml or docker run -e:
Use host.docker.internal to reach services running on the Docker host (like Ollama or speaches). On Linux, you may need --network=host or extra Docker config instead.