Environment Variables Reference
This is the complete reference for all Manasvi configuration settings. All settings go in your .env file.
Core security keys
These settings control how Manasvi services authenticate with each other internally. They are required.
| Variable | Description | Example |
|---|---|---|
INTERNAL_AUTH_KEY_ID | ID of the key used to sign internal tokens | local-k1 |
INTERNAL_AUTH_SIGNING_SECRET | Secret used to sign internal tokens (min 32 chars in production) | my-local-secret-at-least-32-chars |
INTERNAL_AUTH_VERIFICATION_KEYS | All valid keys, as keyId:secret pairs separated by commas | local-k1:my-secret |
INTERNAL_AUTH_ISSUER | Token issuer identifier | manasvi.internal.auth |
INTERNAL_AUTH_AUDIENCE | Token audience identifier | manasvi.internal.services |
Approval keys
Used to sign and verify approval artifacts.
| Variable | Description | Example |
|---|---|---|
APPROVAL_SIGNING_KEY_ID | Active key ID for signing approvals | approval-k1 |
APPROVAL_SIGNING_KEYS | Key pairs id:secret, comma-separated | approval-k1:approval-secret |
APPROVAL_VERIFICATION_KEYS | Same format, all valid approval keys | approval-k1:approval-secret |
Model provider
| Variable | Description | Default |
|---|---|---|
MANASVI_MODEL_PROVIDER | Default provider (deepseek, openai, ollama, claude, mock) | deepseek |
MANASVI_MODEL | Default model id | deepseek-v4-flash |
MODEL_ADAPTER_MODE | deepseek, openai, ollama, claude, mock, or auto | deepseek |
PLANNER_MODEL | Model name to use | deepseek-v4-flash |
DEEPSEEK_API_KEY | DeepSeek API key | — |
DEEPSEEK_BASE_URL | DeepSeek API base URL | https://api.deepseek.com |
DEEPSEEK_TIMEOUT_MS | DeepSeek request timeout (ms) | 60000 |
OPENAI_API_KEY | OpenAI API key | — |
OPENAI_BASE_URL | OpenAI-compatible API base URL | https://api.openai.com/v1 |
ANTHROPIC_API_KEY | Anthropic API key | — |
ANTHROPIC_BASE_URL | Anthropic API base URL | https://api.anthropic.com |
OLLAMA_BASE_URL | Ollama API base URL | http://localhost:11434/v1 |
MODEL_ADAPTER_TIMEOUT_MS | Model request timeout (ms) | 60000 |
MODEL_ADAPTER_MAX_CONTEXT_CHUNKS | Max context chunks to include | 24 |
Service URLs
How services find each other. Defaults work for local development.
| Variable | Default |
|---|---|
EVENT_BUS_TARGET_URLS | http://localhost:4102/internal/events |
POLICY_SERVICE_BASE_URL | http://localhost:4103 |
APPROVAL_SERVICE_BASE_URL | http://localhost:4108 |
EXECUTION_MANAGER_BASE_URL | http://localhost:4104 |
MEMORY_SERVICE_BASE_URL | http://localhost:4105 |
ORCHESTRATOR_BASE_URL | http://localhost:4102 |
NODE_MANAGER_BASE_URL | http://localhost:4106 |
Service ports
Override the default port for any service.
| Variable | Default | Service |
|---|---|---|
SERVICE_PORT | Varies | Set per service |
SERVICE_HOST | 0.0.0.0 | Bind address |
Channel integrations
Telegram
| Variable | Description |
|---|---|
TELEGRAM_BOT_TOKEN | Token from BotFather |
TELEGRAM_WEBHOOK_SECRET | Random secret for webhook verification |
Slack
| Variable | Description |
|---|---|
SLACK_BOT_TOKEN | Bot user OAuth token (xoxb-...) |
SLACK_SIGNING_SECRET | Signing secret from Slack app settings |
Google integration foundation
| Variable | Description | Default |
|---|---|---|
GOOGLE_OAUTH_CLIENT_ID | Google OAuth client ID | — |
GOOGLE_OAUTH_CLIENT_SECRET | Google OAuth client secret | — |
GOOGLE_OAUTH_REDIRECT_URI | OAuth callback URL handled by api-gateway | http://127.0.0.1:4100/integrations/oauth/google/callback |
INTEGRATIONS_STATE_FILE | File path for OAuth state records | .manasvi/integrations/oauth-states.json |
INTEGRATIONS_ACCOUNTS_FILE | File path for integration account metadata | .manasvi/integrations/accounts.json |
INTEGRATIONS_TOKENS_FILE | File path for encrypted token vault | .manasvi/integrations/tokens.enc.json |
INTEGRATIONS_TOKEN_ENCRYPTION_SECRET | 32+ char secret used to encrypt token vault records | falls back to MEMORY_ENCRYPTION_KEY |
Execution and sandbox
| Variable | Description | Default |
|---|---|---|
EXECUTION_INTENT_TTL_SECONDS | How long before an intent expires | 900 |
APPROVED_ARTIFACT_TTL_SECONDS | How long an approval is valid | 900 |
APPROVAL_REQUEST_TTL_SECONDS | How long before a pending approval expires | 3600 |
SANDBOX_ROOT_DIR | Filesystem root for sandboxed executions | /tmp/manasvi-runs |
SANDBOX_MAX_OUTPUT_BYTES | Maximum tool output size | 65536 |
EXECUTION_SHELL_ALLOWED_COMMANDS | Server-side allowlist for the shell-command tool (comma-separated). Callers cannot supply this. Empty = shell tool denied (fail-closed). | (empty) |
MCP_SERVERS_JSON | MCP servers to host and expose as governed tools. See MCP Tools. MCP tools are approval-gated unless declared read-only. | (empty) |
EXECUTION_REPLAY_STORE_DIR | Directory for durable consumed artifacts, nonces, and idempotency keys in execution-manager. Empty keeps in-memory behavior. | (empty) |
EXECUTION_REPLAY_RETENTION_SECONDS | Retention window for execution-manager replay records. Keep this longer than approval/intent TTLs. | 3600 |
EXECUTION_SANDBOX_CONTAINERIZED | Set to true only when execution-manager is actually running inside an OS-isolated sandbox backend. Required for tools that declare native isolation needs. | false |
Durability and audit
| Variable | Description | Default |
|---|---|---|
MEMORY_PERSISTENCE_FILE | Optional JSONL persistence file for the memory plane. Sensitive records remain encrypted at rest. | (empty) |
NODE_MANAGER_REPLAY_STORE_DIR | Directory for durable node-manager dispatch nonce records. Empty keeps in-memory behavior. | (empty) |
NODE_AGENT_REPLAY_STORE_DIR | Directory for durable node-agent dispatch/artifact replay records. Empty keeps in-memory behavior. | (empty) |
APPROVAL_STATE_FILE | Optional JSON snapshot store for approval requests, records, artifacts, and resume callback state. Required for approval queue durability across restarts. | (empty) |
APPROVAL_RESUME_CALLBACK_ENABLED | Enables approval-service to call orchestrator /agent-runtime/resume after approve/reject decisions. | true |
APPROVAL_RESUME_CALLBACK_INTERVAL_MS | Retry interval for pending or failed approval resume callbacks. | 5000 |
ORCHESTRATOR_AGENT_RUN_STORE_FILE | Optional JSONL store for paused agent runs awaiting approval. Required for approval resume across orchestrator restarts. | (empty) |
AUDIT_SERVICE_BASE_URL | Base URL used by services that forward audit events. | http://localhost:4107 |
POLICY_AUDIT_FORWARDING_ENABLED | Set to false to stop policy-service from forwarding decisions to audit-service. Keep enabled for governance evidence. | true |
Logging
| Variable | Description | Default |
|---|---|---|
LOG_LEVEL | debug, info, warn, error | info |
HUMAN_LOGS | Set to true for human-readable logs | false |
SERVICE_VERSION | Version string in logs | 0.2.0 |
Agent loop behavior
| Variable | Description | Default |
|---|---|---|
AGENT_LOOP_MAX_ITERATIONS | Max planning iterations per request | 6 |
AGENT_LOOP_MAX_CONSECUTIVE_FAILURES | Max consecutive errors before halt | 2 |
AGENT_LOOP_MAX_SUBAGENT_DEPTH | Maximum child-agent depth for tool.subagents | 2 |
AGENT_LOOP_MAX_SUBAGENTS_PER_TURN | Maximum subagents a parent turn may start | 3 |
AGENT_LOOP_MAX_SUBAGENT_ITERATIONS | Maximum iterations for each child turn, capped at 4 | 2 |
SESSION_CONTEXT_TOKEN_BUDGET | Context window limit (tokens) | 2048 |
SESSION_RECENT_MESSAGE_LIMIT | Recent messages to include in context | 20 |
Tips
- Never commit
.envto version control. It contains secrets. - For local development, simple consistent strings work fine for keys.
- In production, use random 32+ character secrets.
- Restart services after changing
.env— settings are read at startup.