Skip to main content

Environment Variables Reference

This is the complete reference for all Manasvi configuration settings. All settings go in your .env file.


Core security keys

These settings control how Manasvi services authenticate with each other internally. They are required.

VariableDescriptionExample
INTERNAL_AUTH_KEY_IDID of the key used to sign internal tokenslocal-k1
INTERNAL_AUTH_SIGNING_SECRETSecret used to sign internal tokens (min 32 chars in production)my-local-secret-at-least-32-chars
INTERNAL_AUTH_VERIFICATION_KEYSAll valid keys, as keyId:secret pairs separated by commaslocal-k1:my-secret
INTERNAL_AUTH_ISSUERToken issuer identifiermanasvi.internal.auth
INTERNAL_AUTH_AUDIENCEToken audience identifiermanasvi.internal.services

Approval keys

Used to sign and verify approval artifacts.

VariableDescriptionExample
APPROVAL_SIGNING_KEY_IDActive key ID for signing approvalsapproval-k1
APPROVAL_SIGNING_KEYSKey pairs id:secret, comma-separatedapproval-k1:approval-secret
APPROVAL_VERIFICATION_KEYSSame format, all valid approval keysapproval-k1:approval-secret

Model provider

VariableDescriptionDefault
MANASVI_MODEL_PROVIDERDefault provider (deepseek, openai, ollama, claude, mock)deepseek
MANASVI_MODELDefault model iddeepseek-v4-flash
MODEL_ADAPTER_MODEdeepseek, openai, ollama, claude, mock, or autodeepseek
PLANNER_MODELModel name to usedeepseek-v4-flash
DEEPSEEK_API_KEYDeepSeek API key
DEEPSEEK_BASE_URLDeepSeek API base URLhttps://api.deepseek.com
DEEPSEEK_TIMEOUT_MSDeepSeek request timeout (ms)60000
OPENAI_API_KEYOpenAI API key
OPENAI_BASE_URLOpenAI-compatible API base URLhttps://api.openai.com/v1
ANTHROPIC_API_KEYAnthropic API key
ANTHROPIC_BASE_URLAnthropic API base URLhttps://api.anthropic.com
OLLAMA_BASE_URLOllama API base URLhttp://localhost:11434/v1
MODEL_ADAPTER_TIMEOUT_MSModel request timeout (ms)60000
MODEL_ADAPTER_MAX_CONTEXT_CHUNKSMax context chunks to include24

Service URLs

How services find each other. Defaults work for local development.

VariableDefault
EVENT_BUS_TARGET_URLShttp://localhost:4102/internal/events
POLICY_SERVICE_BASE_URLhttp://localhost:4103
APPROVAL_SERVICE_BASE_URLhttp://localhost:4108
EXECUTION_MANAGER_BASE_URLhttp://localhost:4104
MEMORY_SERVICE_BASE_URLhttp://localhost:4105
ORCHESTRATOR_BASE_URLhttp://localhost:4102
NODE_MANAGER_BASE_URLhttp://localhost:4106

Service ports

Override the default port for any service.

VariableDefaultService
SERVICE_PORTVariesSet per service
SERVICE_HOST0.0.0.0Bind address

Channel integrations

Telegram

VariableDescription
TELEGRAM_BOT_TOKENToken from BotFather
TELEGRAM_WEBHOOK_SECRETRandom secret for webhook verification

Slack

VariableDescription
SLACK_BOT_TOKENBot user OAuth token (xoxb-...)
SLACK_SIGNING_SECRETSigning secret from Slack app settings

Google integration foundation

VariableDescriptionDefault
GOOGLE_OAUTH_CLIENT_IDGoogle OAuth client ID
GOOGLE_OAUTH_CLIENT_SECRETGoogle OAuth client secret
GOOGLE_OAUTH_REDIRECT_URIOAuth callback URL handled by api-gatewayhttp://127.0.0.1:4100/integrations/oauth/google/callback
INTEGRATIONS_STATE_FILEFile path for OAuth state records.manasvi/integrations/oauth-states.json
INTEGRATIONS_ACCOUNTS_FILEFile path for integration account metadata.manasvi/integrations/accounts.json
INTEGRATIONS_TOKENS_FILEFile path for encrypted token vault.manasvi/integrations/tokens.enc.json
INTEGRATIONS_TOKEN_ENCRYPTION_SECRET32+ char secret used to encrypt token vault recordsfalls back to MEMORY_ENCRYPTION_KEY

Execution and sandbox

VariableDescriptionDefault
EXECUTION_INTENT_TTL_SECONDSHow long before an intent expires900
APPROVED_ARTIFACT_TTL_SECONDSHow long an approval is valid900
APPROVAL_REQUEST_TTL_SECONDSHow long before a pending approval expires3600
SANDBOX_ROOT_DIRFilesystem root for sandboxed executions/tmp/manasvi-runs
SANDBOX_MAX_OUTPUT_BYTESMaximum tool output size65536
EXECUTION_SHELL_ALLOWED_COMMANDSServer-side allowlist for the shell-command tool (comma-separated). Callers cannot supply this. Empty = shell tool denied (fail-closed).(empty)
MCP_SERVERS_JSONMCP servers to host and expose as governed tools. See MCP Tools. MCP tools are approval-gated unless declared read-only.(empty)
EXECUTION_REPLAY_STORE_DIRDirectory for durable consumed artifacts, nonces, and idempotency keys in execution-manager. Empty keeps in-memory behavior.(empty)
EXECUTION_REPLAY_RETENTION_SECONDSRetention window for execution-manager replay records. Keep this longer than approval/intent TTLs.3600
EXECUTION_SANDBOX_CONTAINERIZEDSet to true only when execution-manager is actually running inside an OS-isolated sandbox backend. Required for tools that declare native isolation needs.false

Durability and audit

VariableDescriptionDefault
MEMORY_PERSISTENCE_FILEOptional JSONL persistence file for the memory plane. Sensitive records remain encrypted at rest.(empty)
NODE_MANAGER_REPLAY_STORE_DIRDirectory for durable node-manager dispatch nonce records. Empty keeps in-memory behavior.(empty)
NODE_AGENT_REPLAY_STORE_DIRDirectory for durable node-agent dispatch/artifact replay records. Empty keeps in-memory behavior.(empty)
APPROVAL_STATE_FILEOptional JSON snapshot store for approval requests, records, artifacts, and resume callback state. Required for approval queue durability across restarts.(empty)
APPROVAL_RESUME_CALLBACK_ENABLEDEnables approval-service to call orchestrator /agent-runtime/resume after approve/reject decisions.true
APPROVAL_RESUME_CALLBACK_INTERVAL_MSRetry interval for pending or failed approval resume callbacks.5000
ORCHESTRATOR_AGENT_RUN_STORE_FILEOptional JSONL store for paused agent runs awaiting approval. Required for approval resume across orchestrator restarts.(empty)
AUDIT_SERVICE_BASE_URLBase URL used by services that forward audit events.http://localhost:4107
POLICY_AUDIT_FORWARDING_ENABLEDSet to false to stop policy-service from forwarding decisions to audit-service. Keep enabled for governance evidence.true

Logging

VariableDescriptionDefault
LOG_LEVELdebug, info, warn, errorinfo
HUMAN_LOGSSet to true for human-readable logsfalse
SERVICE_VERSIONVersion string in logs0.2.0

Agent loop behavior

VariableDescriptionDefault
AGENT_LOOP_MAX_ITERATIONSMax planning iterations per request6
AGENT_LOOP_MAX_CONSECUTIVE_FAILURESMax consecutive errors before halt2
AGENT_LOOP_MAX_SUBAGENT_DEPTHMaximum child-agent depth for tool.subagents2
AGENT_LOOP_MAX_SUBAGENTS_PER_TURNMaximum subagents a parent turn may start3
AGENT_LOOP_MAX_SUBAGENT_ITERATIONSMaximum iterations for each child turn, capped at 42
SESSION_CONTEXT_TOKEN_BUDGETContext window limit (tokens)2048
SESSION_RECENT_MESSAGE_LIMITRecent messages to include in context20

Tips

  • Never commit .env to version control. It contains secrets.
  • For local development, simple consistent strings work fine for keys.
  • In production, use random 32+ character secrets.
  • Restart services after changing .env — settings are read at startup.