Skip to main content
This page lists all environment variables that ChatCLI recognizes. Configure them in your .env file or via export in the shell.

General

VariableDescriptionDefault
LLM_PROVIDERActive provider: OPENAI, OPENAI_ASSISTANT, CLAUDEAI, BEDROCK, GOOGLEAI, XAI, ZAI, MINIMAX, MOONSHOT, OPENROUTER, STACKSPOT, OLLAMA, COPILOT, GITHUB_MODELSAuto-detected
CHATCLI_DOTENVCustom path for the .env file.env
CHATCLI_LANGForce interface language (pt-BR, en)Auto-detected
CHATCLI_IGNOREPath to .chatignore rules fileAuto-detected
CHATCLI_THEMEInterface color theme (chat, cards, markdown, spinners). 11 themes: dark, light + 9 community palettes (dracula, nord, tokyo-night, solarized-dark/light, gruvbox, catppuccin-mocha, monokai, one-dark). Switch at runtime via /config ui theme. See the Theme System.dark
LOG_LEVELLog level: debug, info, warn, errorinfo
LOG_FILELog file path~/.chatcli/app.log
LOG_MAX_SIZEMaximum log size before rotation100MB
CHATCLI_ENVLogging mode: dev (colored console + file), prod (file-only JSON). Backward-compatible with legacy ENV.prod
MAX_RETRIESMaximum retries for API calls5
INITIAL_BACKOFFInitial time between retries (seconds)3
HISTORY_FILEPath to history file (supports ~).chatcli_history
HISTORY_MAX_SIZEMaximum history size before rotation100MB

LLM Providers

OpenAI

VariableDescriptionDefault
OPENAI_API_KEYAPI key
OPENAI_MODELModel to usegpt-5.4
OPENAI_ASSISTANT_MODELModel for assistant (agent mode)gpt-4o
OPENAI_MAX_TOKENSResponse token limit60000
OPENAI_USE_RESPONSESUse Responses API (e.g., for gpt-5)false

Anthropic (Claude)

VariableDescriptionDefault
ANTHROPIC_API_KEYAPI key
ANTHROPIC_MODELModel to use (e.g., claude-opus-4-8, claude-opus-4-7, claude-sonnet-4-6)claude-sonnet-4-6
ANTHROPIC_MAX_TOKENSResponse token limit20000
ANTHROPIC_API_VERSIONAPI version2023-06-01
ANTHROPIC_SPEEDSet to fast to opt in to Opus 4.8 fast mode (research preview, ~2.5× output tokens/sec at premium pricing). Silently ignored on models without the fast_mode catalog capability — safe to leave set when switching models.
ANTHROPIC_1MTOKENS_SONNETEnable the 1M-context beta header on Sonnet 4.x OAuth requests. Opus 4.7/4.8 already ship with 1M native context and ignore this flag.false

AWS Bedrock (full catalog)

BEDROCK provider — invokes the entire Bedrock catalog (Anthropic, OpenAI, Llama, Nova, Mistral, Cohere, AI21, DeepSeek, Moonshot Kimi (also available directly via MOONSHOT), MiniMax, Qwen, Z.AI/GLM, Gemma, Nemotron, TwelveLabs, and any provider AWS adds) using the SDK’s credential chain (env vars, ~/.aws/credentials, SSO via ~/.aws/config, IAM role). Activation requires real credentials — the mere existence of ~/.aws/config with only region/output does not activate Bedrock.
VariableDescriptionDefault
BEDROCK_PROVIDERSchema override: anthropic / claude, openai / gpt, converse / auto. Overrides prefix auto-detection.auto-detect
BEDROCK_TEMPERATURETemperature (used by OpenAI and Converse paths)
BEDROCK_TOP_PTop-p sampling (used by the Converse path)
BEDROCK_REGIONAWS region (takes precedence over AWS_REGION)
AWS_REGIONAWS region (fallback)
AWS_PROFILEProfile in ~/.aws/credentials or ~/.aws/config (SSO, assume-role, credential_process). Can be set in .env.
AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY / AWS_SESSION_TOKENStatic credentials
AWS_CA_BUNDLEPEM bundle read natively by the SDK
AWS_ENDPOINT_URL_BEDROCK_RUNTIMEOverride for Bedrock Runtime endpoint (VPC endpoints)
AWS_ENDPOINT_URL_BEDROCKOverride for Bedrock (control plane) endpoint
AWS_EC2_METADATA_DISABLEDtrue explicitly disables IMDS (169.254.169.254)
CHATCLI_BEDROCK_ENABLE_IMDS1/true forces IMDS probe on non-EC2 machinesfalse
BEDROCK_MAX_TOKENSResponse token limitFrom catalog
CHATCLI_BEDROCK_CA_BUNDLEBedrock-specific PEM bundle. Overrides AWS_CA_BUNDLE and the global CHATCLI_CA_BUNDLE (which acts as fallback). See Global TLS Trust.
CHATCLI_BEDROCK_INSECURE_SKIP_VERIFYtrue disables TLS verification (insecure, troubleshooting only). Overrides the global CHATCLI_TLS_INSECURE_SKIP_VERIFY (which acts as fallback).false
Modern models on Bedrock (Claude 3.7+/4.x/4.5/4.6/4.7 and equivalents from other providers) require inference profile IDs (prefix global., us., eu., or apac.). /switch --model automatically filters out base IDs that don’t support ON_DEMAND, so only invokable IDs + profiles appear in the listing. See AWS Bedrock for details.

Google AI (Gemini)

VariableDescriptionDefault
GOOGLEAI_API_KEYAPI key
GOOGLEAI_MODELModel to usegemini-2.5-flash
GOOGLEAI_MAX_TOKENSResponse token limit50000

xAI (Grok)

VariableDescriptionDefault
XAI_API_KEYAPI key
XAI_MODELModel to usegrok-4-1
XAI_MAX_TOKENSResponse token limit50000

Ollama (Local Models)

VariableDescriptionDefault
OLLAMA_ENABLEDEnable Ollama API (required)false
OLLAMA_BASE_URLOllama server URLhttp://localhost:11434
OLLAMA_MODELModel to use
OLLAMA_MAX_TOKENSResponse token limit5000
OLLAMA_FILTER_THINKINGFilters intermediate reasoning from models like Qwen3true
For Agent mode to work well with some Ollama models that “think out loud” (Qwen3, Llama3…), keep OLLAMA_FILTER_THINKING=true.

ZAI (Zhipu AI)

VariableDescriptionDefault
ZAI_API_KEYAPI key (Bearer token or id.secret for JWT)
ZAI_MODELModel to useglm-5
ZAI_MAX_TOKENSResponse token limit50000
Keys in id.secret format automatically enable JWT token rotation (HMAC-SHA256). Tokens are cached for 30 minutes with a 5-minute safety margin before regeneration. Keys without ”.” continue to work as traditional Bearer tokens. No additional configuration is needed.

MiniMax

VariableDescriptionDefault
MINIMAX_API_KEYAPI key
MINIMAX_MODELModel to useMiniMax-M2.7
MINIMAX_MAX_TOKENSResponse token limit50000
MINIMAX_API_COMPATAPI compatibility mode: anthropic to use the Anthropic Messages endpoint
Set MINIMAX_API_COMPAT=anthropic to use the Anthropic Messages-compatible endpoint (https://api.minimax.io/anthropic/v1/messages). The anthropic-version: 2023-06-01 header is added automatically. Bearer token auth remains the same. Native tool calling is disabled in this mode (falls back to XML).

Moonshot (Kimi)

VariableDescriptionDefault
MOONSHOT_API_KEYAPI key (Bearer token)
MOONSHOT_MODELModel to use (kimi-k2.6, kimi-k2.5, kimi-latest, moonshot-v1-*)kimi-k2.6
MOONSHOT_MAX_TOKENSResponse token limitcatalog (131072 for K2.6)
MOONSHOT_THINKINGReasoning mode: enabled, disabled, autoauto
MOONSHOT_API_URLCustom endpoint URLhttps://api.moonshot.ai/v1/chat/completions
MOONSHOT_THINKING=disabled forces Instant mode (direct response, cheaper) even on models with the thinking capability. enabled forces explicit reasoning. auto (default) lets the model choose. Models without the thinking capability ignore the flag — no surprise billing.

OpenRouter

VariableDescriptionDefault
OPENROUTER_API_KEYAPI key from openrouter.ai
OPENROUTER_API_URLCustom API endpoint URLhttps://openrouter.ai/api/v1/chat/completions
OPENROUTER_MAX_TOKENSResponse token limit
OPENROUTER_FALLBACK_MODELSComma-separated list of fallback models for server-side routing (e.g., anthropic/claude-sonnet-4,google/gemini-2.5-flash)
OPENROUTER_PROVIDER_ORDERComma-separated preferred provider ordering (e.g., Anthropic,Google)
OPENROUTER_TRANSFORMSMessage transforms (e.g., middle-out for context overflow handling)
OPENROUTER_HTTP_REFERERAttribution HTTP Referer header sent with requests
OPENROUTER_APP_TITLEAttribution app title sent with requests
OPENROUTER_TOOLSJSON array of tool definitions to inject into requests
OpenRouter is a multi-provider gateway — a single API key gives access to 200+ models from OpenAI, Anthropic, Google, Meta, Mistral, DeepSeek, and more. Models use the provider/model-name format (e.g., openai/gpt-4o, anthropic/claude-sonnet-4). The default model is openai/gpt-4o.

GitHub Copilot

VariableDescriptionDefault
GITHUB_COPILOT_TOKENAuthentication token
COPILOT_MODELModel to use
COPILOT_MAX_TOKENSResponse token limit
COPILOT_API_BASE_URLAPI base URL
CHATCLI_COPILOT_CLIENT_IDCustom client ID

StackSpot

VariableDescriptionDefault
CLIENT_IDClient ID
CLIENT_KEYClient Key
STACKSPOT_REALMRealm/Tenant
STACKSPOT_AGENT_IDAgent ID
StackSpot’s agent API decides the output limit server-side (it ignores max_tokens in the payload). ChatCLI’s catalog assumes a 128K context window for StackSpot agents — previously the generic 50K fallback made auto-compact fire on almost every turn. If your agent’s foundation model has a different window, tune it with CHATCLI_CONTEXT_WINDOW.

Agent Mode

VariableDescriptionDefault
CHATCLI_AGENT_CMD_TIMEOUTTimeout per executed command (Go duration: 30s, 2m, 10m)10m
CHATCLI_AGENT_DENYLISTExtra regex patterns to block commands (separated by ;)
CHATCLI_AGENT_ALLOW_SUDOAllow sudo without automatic blockingfalse
CHATCLI_AGENT_INLINE_CODE_STRICTFor python -c / node -e / perl -e / ruby -e / php -r / lua -e invocations, treat inline source as dangerous unless proven safe (conservative mode). Default: the classifier accepts read-only one-liners (print(1), import sys; print(sys.version)) and only blocks patterns with os.system, subprocess, socket, eval, exec, file writes, network.false
CHATCLI_AGENT_PLUGIN_MAX_TURNSMaximum agent turns50
CHATCLI_AGENT_PLUGIN_TIMEOUTTotal agent plugin timeout15m

Multi-Agent (Parallel Orchestration)

VariableDescriptionDefault
CHATCLI_AGENT_PARALLEL_MODEEnable parallel multi-agent orchestrationtrue
CHATCLI_AGENT_MAX_WORKERSMaximum simultaneous workers (goroutines)4
CHATCLI_AGENT_WORKER_MAX_TURNSMaximum turns per worker10
CHATCLI_AGENT_WORKER_TIMEOUTTimeout per individual worker5m
CHATCLI_AGENT_PARALLEL_TOOLSEnables parallel execution of concurrency-safe tools inside a single agent (read-only operations such as @websearch, @webfetch, @coder read/search/tree in the same turn). Distinct from CHATCLI_AGENT_PARALLEL_MODE, which controls multiple agents running in parallel. Off by default while the feature is in rollout.false
CHATCLI_AGENT_MAX_TOOL_CONCURRENCYFan-out cap for the parallel tool batch within an agent. Operators processing many @webfetch in parallel can raise it; conservatives can lower it.10

Mixture-of-Agents (MoA)

An ensemble where several models propose an answer in parallel and an aggregator synthesizes the best one. Distinct from the parallel orchestration above (which dispatches specialist agents): here the axis is model/provider diversity. Triggered by the /moa command. See Mixture-of-Agents.
VariableDescriptionDefault
CHATCLI_MOA_MODELSEnsemble proposers, as CSV provider:model (e.g. openai:gpt-5,claudeai:claude-opus-4-8,googleai:gemini-2.5-pro). Optional: without it, /moa and @moa use the configured providers (capped at 4).
CHATCLI_MOA_AGGREGATORModel that synthesizes the proposals, as provider:model. If omitted, uses the session’s active provider/model.Active provider

Token Efficiency

Knobs for the token-saving optimizations (structured prompt caching, stagnation detector, smart routing, webfetch auto-save, microcompaction). See Token Efficiency for details.

Stagnation early-exit

VariableDescriptionDefault
CHATCLI_AGENT_EARLY_EXITToggle the repeated-tool_calls detector in the ReAct loop. Accepts 0/false/off/no to disable.1 (on)
CHATCLI_AGENT_EARLY_EXIT_TURNSHow many consecutive turns with the same tool_calls batch trigger the break. Clamped to [2, 10].3

Tool-failure guard (toolguard)

An advisory guard (it never aborts) that detects the same tool failing repeatedly inside the agent loop and injects a hint for the model to change approach instead of retrying the same error.
VariableDescriptionDefault
CHATCLI_AGENT_TOOLGUARDToggle the repeated tool-failure guard. Accepts 0/false to disable.1 (on)

Smart chat ↔ agent routing

VariableDescriptionDefault
CHATCLI_AGENT_SMART_ROUTETrivial-query classifier mode. off (disabled), hint (tip only — default), auto (auto-redirect trivial → chat mode). Aliases: 0/false, 1/on/true, redirect/2.hint

WebFetch auto-save

VariableDescriptionDefault
CHATCLI_WEBFETCH_AUTOSAVE_BYTESByte threshold. @webfetch bodies larger than this AND without a filter/range are auto-persisted to the scratch dir and only a preview is returned.10000
CHATCLI_WEBFETCH_RENDERHeadless rendering of JS pages in @webfetch: auto (heuristics detect SPA shells), always, never. See Web Tools.auto
CHATCLI_WEBFETCH_RENDER_TIMEOUTHeadless render timeout, in seconds.25
CHATCLI_WEBFETCH_RENDER_BROWSERAbsolute path to a specific Chromium-based binary (Chrome/Chromium/Edge/Brave are auto-detected without it).(auto-detect)
CHATCLI_WEBFETCH_RENDER_AUTOPROVISIONAllows the one-time download of a pinned Chromium (~150 MB) when no browser is found.false

Tool result microcompaction

Applied to the session history to shrink old tool results. See also Tool Result Management.
VariableDescriptionDefault
CHATCLI_MICROCOMPACT_TRUNCATE_TURNSAfter how many turns old tool results become head+tail previews.2
CHATCLI_MICROCOMPACT_SUMMARIZE_TURNSAfter how many turns tool results become a one-line summary.4
CHATCLI_MICROCOMPACT_HEAD_CHARSHead size kept during truncation.2000
CHATCLI_MICROCOMPACT_TAIL_CHARSTail size kept during truncation.500
CHATCLI_MICROCOMPACT_MIN_CONTENTMinimum tool result size to be a compaction candidate.3000
For chat/lookup sessions where token frugality matters more than long-term recall, tighten the knobs:
export CHATCLI_MICROCOMPACT_TRUNCATE_TURNS=1
export CHATCLI_MICROCOMPACT_SUMMARIZE_TURNS=3
export CHATCLI_MICROCOMPACT_HEAD_CHARS=1200
export CHATCLI_MICROCOMPACT_TAIL_CHARS=300
export CHATCLI_MICROCOMPACT_MIN_CONTENT=2000

Harness/Quality Pipeline (7 Patterns)

Variables for the harness/quality pipeline that implements the seven LLM-agent patterns. See full overview and detailed configuration.

Master switch

VariableDescriptionDefault
CHATCLI_QUALITY_ENABLEDMaster switch for the pipeline. false disables everything (falls back to direct agent.Execute)true

Self-Refine (#5)

VariableDescriptionDefault
CHATCLI_QUALITY_REFINE_ENABLEDEnable RefineHook after each workerfalse
CHATCLI_QUALITY_REFINE_MAX_PASSESMaximum critique-rewrite passes1
CHATCLI_QUALITY_REFINE_MIN_BYTESDon’t refine outputs smaller than N bytes200
CHATCLI_QUALITY_REFINE_EPSILONChar-level fallback threshold in characters50
CHATCLI_QUALITY_REFINE_EXCLUDECSV of agents that are not refinedformatter,deps,refiner,verifier

Semantic convergence cascade (char → Jaccard → embedding)

VariableDescriptionDefault
CHATCLI_QUALITY_REFINE_CONVERGENCE_ENABLEDEnable the cascade; false = char-level heuristic onlytrue
CHATCLI_QUALITY_REFINE_CONVERGENCE_EMBEDDINGInclude embedding scorer (requires CHATCLI_EMBED_PROVIDER)false
CHATCLI_QUALITY_REFINE_CONVERGENCE_STRICTStrict mode: refuse convergence without embeddingfalse
CHATCLI_QUALITY_REFINE_CONVERGENCE_CHAR_HIGHChar sim ≥ X → short-circuit CONVERGED0.99
CHATCLI_QUALITY_REFINE_CONVERGENCE_CHAR_LOWChar sim < X → short-circuit DIVERGED0.3
CHATCLI_QUALITY_REFINE_CONVERGENCE_JACCARD_HIGHJaccard sim ≥ X + high confidence → CONVERGED0.95
CHATCLI_QUALITY_REFINE_CONVERGENCE_EMBEDDING_SIMFinal embedding cosine threshold0.92
CHATCLI_QUALITY_REFINE_CONVERGENCE_CACHE_SIZEEmbedding LRU cache entries256
CHATCLI_QUALITY_REFINE_CONVERGENCE_CACHE_TTL_MINCache TTL (minutes)5
CHATCLI_QUALITY_REFINE_CONVERGENCE_BREAKER_THRESHOLDConsecutive embedder failures before breaker opens3

Chain-of-Verification (#6)

VariableDescriptionDefault
CHATCLI_QUALITY_VERIFY_ENABLEDEnable VerifyHook after each workerfalse
CHATCLI_QUALITY_VERIFY_NUM_QUESTIONSNumber of verification questions3
CHATCLI_QUALITY_VERIFY_REWRITERewrite output when discrepancy detectedtrue
CHATCLI_QUALITY_VERIFY_EXCLUDECSV of agents that are not verifiedformatter,deps,shell,refiner,verifier

Reflexion (#3)

VariableDescriptionDefault
CHATCLI_QUALITY_REFLEXION_ENABLEDMaster switch for ReflexionHooktrue
CHATCLI_QUALITY_REFLEXION_ON_ERRORFire on worker errortrue
CHATCLI_QUALITY_REFLEXION_ON_HALLUCINATIONFire when CoVe flags discrepancytrue
CHATCLI_QUALITY_REFLEXION_ON_LOW_QUALITYFire when refine returns a low scorefalse
CHATCLI_QUALITY_REFLEXION_PERSISTPersist lessons to memory.Facttrue

Durable queue (WAL + worker pool + DLQ)

When enabled, reflexion triggers flow through a persistent queue — lessons survive process crashes via WAL replay on next boot.
VariableDescriptionDefault
CHATCLI_QUALITY_REFLEXION_QUEUE_ENABLEDQueue master switch. false reverts to legacy detached-goroutine modetrue
CHATCLI_QUALITY_REFLEXION_QUEUE_WORKERSWorker pool size2
CHATCLI_QUALITY_REFLEXION_QUEUE_CAPACITYMax in-memory depth before overflow policy1000
CHATCLI_QUALITY_REFLEXION_QUEUE_DROP_OLDESTOverflow: true = drop oldest; false = blockfalse
CHATCLI_QUALITY_REFLEXION_QUEUE_BLOCK_TIMEOUTEnqueue wait time when queue is full (Go duration)5s
CHATCLI_QUALITY_REFLEXION_QUEUE_MAX_ATTEMPTSTotal retries before moving to DLQ5
CHATCLI_QUALITY_REFLEXION_QUEUE_INITIAL_DELAYFirst retry delay1s
CHATCLI_QUALITY_REFLEXION_QUEUE_MAX_DELAYCap on exponential retry5m
CHATCLI_QUALITY_REFLEXION_QUEUE_JITTERFractional jitter ([0, 0.5])0.2
CHATCLI_QUALITY_REFLEXION_QUEUE_JOB_TIMEOUTPer-processor-call timeout (LLM + persist)2m
CHATCLI_QUALITY_REFLEXION_QUEUE_STALE_AFTERRecords older than this discarded on replay168h
CHATCLI_QUALITY_REFLEXION_QUEUE_BASE_DIROverride of wal/ and dlq/ root directory

Plan-and-Solve / ReWOO (#2)

VariableDescriptionDefault
CHATCLI_QUALITY_PLAN_FIRST_MODEoff|auto|always — when to fire Plan-Firstauto
CHATCLI_QUALITY_PLAN_FIRST_THRESHOLDMinimum score (0-10) for auto to fire6

RAG + HyDE (#4)

VariableDescriptionDefault
CHATCLI_QUALITY_HYDE_ENABLEDEnable phase 3a (hypothesis-based keyword expansion)false
CHATCLI_QUALITY_HYDE_USE_VECTORSEnable phase 3b (cosine vector search)false
CHATCLI_QUALITY_HYDE_NUM_KEYWORDSCap on keywords extracted from the hypothesis5

Embedding Providers (used by HyDE 3b)

VariableDescriptionDefault
CHATCLI_EMBED_PROVIDERvoyage / openai / bedrock / nullnull
CHATCLI_EMBED_MODELEmbedding model. Provider defaults: Voyage voyage-3; OpenAI text-embedding-3-small; Bedrock amazon.titan-embed-text-v2:0.provider default
CHATCLI_EMBED_DIMENSIONSOpenAI: truncate via Matryoshka. Bedrock Titan v2: accepts 256 / 512 / 1024 (rejects others). Bedrock Titan v1 / Cohere v3: fixed dim, ignored.model native
VOYAGE_API_KEYRequired for provider=voyage
OPENAI_API_KEYRequired for provider=openai (shared with chat)
BEDROCK_REGION / AWS_REGION / AWS_PROFILE / AWS credentialsRequired for provider=bedrock — reuses the same chain as chat.per chat Bedrock
Bedrock embeddings support amazon.titan-embed-text-v2:0 (default), amazon.titan-embed-text-v1, cohere.embed-english-v3, and cohere.embed-multilingual-v3. Titan parallelizes batches with an 8-worker pool (the API accepts only 1 text per call); Cohere v3 sends the entire batch in one call. Dispatch is automatic from the model id prefix. See RAG + HyDE and AWS Bedrock.

Reasoning Backbone (#7)

VariableDescriptionDefault
CHATCLI_QUALITY_REASONING_MODEoff|auto|on — auto-attach policy for thinking/reasoningauto
CHATCLI_QUALITY_REASONING_BUDGETThinking tokens (Anthropic); mapped to tier on OpenAI8000
CHATCLI_QUALITY_REASONING_AUTO_AGENTSCSV of agents that receive effort hint automatically in mode=autoplanner,refiner,verifier,reflexion

Per-Agent Overrides (includes refiner / verifier)

VariableDescription
CHATCLI_AGENT_REFINER_MODELSpecific model for RefinerAgent
CHATCLI_AGENT_REFINER_EFFORTEffort tier (low|medium|high|max)
CHATCLI_AGENT_VERIFIER_MODELSpecific model for VerifierAgent
CHATCLI_AGENT_VERIFIER_EFFORTEffort tier
Recommended presets (cheap dev, rigorous review, docs, incident, autopilot) in Pipeline Configuration.

Session Workspace and Subagent

Variables that control the Session Workspace (scratch dir + tool-result overflow) and Subagent Delegation.
VariableDescriptionDefault
CHATCLI_AGENT_TMPDIRRead-only — exported automatically by ChatCLI at startup with the absolute path of the session scratch dir. Available to every subprocess launched by the agent’s exec.(set at startup)
CHATCLI_AGENT_KEEP_TMPDIRIf true, skip the scratch dir cleanup at session end. Useful for inspecting temporary scripts and overflow files after exit.false
CHATCLI_BLOCK_TMP_WRITESIf true, blocks the automatic allowlist extension to os.TempDir() and /tmp. Only the session-isolated scratch dir stays accessible. Use on multi-user / strict CI. See Session Workspace.false (allows)
CHATCLI_AGENT_SUBAGENT_MAX_DEPTHMaximum nested delegation depth via delegate_subagent. Protects against pathological recursion.2
CHATCLI_AGENT_SUBAGENT_MAX_TURNSMaximum ReAct iterations of each subagent’s internal loop.15
CHATCLI_TOOL_RESULT_BUDGET_CHARSAggregate tool-result budget per turn. Above it, the largest results are saved to the session tool-results/ and replaced by a preview.200000
CHATCLI_TOOL_RESULT_MAX_CHARSMaximum size of a single inline tool result.20000

Global TLS Trust (Corporate Proxy)

For environments behind a corporate proxy/gateway performing TLS inspection with a private CA (Zscaler, Netskope, CrowdStrike Falcon, etc.). Both variables apply to every outbound HTTPS connection in the process: all LLM providers, TTS/STT, embeddings, web tools (@webfetch/@websearch/@osv), gateway channels, MCP transports, skill registries and the version check. The process-wide equivalent of NODE_EXTRA_CA_CERTS / NODE_TLS_REJECT_UNAUTHORIZED in Node.js tools such as Claude Code.
VariableDescriptionDefault
CHATCLI_CA_BUNDLEPath to a PEM bundle with the corporate CA. Merged into the system cert pool and used as RootCAs on every outbound connection (equivalent to NODE_EXTRA_CA_CERTS). An unreadable bundle or one with no valid certificates fails open to default verification, with a log warning — it never silently weakens verification.(system trust store)
CHATCLI_TLS_INSECURE_SKIP_VERIFYtrue disables TLS verification entirely, on every connection (equivalent to NODE_TLS_REJECT_UNAUTHORIZED=0). Logs a loud warning. Insecure — use only to confirm the problem is TLS trust; then configure CHATCLI_CA_BUNDLE.false
Go — and therefore ChatCLI — already trusts the operating system’s cert store by default (Keychain on macOS, the Windows cert store, /etc/ssl on Linux). If the corporate CA is already installed on the machine, no configuration is needed. CHATCLI_CA_BUNDLE covers the case where the CA cannot be installed system-wide.
With CHATCLI_TLS_INSECURE_SKIP_VERIFY=true ChatCLI accepts any certificate — invalid, expired, forged — and is exposed to man-in-the-middle attacks (capture of API keys, code and credentials). Never use it in production.
The Bedrock-specific variables (CHATCLI_BEDROCK_CA_BUNDLE / CHATCLI_BEDROCK_INSECURE_SKIP_VERIFY, in the AWS Bedrock section) take precedence over the global ones; when absent, Bedrock inherits the globals as fallback, since the AWS SDK builds its own HTTP client.
Quick diagnosis: unresolved TLS inspection produces an x509 error (certificate signed by unknown authority) — that is what CHATCLI_CA_BUNDLE fixes. A 403 comes from a layer above (WAF/proxy policy: User-Agent, fingerprint, authentication) and is not solved by TLS trust — for that, see the web proxy variables (HTTPS_PROXY, CHATCLI_PROXY_AUTH) in /config resilience.

History Compaction and Payload Recovery

Controls the HistoryCompactor (3-level pipeline: trim → summarize → emergency) and the reactive detection of corporate-proxy/gateway limits. See Context Recovery.
VariableDescriptionDefault
CHATCLI_CONTEXT_WINDOWGlobal context-window override (in tokens), valid for any provider/model. Takes precedence over the model catalog and the per-provider fallbacks. It is the escape hatch for gateways/agents whose real window differs from the catalog — e.g. a StackSpot agent backed by a larger or smaller foundation model. Since the compaction budget derives from the context window, this env directly controls when auto-compact fires. Accepts a positive integer only; invalid values are silently ignored.(auto from catalog)
CHATCLI_MAX_PAYLOADHuman-friendly ceiling for POST body size. Accepts 5MB, 512KB, 2.5MB, 5 (= 5 MB). When set, the compactor respects this limit as an extra cap on top of the model’s context window, and pre-flight forces aggressive compaction on crossing 85% of it. Essential behind corporate proxies (Cloudflare, Akamai, WAF) that cap body size at 1-5 MB regardless of model context.(unset — no cap)
CHATCLI_MAX_RECOVERY_ATTEMPTSMaximum context-overflow recovery attempts per session.3
CHATCLI_MAX_TOKEN_ESCALATIONSMaximum max_tokens escalations per session.2
CHATCLI_EMERGENCY_KEEP_MESSAGESMessages kept during Level 2 emergency truncation.10
CHATCLI_MICROCOMPACT_TRUNCATE_TURNSAge (in turns) at which old tool results start being truncated to head+tail preview — no LLM call. First line of defense before NeedsCompaction fires.2
CHATCLI_MICROCOMPACT_SUMMARIZE_TURNSAge (in turns) at which old tool results get replaced by a one-line summary ([Old tool result cleared — N lines, N chars, type]).4
If you are behind a corporate proxy and don’t know the exact limit, start with CHATCLI_MAX_PAYLOAD=4MB. If you still take 413s, drop to 3MB. If everything flows smoothly, push up to 5MB or 10MB (depends on the proxy). ChatCLI already leaves a 30% headroom for JSON overhead + system prompt + tool definitions.
If a 413/WAF/EOF hits without CHATCLI_MAX_PAYLOAD set, ChatCLI automatically assumes 4 MB for the rest of the session (reactive auto-cap) and injects a hint into history telling the AI to prefer line-ranged reads. This prevents a failure loop when the user hasn’t discovered the proxy’s real limit yet.

/coder and /agent UI

VariableDescriptionDefault
CHATCLI_CODER_UITimeline style: full · compact · minimal. Applies to /coder AND /agent (cross-mode since v1.119).full
CHATCLI_CODER_BANNERShow the /coder cheat sheet on session entrytrue
Available styles:
  • full (default) — full bordered cards ╭── ICON TITLE ─────╮ … ╰─╯. Each tool call is a highlighted action. Best for /agent (supervised plan-and-execute).
  • compact — inline lines ↻ Read(main.go) / ✓ Read(main.go) 0.3s. Long sessions with dozens of tools stay scannable. Best for /coder.
  • minimal — middle ground: smaller cards with truncated content.
The variable keeps the legacy name CHATCLI_CODER_UI for back-compat, but as of v1.119 it controls BOTH modes. If you had CHATCLI_CODER_UI=compact set, /agent will now also render compactly.
Color change also in v1.119: tool failures (, ❌ EXECUTION FAILED) now render in true red instead of purple. Previously they shared the header color (ColorPurple), which was confusing. If your terminal maps ANSI 31 (red) to a non-red color via theme, adjust the palette.

Provider Fallback

VariableDescriptionDefault
CHATCLI_FALLBACK_PROVIDERSComma-separated list of providers
CHATCLI_FALLBACK_MODEL_<PROVIDER>Specific model per provider in the chain
CHATCLI_FALLBACK_MAX_RETRIESRetries per provider before advancing2
CHATCLI_FALLBACK_COOLDOWN_BASEBase cooldown after failure30s
CHATCLI_FALLBACK_COOLDOWN_MAXMaximum cooldown (exponential backoff)5m

MCP (Model Context Protocol)

VariableDescriptionDefault
CHATCLI_MCP_ENABLEDEnable MCP managerfalse
CHATCLI_MCP_CONFIGPath to MCP configuration JSON~/.chatcli/mcp_servers.json
The MCP subsystem also manages ~/.chatcli/mcp/ for durable state: channels.jsonl (durable push-notification ring, with rotation) and triggers.json (opt-in trigger engine rules). These paths are fixed — no environment variables override them. Details: MCP Channels and MCP Config.

Bootstrap and Memory

VariableDescriptionDefault
CHATCLI_BOOTSTRAP_ENABLEDEnable bootstrap file loadingtrue
CHATCLI_BOOTSTRAP_DIRBootstrap files directory
CHATCLI_MEMORY_ENABLEDEnable persistent memory systemtrue
CHATCLI_MEMORY_MAX_SIZEMaximum size of rendered MEMORY.md (bytes)32768
CHATCLI_MEMORY_RETENTION_DAYSDays to retain daily notes before cleanup30
CHATCLI_MEMORY_MAX_FACTSMaximum number of facts in memory index500
CHATCLI_MEMORY_RETRIEVAL_BUDGETMaximum memory characters in system prompt4000
CHATCLI_MEMORY_FALLBACK_PROVIDERSFallback provider chain for memory extraction (e.g. OPENAI,GOOGLEAI). Empty → falls back to CHATCLI_FALLBACK_PROVIDERS. Segments that fail every provider are queued on disk and retried.

Scheduler

See Scheduler (Chronos) for the full design. All boolean variables accept enabled/disabled/true/false/1/0.

Core

VariableDescriptionDefault
CHATCLI_SCHEDULER_ENABLEDMaster switchtrue
CHATCLI_SCHEDULER_DATA_DIRDirectory for WAL + snapshot + audit log~/.chatcli/scheduler
CHATCLI_SCHEDULER_MAX_JOBSMax simultaneous non-terminal jobs256
CHATCLI_SCHEDULER_WORKER_COUNTWorker pool goroutines running handleJob4
CHATCLI_SCHEDULER_WAIT_WORKER_COUNTGoroutines dedicated to wait loops (reserved, shared pool today)8
CHATCLI_SCHEDULER_ALLOW_AGENTSAllow agents to create jobs via @schedulertrue
CHATCLI_SCHEDULER_ACTION_ALLOWLISTCSV of allowed action typesslash_cmd,llm_prompt,agent_task,worker_dispatch,hook,noop,webhook,shell,agent_resume,park_poll
CHATCLI_SCHEDULER_HISTORY_LIMITMax ExecutionResults kept per job (ring buffer)16
CHATCLI_PARK_DIROverride of the @park snapshot directory — useful for tests and isolated environments. See Agent Park & Resume$XDG_CONFIG_HOME/chatcli/parked

Default budget (per-job overrides win)

VariableDescriptionDefault
CHATCLI_SCHEDULER_DEFAULT_ACTION_TIMEOUTAction timeout per fire5m
CHATCLI_SCHEDULER_DEFAULT_POLL_INTERVALInterval between wait-condition polls5s
CHATCLI_SCHEDULER_DEFAULT_WAIT_TIMEOUTMax wait-loop duration30m
CHATCLI_SCHEDULER_DEFAULT_MAX_POLLSMax polls before giving up (0 = unlimited)0
CHATCLI_SCHEDULER_DEFAULT_BACKOFF_INITIALInitial backoff between retries1s
CHATCLI_SCHEDULER_DEFAULT_BACKOFF_MAXExponential backoff cap5m
CHATCLI_SCHEDULER_DEFAULT_BACKOFF_MULTBackoff multiplicative factor2.0
CHATCLI_SCHEDULER_DEFAULT_BACKOFF_JITTERJitter fraction (0.00.5)0.2
CHATCLI_SCHEDULER_DEFAULT_MAX_RETRIESRetries on transient failure3
CHATCLI_SCHEDULER_DEFAULT_TTLTTL for terminal records on disk24h

Safety

VariableDescriptionDefault
CHATCLI_SCHEDULER_RATE_LIMIT_GLOBAL_RPSGlobal token bucket (req/s)5.0
CHATCLI_SCHEDULER_RATE_LIMIT_GLOBAL_BURSTGlobal bucket burst20
CHATCLI_SCHEDULER_RATE_LIMIT_OWNER_RPSPer-owner token bucket1.0
CHATCLI_SCHEDULER_RATE_LIMIT_OWNER_BURSTPer-owner bucket burst10
CHATCLI_SCHEDULER_BREAKER_FAILURE_THRESHOLDConsecutive failures before breaker opens5
CHATCLI_SCHEDULER_BREAKER_WINDOWBreaker count window60s
CHATCLI_SCHEDULER_BREAKER_COOLDOWNCooldown before half-open probe30s
CHATCLI_SCHEDULER_SHELL_ALLOW_BYPASSWhen true, jobs may set bypass_safety=true in the action payload to skip both the preflight and the fire-time re-check. Without this variable, bypass_safety=true is rejected. Shell actions normally pass through CoderMode preflight (ClassifyShellCommand) on enqueue and re-check in RunShell at fire — this env is the escape hatch for trusted CI.false

Audit log

VariableDescriptionDefault
CHATCLI_SCHEDULER_AUDIT_ENABLEDWrite JSONL to <data_dir>/audit.logtrue
CHATCLI_SCHEDULER_AUDIT_MAX_SIZE_MBSize rotation (lumberjack)10
CHATCLI_SCHEDULER_AUDIT_MAX_BACKUPSBackups kept7
CHATCLI_SCHEDULER_AUDIT_MAX_AGE_DAYSMax age in days30

Daemon

VariableDescriptionDefault
CHATCLI_SCHEDULER_DAEMON_SOCKETUNIX socket path/tmp/chatcli-scheduler.sock
CHATCLI_SCHEDULER_DAEMON_AUTO_CONNECTCLI auto-detects daemon and becomes thin clienttrue
CHATCLI_SCHEDULER_SNAPSHOT_INTERVALSnapshot periodicity5m
CHATCLI_SCHEDULER_WAL_GC_INTERVALGC periodicity for expired terminals1h

Metrics and Observability

VariableDescriptionDefault
CHATCLI_METRICS_PORTHTTP port to export Prometheus metrics (0 = disabled)9090
PROMETHEUS_URLPrometheus URL for metrics collection during AIOps incident analysis. When set, the operator queries CPU/memory/latency/error rate trends correlated with incidents. Example: http://prometheus-server.monitoring.svc:9090(empty = disabled)

Security

VariableDescriptionDefault
CHATCLI_SAFETY_ENABLEDEnable configurable safety rulesfalse
CHATCLI_GRPC_REFLECTIONEnable gRPC reflection on server (use only in dev)false
CHATCLI_DISABLE_VERSION_CHECKDisable automatic version checkfalse
CHATCLI_LATEST_VERSION_URLCustom URL for version checkGitHub API

Context and memory threat scan

Sanitizes injected prompt content — contexts attached via /context attach and long-term memory — against prompt-injection before sending it to the model.
VariableDescriptionDefault
CHATCLI_THREATSCANToggle the context/memory threat scan. On by default; accepts false/0/off/no to disable.true (on)

Server Security

VariableDescriptionDefault
CHATCLI_JWT_SECRETJWT signing secret (HS256) or path to RSA key (RS256)""
CHATCLI_JWT_ISSUERExpected JWT issuer claim""
CHATCLI_JWT_AUDIENCEExpected JWT audience claim""
CHATCLI_RATE_LIMIT_RPSRate limit: sustained requests per second10
CHATCLI_RATE_LIMIT_BURSTRate limit: burst capacity20
CHATCLI_MAX_RECV_MSG_SIZEMaximum gRPC receive message size (bytes)4194304
CHATCLI_MAX_SEND_MSG_SIZEMaximum gRPC send message size (bytes)4194304
CHATCLI_MAX_CONCURRENT_STREAMSMaximum concurrent gRPC streams per connection100
CHATCLI_BIND_ADDRESSNetwork interface to bind to. Defaults to 127.0.0.1 (local); auto-detects 0.0.0.0 in Kubernetes via KUBERNETES_SERVICE_HOST.127.0.0.1 / 0.0.0.0 (K8s)
CHATCLI_AUDIT_LOG_PATHPath for the structured audit log file. Must be absolute — relative values are rejected with a logged error.""
CHATCLI_LOG_FILEApplication log file path~/.chatcli/app.log
CHATCLI_LOG_MAX_SIZE_MBMax log file size before rotation (MB)100
CHATCLI_LOG_MAX_BACKUPSNumber of rotated log files to keep3
CHATCLI_LOG_MAX_AGE_DAYSMaximum age of rotated log files (days)30
CHATCLI_DEBUGEnable debug mode with verbose loggingfalse
CHATCLI_ALLOW_HTTP_PROVIDERSAllow HTTP (non-TLS) connections to LLM providersfalse

Agent Security

VariableDescriptionDefault
CHATCLI_AGENT_SECURITY_MODESecurity mode: strict (allowlist) or permissive (denylist)permissive
CHATCLI_AGENT_ALLOWLISTExtra allowed commands in strict mode (semicolon-separated)""
CHATCLI_AGENT_WORKSPACE_STRICTRestrict file access to workspace directory onlyfalse
CHATCLI_AGENT_ALLOW_KUBECONFIGAllow agent commands to access kubeconfigfalse
CHATCLI_AGENT_EXTRA_READ_PATHSAdditional allowed read paths (semicolon-separated)""
CHATCLI_AGENT_SOURCE_SHELL_CONFIGSource shell config (~/.bashrc, etc.) in agent commandsfalse
CHATCLI_MAX_COMMAND_OUTPUTMaximum command output size (bytes)65536

Plugin and Auth Security

VariableDescriptionDefault
CHATCLI_ALLOW_UNSIGNED_PLUGINSAllow unsigned plugins to executefalse
CHATCLI_ALLOW_INSECUREAllow insecure (non-TLS) connectionsfalse
CHATCLI_TLS_CLIENT_CERTClient TLS certificate for mTLS""
CHATCLI_TLS_CLIENT_KEYClient TLS key for mTLS""
CHATCLI_ENCRYPTION_KEYCustom encryption key for session dataAuto-generated
CHATCLI_KEYCHAIN_BACKENDKeychain backend: auto, file, keychainauto
CHATCLI_DISABLE_HISTORYDisable conversation history recordingfalse
CHATCLI_SESSION_TTLSession time-to-live before expiration24h
CHATCLI_ENV_REDACT_MODEEnv redaction: full, partial, nonefull
CHATCLI_REDACT_PATTERNSCustom redaction patterns (semicolon-separated regex)""

Operator Security

The operator REST API authentication loads API keys with hot-reload every 30s in the following priority order: Secret chatcli-operator-secretsConfigMap chatcli-operator-config → reject (or accept in dev-mode if CHATCLI_OPERATOR_DEV_MODE=true).
VariableDescriptionDefault
CHATCLI_OPERATOR_DEV_MODEEnable operator dev mode (relaxed security)false
CHATCLI_AIOPS_TLS_CERTAIOps REST API TLS certificate""
CHATCLI_AIOPS_TLS_KEYAIOps REST API TLS key""
CHATCLI_GRPC_TLS_CERTgRPC TLS certificate""
CHATCLI_GRPC_TLS_KEYgRPC TLS key""
CHATCLI_GRPC_TLS_CAgRPC CA certificate for mTLS verification. Must be an absolute path (relative values return an error). In the operator this is only a fallback — when using the Instance CR, WatcherBridge reads ca.crt from the Secret referenced by spec.server.tls.secretName automatically (see cookbook §2.1).""
CHATCLI_ALLOWED_RESOURCE_TYPESKubernetes resource types allowed by ApplyManifest (comma-separated)Deployment,StatefulSet,DaemonSet,…
CHATCLI_ALLOWED_DIAGNOSTIC_COMMANDSAdditional commands accepted by ExecDiagnostic (comma-separated, extends the ~90-entry default allowlist — see k8s-operator#execdiagnostic-allowlist)"" (defaults only)
CHATCLI_OPERATOR_APP_VERSIONInjected by the Helm chart from .Chart.AppVersion. The operator reads it to resolve the server image tag when Instance.spec.image.tag is omitted — letting helm upgrade of the operator also roll Instances. Do not set manually.Set by chart
CHATCLI_LOG_SCRUB_PATTERNSPatterns to scrub from logs (semicolon-separated regex)Built-in patterns

OAuth

VariableDescriptionDefault
CHATCLI_OPENAI_CLIENT_IDOverride OpenAI OAuth client ID

Remote Server

VariableDescriptionDefault
CHATCLI_SERVER_PORTgRPC server port50051
CHATCLI_SERVER_TOKENAuthentication token
CHATCLI_SERVER_TLS_CERTTLS certificate path
CHATCLI_SERVER_TLS_KEYTLS key path

Remote Client

VariableDescriptionDefault
CHATCLI_REMOTE_ADDRRemote server address
CHATCLI_REMOTE_TOKENAuthentication token
CHATCLI_CLIENT_API_KEYYour API key (sent to server)

Chat Gateway (Telegram / Slack / Discord / WhatsApp / Webhook)

Bridge that exposes ChatCLI as a bot/service on messaging platforms. Started with /gateway start. Each inbound message runs through the real agent loop (tools, shell, file edits — auto-executed) and the progress is streamed back to the chat. Each adapter only activates when its required variables are present — set only the channels you want. See Chat Gateway.

Telegram

VariableDescriptionDefault
CHATCLI_TELEGRAM_BOT_TOKENBot token (BotFather). Required to enable the Telegram adapter (long-polling via getUpdates).
CHATCLI_TELEGRAM_ALLOWED_USERSAllowed user IDs, separated by comma/space/;. Empty = any user.— (all)

Slack

VariableDescriptionDefault
CHATCLI_SLACK_BOT_TOKENBot token (xoxb-…) used to reply. Required.
CHATCLI_SLACK_ADDRBind address of the events HTTP server (e.g. :8081). Required — the adapter only starts when set.
CHATCLI_SLACK_SIGNING_SECRETSigning secret to verify the HMAC signature of events (Events API).
CHATCLI_SLACK_PATHPath of the events endpoint./slack/events

Discord

VariableDescriptionDefault
CHATCLI_DISCORD_BOT_TOKENBot token. Required to enable the Discord adapter (Gateway WebSocket v10).

WhatsApp (Cloud API)

VariableDescriptionDefault
CHATCLI_WHATSAPP_ACCESS_TOKENWhatsApp Cloud API access token. Required.
CHATCLI_WHATSAPP_PHONE_IDPhone number ID used to send replies. Required.
CHATCLI_WHATSAPP_ADDRBind address of the webhook server (e.g. :8082). Required.
CHATCLI_WHATSAPP_VERIFY_TOKENWebhook verification token (Meta’s GET handshake).
CHATCLI_WHATSAPP_PATHWebhook path./whatsapp/webhook

Generic webhook

VariableDescriptionDefault
CHATCLI_WEBHOOK_ADDRBind address of the generic webhook server (e.g. :8083). Required — the adapter only starts when set.
CHATCLI_WEBHOOK_PATHPath that receives inbound POSTs./inbound
CHATCLI_WEBHOOK_SECRETShared secret, validated in constant time. Empty = no verification.
CHATCLI_WEBHOOK_CALLBACK_URLURL the reply is POSTed back to. Empty = synchronous reply on the request.

Voice / transcription (audio on channels)

Transcribes voice notes to text before the pipeline. Local-first selection: command → self-hosted URL → whisper CLI on PATH (auto, downloads the model) → Groq → OpenAI → disabled. See Chat Gateway → Voice messages.
VariableDescriptionDefault
CHATCLI_TRANSCRIPTION_PROVIDERPin the STT backend: embedded, command, url, groq, openai (or auto). In auto, with nothing configured, it falls back to the embedded Whisper (one-time download at daemon startup).auto
CHATCLI_TRANSCRIPTION_CMDLocal STT command (placeholders {input}/{output_dir}/{lang}); reads the transcript from stdout or the generated .txt.
CHATCLI_TRANSCRIPTION_URLSelf-hosted OpenAI-compatible endpoint (/v1). Keyless.
CHATCLI_TRANSCRIPTION_KEYOptional key for the self-hosted endpoint.
CHATCLI_TRANSCRIPTION_MODELModel (embedded: tiny/base/small/medium/large-v3; cloud: e.g. whisper-1; local whisper: base/small).whisper-1 (cloud) / base (embedded)
CHATCLI_TRANSCRIPTION_LANGForced language; empty = auto-detect the spoken language.(auto)
CHATCLI_TRANSCRIPTION_CACHE_DIRRelocates the embedded engine cache (absolute path; default ~/.cache/chatcli/stt/).(os cache dir)
CHATCLI_GATEWAY_MAX_AUDIO_BYTESMax downloaded audio size.20971520 (20MB)
Voice notes are OGG/Opus; local whisper.cpp and the embedded engine need ffmpeg to decode them (cloud/self-hosted backends decode server-side). With nothing configured, the gateway uses the embedded Whisper automatically — only platforms without a prebuilt engine get the configuration hint.

Proactive messaging (@send)

Home channels for the @send tool when the target is just the platform.
VariableDescriptionDefault
CHATCLI_TELEGRAM_HOME_CHANNELDefault Telegram channel.
CHATCLI_WHATSAPP_HOME_CHANNELDefault WhatsApp channel.
CHATCLI_DISCORD_HOME_CHANNELDefault Discord channel.
CHATCLI_SLACK_HOME_CHANNELDefault Slack channel.
CHATCLI_WEBHOOK_HOME_CHANNELDefault webhook target.

Voice reply / TTS

Synthesizes the reply to audio. Local-first: command → self-hosted URL → embedded (if provisioned)say/espeak on PATH → OpenAI → Groq → Gemini → disabled. See Text-to-Speech and Voice Replies.
VariableDescriptionDefault
CHATCLI_GATEWAY_VOICE_REPLYGateway voice reply mode: auto (voice answers voice), always, never. Legacy booleans work (true→always, false→never).auto
CHATCLI_TTS_PROVIDERPin the backend: embedded (or kokoro)/command/url/openai/groq/google (or auto).auto
CHATCLI_TTS_CMDLocal TTS command (placeholders {text}/{output}). Keyless.
CHATCLI_TTS_CMD_EXTOutput extension for CHATCLI_TTS_CMD.wav
CHATCLI_TTS_URLOpenAI-compatible endpoint (/audio/speech).
CHATCLI_TTS_KEYOptional key for the self-hosted endpoint.
CHATCLI_TTS_MODELTTS model.tts-1
CHATCLI_TTS_VOICEVoice (backend-dependent). Embedded: voice for English.alloy (embedded: bm_george)
CHATCLI_TTS_VOICE_PTEmbedded-engine voice for Portuguese replies.pm_alex
CHATCLI_TTS_CACHE_DIRRelocates the embedded engine/model cache. Absolute path.OS cache dir
CHATCLI_TTS_VOICE_FORMATFormat requested for the gateway reply (ogg = Telegram voice note).ogg

Image generation (@image)

Generates images from text. Local-first: SD WebUI → OpenAI-compatible URL → OpenAI → Google Imagen → xAI grok-image → Bedrock. See Image Generation.
VariableDescriptionDefault
CHATCLI_IMAGE_PROVIDERPin the backend: sdwebui/url/openai/responses/google/xai/bedrock (or auto).auto
CHATCLI_IMAGE_APIFor OpenAI: images (gpt-image-*) or responses (a chat model like gpt-5.5 generates via the image_generation tool).images
CHATCLI_IMAGE_URLSD WebUI (http://localhost:7860) or an OpenAI-compatible endpoint.
CHATCLI_IMAGE_KEYOptional key for the self-hosted endpoint.
CHATCLI_IMAGE_MODELModel (e.g. gpt-image-1, gpt-5.5, grok-2-image, imagen-3.0-generate-002, amazon.nova-canvas-v1:0).gpt-image-1
CHATCLI_IMAGE_STEPSSampling steps (SD WebUI).25
xAI (image) and Groq (voice) use their standard keys (XAI_API_KEY, GROQ_API_KEY); Google uses GOOGLEAI_API_KEY/GEMINI_API_KEY; Bedrock uses the chat provider’s AWS credential chain (BEDROCK_REGION/AWS_REGION, BEDROCK_PROFILE/AWS_PROFILE). The @osv, @session and @skill tools need no variables. Use @image models or /config image to view/switch backend and model at runtime.

Conversation Hub (cross-channel continuity)

Carries a conversation across channels: a topic started on Telegram/Slack/WhatsApp continues in the notebook chatcli (and vice-versa), until /newsession. It is a momentary bridge with a bounded database — not long-term memory (that lives in /memory and /session). See Conversation Hub. Every option below can also be changed at runtime by command (/config hub set <key> <value>), with precedence: setting (in hub.db) > environment variable > default. A value set by command persists in the database and is read live by the gateway daemon.
VariableDescriptionDefault
CHATCLI_HUB_PRINCIPALShared conversation identity (single-user mode). Unset, it falls back to default — the local CLI and the gateway’s unbound senders collapse to it, so it works with zero configuration.default
CHATCLI_HUB_ENABLEDEnable the hub. false disables it (local CLI “starts fresh”; gateway has no continuity).true
CHATCLI_HUB_ISOLATEMulti-user/public bot: true keeps each channel identity in its own conversation (one user never sees another’s thread). Off in the single-user default.false
CHATCLI_HUB_TTL_HOURSHours before an idle conversation is pruned (PurgeIdle runs when the CLI/gateway opens). 0 disables purging.24
CHATCLI_HUB_BINDINGSExplicit platform:user_id=principal bindings, separated by ;/, (e.g. telegram:123=alice;slack:U1=alice). Take precedence over the single-user collapse.
CHATCLI_HUB_DBPath to the hub’s SQLite (WAL) database.~/.chatcli/hub.db
CHATCLI_HUB_TAIL_BUFFERPer-subscriber fan-out (live tail) buffer size on the gRPC server.256
CHATCLI_GATEWAY_IN_SERVERtrue runs the gateway inside the server process (chatcli server), sharing one in-memory broker — enables real-time push to a connected CLI (cross-process only syncs on connect / next turn).false
To “run chatcli + the gateway on one machine and share context”: just CHATCLI_HUB_PRINCIPAL (or the default) — no bindings needed. For a multi-user bot, turn on CHATCLI_HUB_ISOLATE=true and use CHATCLI_HUB_BINDINGS to map who is who.

LSP (Language Server Protocol — diagnostics)

Code diagnostics (compiler/linter errors and warnings) for a file, via LSP servers. Triggered manually by the /lsp <file> command. Each variable overrides the command used to start the language server for its language; when unset, ChatCLI uses the default preset (if the binary is on PATH). See LSP Diagnostics.
VariableDescriptionDefault (preset)
CHATCLI_LSP_GO_CMDGo language server command.gopls
CHATCLI_LSP_PYTHON_CMDPython language server command.pyright-langserver --stdio
CHATCLI_LSP_TS_CMDTypeScript/JavaScript language server command.typescript-language-server --stdio
CHATCLI_LSP_RUST_CMDRust language server command.rust-analyzer
CHATCLI_LSP_C_CMDC language server command.clangd
CHATCLI_LSP_CPP_CMDC++ language server command.clangd
CHATCLI_LSP_JAVA_CMDJava language server command.jdtls
CHATCLI_LSP_RUBY_CMDRuby language server command.solargraph stdio
VariableDescriptionDefault
CHATCLI_WEBSEARCH_PROVIDERPreferred backend for @websearch / /websearch: searxng, duckduckgo, brave, mojeek, or auto.auto
SEARXNG_URLRoot URL of the self-hosted SearxNG instance (e.g. https://searx.internal.corp). When set, SearxNG joins the fallback chain.
Backends are keyless by design: DuckDuckGo (HTML scraping, default) + SearxNG (self-hosted via SEARXNG_URL). See Web Tools for the fallback chain.

K8s Watcher

VariableDescriptionDefault
CHATCLI_WATCH_DEPLOYMENTSingle deployment (legacy)
CHATCLI_WATCH_NAMESPACEDeployment namespacedefault
CHATCLI_WATCH_INTERVALCollection interval30s
CHATCLI_WATCH_WINDOWObservation window2h
CHATCLI_WATCH_MAX_LOG_LINESMaximum log lines per pod100
CHATCLI_WATCH_CONFIGPath to multi-target YAML config
CHATCLI_KUBECONFIGKubeconfig pathAuto-detected

Complete .env Example

# Geral
LOG_LEVEL=info
CHATCLI_LANG=pt-BR
ENV=prod
LLM_PROVIDER=CLAUDEAI

# Provedor principal
ANTHROPIC_API_KEY=sk-ant-xxxxxxxxxxxxxxxxxxxxxxxx
ANTHROPIC_MODEL=claude-sonnet-4-6
ANTHROPIC_MAX_TOKENS=20000

# Fallback
CHATCLI_FALLBACK_PROVIDERS=CLAUDEAI,OPENAI,GOOGLEAI,ZAI,MINIMAX,MOONSHOT,OPENROUTER
OPENAI_API_KEY=sk-xxxxxxxxxxxxxxxxxxxxxxxx
GOOGLEAI_API_KEY=AIzaxxxxxxxxxxxxxxxxxxxxxxxx
ZAI_API_KEY=your-zai-api-key
MINIMAX_API_KEY=your-minimax-api-key
MOONSHOT_API_KEY=sk-your-moonshot-api-key
# MOONSHOT_MODEL=kimi-k2.6
# MOONSHOT_THINKING=auto  # auto | enabled | disabled
OPENROUTER_API_KEY=sk-or-xxxxxxxxxxxxxxxxxxxxxxxx
# MINIMAX_API_COMPAT=anthropic  # use Anthropic-compatible endpoint

# Agente
CHATCLI_AGENT_CMD_TIMEOUT=2m
CHATCLI_AGENT_ALLOW_SUDO=false

# Multi-Agent
CHATCLI_AGENT_PARALLEL_MODE=true
CHATCLI_AGENT_MAX_WORKERS=4

# Bootstrap and Memory
CHATCLI_BOOTSTRAP_ENABLED=true
CHATCLI_MEMORY_ENABLED=true

# Corporate proxy — uncomment and tune if your environment caps body size
# CHATCLI_MAX_PAYLOAD=5MB
# CHATCLI_BLOCK_TMP_WRITES=true   # strict sandbox, blocks /tmp in allowlist

# Corporate TLS inspection (private CA) — global, applies to all providers and tools
# CHATCLI_CA_BUNDLE=/etc/ssl/corp-ca-bundle.pem
# CHATCLI_TLS_INSECURE_SKIP_VERIFY=true   # INSECURE — diagnosis only, never production

# Context window — uncomment if your gateway/agent's real window differs from the catalog
# CHATCLI_CONTEXT_WINDOW=128000

# Web search — uncomment to prefer self-hosted SearxNG
# SEARXNG_URL=https://searx.internal.corp
# CHATCLI_WEBSEARCH_PROVIDER=searxng   # optional, default "auto" (DDG first)

# Mixture-of-Agents (/moa) — uncomment to enable the ensemble
# CHATCLI_MOA_MODELS=openai:gpt-5,claudeai:claude-opus-4-8,googleai:gemini-2.5-pro
# CHATCLI_MOA_AGGREGATOR=claudeai:claude-opus-4-8

# Chat Gateway (/gateway start) — uncomment only the channels you use
# CHATCLI_TELEGRAM_BOT_TOKEN=123:abc
# CHATCLI_TELEGRAM_ALLOWED_USERS=111111111,222222222
# CHATCLI_SLACK_BOT_TOKEN=xoxb-xxx
# CHATCLI_SLACK_ADDR=:8081
# CHATCLI_SLACK_SIGNING_SECRET=xxxx
# CHATCLI_DISCORD_BOT_TOKEN=xxxx
# CHATCLI_WHATSAPP_ACCESS_TOKEN=xxxx
# CHATCLI_WHATSAPP_PHONE_ID=123456
# CHATCLI_WHATSAPP_ADDR=:8082
# CHATCLI_WHATSAPP_VERIFY_TOKEN=my-verify
# CHATCLI_WEBHOOK_ADDR=:8083
# CHATCLI_WEBHOOK_SECRET=supersecret
# CHATCLI_WEBHOOK_CALLBACK_URL=https://myapp.example/callback

# Conversation Hub (cross-channel continuity) — on by default
# CHATCLI_HUB_PRINCIPAL=edilson      # shared identity (default: "default")
# CHATCLI_HUB_ISOLATE=true           # multi-user bot: isolate each channel
# CHATCLI_HUB_TTL_HOURS=24           # prune idle conversations (0 disables)
# CHATCLI_HUB_BINDINGS=telegram:123=edilson;slack:U1=edilson
# CHATCLI_GATEWAY_IN_SERVER=true     # gateway in the server process (real-time push)
# CHATCLI_HUB_ENABLED=false          # disable the hub entirely

# LSP (/lsp) — uncomment only to override the default command
# CHATCLI_LSP_GO_CMD=gopls -rpc.trace
# CHATCLI_LSP_PYTHON_CMD=pyright-langserver --stdio

# Context/memory security and tool guard — on by default
# CHATCLI_THREATSCAN=false           # disable prompt-injection scan of context/memory
# CHATCLI_AGENT_TOOLGUARD=false      # disable the repeated tool-failure hint