Gateway configuration reference
WednesdayAI reads its configuration from~/.openclaw/openclaw.json at startup. The file uses JSON5 syntax: standard JSON plus // comments and trailing commas. The config object is strict - unknown top-level keys cause the gateway to refuse to start. The only root-level exception is $schema (a string).
If the file does not exist, the gateway starts with safe defaults. Run openclaw doctor to identify and remove unknown keys.
Editing configuration
| Method | Use when |
|---|---|
openclaw onboard / openclaw configure | Interactive wizard for guided setup |
openclaw config get|set|unset | One-off CLI changes |
Control panel Config tab (http://localhost:18789/) | Browser-based editing with a raw JSON escape hatch |
| Direct file edit | Scripted or bulk changes - the gateway hot-reloads automatically |
Validation and repair
openclaw doctor, openclaw logs, openclaw health, and openclaw status work until the config is fixed.
Hot reload
The gateway watches the config file and applies most changes without a restart:gateway.reload.mode | Behaviour |
|---|---|
"hybrid" | Hot-apply safe changes; auto-restart for server-level changes (default) |
"hot" | Hot-apply only; logs a warning when a restart is needed |
"restart" | Restart on any config change |
"off" | Manual restarts only |
channels.*, agents.*, models, bindings, hooks, cron, session, messages, tools, browser, skills, audio, logging, ui.
Requires restart: gateway.* (port, bind address, auth, TLS, tailscale), discovery, canvasHost, plugins.
Environment variables
The gateway reads env vars from the parent process,.env in the working directory, and ~/.openclaw/.env (neither file overrides existing env vars).
Env var substitution in config values via ${VAR_NAME}:
- Only uppercase names matched:
[A-Z_][A-Z0-9_]* - Missing or empty vars throw an error at load time
- Escape with
$${VAR}for literal${VAR}output
Split config with $include
Root keys at a glance
The strict root object accepts these keys (everything else is rejected). Each has its own section or is summarised below.| Key | Purpose |
|---|---|
gateway | Server: port, bind, auth, TLS, HTTP endpoints, reload, remote |
agents | Agent defaults, model selection, per-agent list |
models | Provider/model catalogue, aliases, fallbacks |
channels | Messaging platform connections |
bindings | Multi-agent routing rules |
broadcast | Per-peer broadcast agent fan-out |
tools | Agent tool policy (profiles, allow/deny, exec, fs) |
approvals | Exec-approval forwarding |
commands | Slash-command gating (native, bash, config, debug) |
messages | Inbound/outbound message behaviour, ack reactions, TTS |
session | Session scope, thread bindings, reset policy |
cron | Scheduled job runner |
hooks | Incoming webhooks + internal lifecycle hooks |
plugins | Extension enable/deny, load paths, per-plugin config |
skills | Skill loading and limits |
memory | Memory backend and citation behaviour |
secrets | SecretRef providers and resolution |
auth | Provider auth profiles, order, cooldowns |
talk | Text-to-speech provider configuration |
audio | Inbound audio transcription |
media | Media handling (filename preservation) |
browser | Headless/attached browser control |
acp | Agent Client Protocol bridge |
update | Update channel and auto-update policy |
discovery | mDNS and wide-area discovery |
canvasHost | Local canvas static host |
nodeHost | Node.js host configuration including browser proxy settings |
web | WhatsApp-web client tuning |
logging | Log levels, file, redaction |
diagnostics | OpenTelemetry export, cache tracing |
ui | Control-panel branding |
cli | CLI banner styling |
meta | Bookkeeping (last-touched version/time) |
wizard | Onboarding wizard bookkeeping |
env | Inline env vars and shell import |
network | Global outbound SSRF policy (all requests, not just browser) |
network - Global outbound SSRF policy
network.ssrfPolicy applies to all outbound HTTP requests made by the gateway — agent tool calls, webhook deliveries, plugin fetches, and so on. browser.ssrfPolicy is a parallel control scoped only to browser-driven fetches; both share the same shape.
| Key | Type | Default | Description |
|---|---|---|---|
network.ssrfPolicy.dangerouslyAllowPrivateNetwork | boolean | false | Allow outbound requests to RFC-1918 private and loopback addresses |
network.ssrfPolicy.hostnameAllowlist | string[] | [] | Hostnames unconditionally permitted regardless of other policy |
network.ssrfPolicy.allowedCidrs | string[] | [] | CIDR ranges to allow |
network.ssrfPolicy.allowRfc2544BenchmarkRange | boolean | false | Allow RFC-2544 benchmark address ranges |
network.ssrfPolicy supports two field aliases: allowPrivateNetwork (alias for dangerouslyAllowPrivateNetwork) and allowedHostnames (alias for hostnameAllowlist). Prefer the canonical names in new configs.For browser-specific SSRF controls see
browser.ssrfPolicy. The two policies are evaluated independently — a request that passes network.ssrfPolicy but originates from the browser is also checked against browser.ssrfPolicy.nodeHost — Browser-proxy settings
nodeHost — object — Browser-proxy configuration for this node. Shape: { browserProxy?: { enabled?: boolean, allowProfiles?: string[] } }
gateway - Server settings
| Key | Default | Restart? |
|---|---|---|
gateway.port | 18789 | Yes |
gateway.mode | "local" | Yes |
gateway.bind | "loopback" | Yes |
gateway.auth.mode | "token" | Yes |
gateway.tailscale.mode | "off" | Yes |
gateway.tls.enabled | false | Yes |
gateway.reload.mode | "hybrid" | No |
gateway.channelHealthCheckMinutes | provider default | No |
gateway.restartPolicy | "drain" | No |
gateway.restartResilience | see description | No |
| Key | Type | Default | Description |
|---|---|---|---|
gateway.restartPolicy | string | "drain" | "drain" | "force" | "cancel" — controls auto-restart behaviour |
gateway.restartResilience | object | — | GatewayRestartResilienceConfig: mode ("controlled" | "immediate"), drainTimeoutMs (number), forceMarksRecovery (boolean) |
Control UI (gateway.controlUi)
| Key | Type | Default | Description |
|---|---|---|---|
gateway.controlUi.enabled | boolean | true | Enable or disable the control UI entirely |
gateway.controlUi.basePath | string | "/" | URL path prefix for the control UI |
gateway.controlUi.root | string | — | Optional path override: serve the control UI at this path instead of basePath |
gateway.controlUi.allowedOrigins | string[] | [] | Explicit CORS origin allowlist |
gateway.controlUi.allowInsecureAuth | boolean | false | Allow auth over plain HTTP (not just HTTPS) |
gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback | boolean | false | Use the Host header as the CORS origin when no Origin header is present |
gateway.controlUi.dangerouslyDisableDeviceAuth | boolean | false | Disable device authentication for the control UI |
HTTP endpoints
Both OpenAI-compatible endpoints are disabled by default and grant full operator access when enabled. See the API reference for request/response details.agents - Agent and model configuration
provider/model format. agents.defaults.model.primary is set by openclaw models set; the image model by openclaw models set-image.
Model shorthand aliases
The following shorthands can be used anywhere a model ref is expected and resolve to their current default:| Alias | Resolves to |
|---|---|
opus | anthropic/claude-opus-4-6 |
sonnet | anthropic/claude-sonnet-4-6 |
gpt | openai/gpt-5.2 |
gpt-mini | openai/gpt-5-mini |
gemini | google/gemini-3-pro-preview |
gemini-flash | google/gemini-3-flash-preview |
provider/model ref if you need to pin to a specific version.
agents.defaults.subagents — Subagent limits
| Key | Type | Range | Description |
|---|---|---|---|
agents.defaults.subagents.maxConcurrent | integer | — | Max subagents running concurrently per parent agent |
agents.defaults.subagents.maxSpawnDepth | integer | 1–5 | Max nesting depth for spawned subagent chains |
agents.defaults.subagents.maxChildrenPerAgent | integer | 1–20 | Max total subagents a single agent can spawn in one turn |
agents.defaults.subagents.archiveAfterMinutes | integer | — | Archive completed subagent sessions after this many minutes |
agents.defaults.subagents.runTimeoutSeconds | integer | — | Timeout for each subagent run |
agents.defaults.subagents.announceTimeoutMs | integer | — | Timeout to wait for subagent announce before proceeding |
maxSpawnDepth, 1–20 for maxChildrenPerAgent) cause the gateway to reject the config on startup.
models - Provider/model catalogue
models.bedrockDiscovery — Automatic Bedrock model discovery
| Key | Type | Default | Description |
|---|---|---|---|
models.bedrockDiscovery.enabled | boolean | false | Enable automatic discovery of available Bedrock models |
models.bedrockDiscovery.region | string | — | AWS region to query for available models |
models.bedrockDiscovery.providerFilter | string[] | — | Limit discovery to these model providers (e.g. ["anthropic", "amazon"]) |
models.bedrockDiscovery.refreshInterval | integer | — | Seconds between rediscovery polls |
models.bedrockDiscovery.defaultContextWindow | integer | — | Assumed context window size for discovered models lacking metadata |
models.bedrockDiscovery.defaultMaxTokens | integer | — | Assumed max output tokens for discovered models lacking metadata |
models.providers.* — Provider and model config
Each provider entry under models.providers follows this shape:
| Key | Type | Description |
|---|---|---|
models.providers.<id>.baseUrl | string | Base URL for API requests |
models.providers.<id>.apiKey | string | Env var name or secret ref for the API key |
models.providers.<id>.auth | string | Auth method: api-key | aws-sdk | oauth | token |
models.providers.<id>.api | string | API type: openai-completions | openai-responses | anthropic-messages | google-generative-ai | bedrock-converse-stream | ollama | github-copilot |
models.providers.<id>.models[].id | string | Provider-side model ID |
models.providers.<id>.models[].name | string | Display name |
models.providers.<id>.models[].reasoning | boolean | Whether the model supports extended reasoning |
models.providers.<id>.models[].input | string[] | Accepted input types: "text", "image" |
models.providers.<id>.models[].contextWindow | integer | Context window in tokens |
models.providers.<id>.models[].maxTokens | integer | Max output tokens |
models.providers.<id>.models[].cost.input | number | Cost per input token in USD |
models.providers.<id>.models[].cost.output | number | Cost per output token in USD |
models.providers.<id>.models[].compat.maxTokensField | string | Field name to use for max tokens: max_tokens | max_completion_tokens |
models.providers.<id>.models[].compat.thinkingFormat | string | Thinking tag format for reasoning models: openai | zai | qwen |
models.providers.<id>.models[].compat.supportsStrictMode | boolean | Whether the model supports strict tool-schema mode |
models.providers.<id>.models[].compat.supportsReasoningEffort | boolean | Whether the model accepts a reasoning-effort parameter |
models.providers.<id>.models[].compat.requiresToolResultName | boolean | Whether tool result messages must include a name field |
models.providers.<id>.models[].compat.requiresMistralToolIds | boolean | Whether the Mistral-style tool ID convention is required |
tools - Agent tool policy
Set either
allow or alsoAllow in a scope, not both. alsoAllow extends the profile; allow replaces it.approvals - Exec-approval forwarding
commands - Slash-command gating
| Key | Type | Default | Description |
|---|---|---|---|
commands.aliases | object | {} | Custom slash-command aliases mapping alias → real command |
commands.disabled | string[] | [] | Command names to disable globally |
messages - Message behaviour
channels - Messaging platform connections
Built-in channels: whatsapp, telegram, discord, slack, signal, imessage, bluebubbles, googlechat, msteams, irc. Additional channels (Matrix, Zalo, Mattermost, Nostr, and others) are provided by extensions and configured under the same channels object.
Common DM policy values
dmPolicy | Effect |
|---|---|
"pairing" | New senders get a pairing code; ignored until approved (default) |
"allowlist" | Only allowFrom entries can initiate conversations |
"open" | Any sender (requires allowFrom: ["*"]) |
"disabled" | Agent does not respond to DMs |
openclaw channels login --channel whatsapp [--account work]
Telegram
Discord
Slack
Signal
iMessage and BlueBubbles
session - Session scope and reset
| Key | Type | Default | Description |
|---|---|---|---|
session.storage.backend | string | "sqlite" | "fs-jsonl" | "sqlite" | "postgres" — backing store for session data |
session.storage.sqlitePath | string | — | Path to the SQLite .db file (sqlite only) |
session.storage.databaseUrl | string | — | Connection string (postgres only) |
session.storage.cache.enabled | boolean | true | Enable in-memory session cache |
session.storage.cache.maxEntries | integer | 500 | Max entries in the session cache |
session.maintenance.mode | string | "auto" | "auto" | "manual" |
session.maintenance.pruneAfter | number | 90 | Days before pruning old sessions |
session.maintenance.maxEntries | integer | 0 | Max session entries (0 = no limit) |
session.maintenance.rotateBytes | integer | 0 | Rotate session file after this many bytes |
session.maintenance.maxDiskBytes | integer | 0 | Cap total disk usage in bytes |
session.maintenance.highWaterBytes | integer | 0 | Trigger maintenance at this threshold |
cron - Scheduled jobs
| Key | Type | Default | Description |
|---|---|---|---|
cron.store | string | — | Optional named store identifier for cron job persistence |
cron.webhook | string (HttpUrl) | — | URL to receive cron trigger notifications |
cron.webhookToken | string | — | Authentication token for the cron webhook |
cron.failureAlert.cooldownMs | number | — | Minimum milliseconds between repeated failure alerts; prevents alert storms |
cron.failureDestination | object | — | Separate routing target for failure alerts: { channel?, to?, accountId?, mode? }. Distinct from cron.failureAlert (which controls triggering); this sets where alerts go |
hooks - Incoming webhooks and lifecycle hooks
internal hooks.
Additional hooks keys:
| Key | Type | Default | Description |
|---|---|---|---|
hooks.presets | string[] | [] | Preset names to load: "safety", "productivity", "audit" |
hooks.transformsDir | string | — | Path to a directory of transform scripts applied to all hook payloads |
hooks.allowedAgentIds | string[] | — | Optional allowlist of agent IDs that can receive hook deliveries |
hooks.gmail — Gmail push notification integration
Receives Gmail push notifications via Google Cloud Pub/Sub and routes them as hook events.
| Key | Type | Default | Description |
|---|---|---|---|
hooks.gmail.account | string | — | Gmail account address to monitor |
hooks.gmail.label | string | — | Gmail label to filter (e.g. "INBOX") |
hooks.gmail.topic | string | — | Google Cloud Pub/Sub topic name |
hooks.gmail.subscription | string | — | Pub/Sub subscription name |
hooks.gmail.pushToken | string | — | Secret token used to validate incoming Pub/Sub pushes |
hooks.gmail.hookUrl | string | — | Public URL that Google will push notifications to |
hooks.gmail.includeBody | boolean | false | Whether to include the email body in the hook payload |
hooks.gmail.maxBytes | integer | — | Maximum bytes to include from the email body |
hooks.gmail.renewEveryMinutes | integer | — | How often to renew the Pub/Sub push subscription |
hooks.gmail.allowUnsafeExternalContent | boolean | false | Pass raw email content to the agent (use with caution) |
hooks.gmail.serve.bind | string | — | Bind address for the local Pub/Sub push receiver |
hooks.gmail.serve.port | integer | — | Port for the local Pub/Sub push receiver |
hooks.gmail.serve.path | string | — | URL path for the local Pub/Sub push receiver |
hooks.gmail.tailscale.mode | string | "off" | Expose the receiver via Tailscale: off | serve | funnel |
hooks.gmail.model | string | — | Model to use for agent turns triggered by Gmail events |
hooks.gmail.thinking | string | "off" | Thinking level: off | minimal | low | medium | high |
plugins - Extensions
| Key | Type | Default | Description |
|---|---|---|---|
plugins.installs | object | {} | Plugin specifiers auto-installed on gateway start. Keyed by plugin name: { "<plugin-name>": { version } } |
skills - Skill loading
| Key | Type | Default | Description |
|---|---|---|---|
skills.load.watchDebounceMs | number | — | Debounce delay (ms) before reloading after a skills file change (requires skills.load.watch: true) |
skills.limits.maxSkillFileBytes | integer | 524288 | Max SKILL.md file size in bytes (512 KB) |
skills.limits.maxCandidatesPerRoot | integer | — | Max skill candidates per root directory |
skills.limits.maxSkillsLoadedPerSource | integer | — | Max skills loaded per source |
skills.entries.<id>.enabled | boolean | true | Enable or disable this skill entry |
skills.entries.<id>.apiKey | string | — | API key passed to the skill |
skills.entries.<id>.env | Record<string, string> | — | Environment variables injected when the skill runs |
skills.entries.<id>.config | Record<string, unknown> | — | Arbitrary skill-specific configuration object |
memory - Memory backend
secrets - SecretRef resolution
gateway.auth.token, channels.*.botToken, talk.apiKey, and so on) accept a SecretRef instead of a plaintext string. Run openclaw secrets reload after changing providers.
auth - Provider auth profiles
api_key, oauth, or token. Managed via openclaw models auth ....
Additional auth keys:
| Key | Type | Default | Description |
|---|---|---|---|
auth.cooldowns.billingBackoffHoursByProvider | object | {} | Per-provider billing backoff hours (record keyed by provider name) |
auth.cooldowns.billingMaxHours | number | — | Maximum billing backoff hours |
talk and audio - Voice
browser - Browser control
| Key | Type | Default | Description |
|---|---|---|---|
browser.ssrfPolicy.dangerouslyAllowPrivateNetwork | boolean | false | Allow the browser to fetch RFC-1918 private addresses |
browser.ssrfPolicy.hostnameAllowlist | string[] | [] | Hostnames to allow |
browser.ssrfPolicy.allowedCidrs | string[] | [] | CIDR ranges to allow |
browser.ssrfPolicy.allowRfc2544BenchmarkRange | boolean | false | Allow RFC-2544 benchmark address ranges |
browser.snapshotDefaults.mode | string | — | Default snapshot strategy for browser tool calls: "efficient" |
browser.ssrfPolicy supports two field aliases: allowPrivateNetwork (alias for dangerouslyAllowPrivateNetwork) and allowedHostnames (alias for hostnameAllowlist). Prefer the canonical names in new configs.Additional browser keys
| Key | Type | Default | Description |
|---|---|---|---|
browser.cdpUrl | string | — | Connect to a remote CDP endpoint instead of launching a browser (e.g. ws://127.0.0.1:9222/json/version) |
browser.remoteCdpTimeoutMs | number | — | Timeout (ms) for establishing a remote CDP connection |
browser.remoteCdpHandshakeTimeoutMs | number | — | Timeout (ms) for the CDP handshake after connecting |
browser.executablePath | string | — | Path to the browser executable; overrides auto-detection |
browser.noSandbox | boolean | false | Disable the browser sandbox (required in some containerized environments) |
browser.attachOnly | boolean | false | Attach to an already-running browser instead of launching a new one |
browser.cdpPortRangeStart | number | — | Starting port number for CDP port allocation |
browser.extraArgs | string[] | [] | Additional arguments passed to the browser on launch |
browser.profiles[*].color | string | — | Hex color (#RRGGBB) used to visually distinguish this profile in the UI |
acp - Agent Client Protocol bridge
| Key | Type | Default | Description |
|---|---|---|---|
acp.stream.coalesceIdleMs | integer | 50 | Idle time before flushing a partial stream chunk (ms) |
acp.stream.maxChunkChars | integer | — | Max characters per stream chunk |
acp.stream.repeatSuppression | boolean | true | Suppress repeated identical chunks |
acp.stream.hiddenBoundarySeparator | enum | "none" | Separator at hidden chunk boundaries: "none" | "space" | "newline" | "paragraph" |
acp.stream.maxOutputChars | integer | — | Max total output characters; omit for unlimited (must be positive integer if set) |
acp.stream.maxSessionUpdateChars | integer | — | Max chars per session update; omit for unlimited (must be positive integer if set) |
acp.stream.tagVisibility | Record<string, boolean> | — | Per-tag visibility overrides, e.g. { "thinking": false } |
acp.dispatch | object | — | Dispatch sub-object (see extended config) |
acp.backend | string | — | Optional string identifier for the backend |
acp.runtime | object | — | Runtime environment config: { ttlMinutes?: number, installCommand?: string }. ttlMinutes sets the runtime TTL; installCommand is run to install runtime dependencies before the session starts |
update - Update policy
| Key | Type | Default | Description |
|---|---|---|---|
update.auto.stableDelayHours | number | 6 | Hours to delay applying a stable update after release (max 168) |
update.auto.stableJitterHours | number | 12 | Random jitter (hours) added to update checks (max 168) |
update.auto.betaCheckIntervalHours | number | 1 | How often (hours) the beta channel is checked (max 24) |
discovery and canvasHost
web - WhatsApp Web client
Controls the WhatsApp Web client’s connection behaviour and reconnection strategy.
| Key | Type | Default | Description |
|---|---|---|---|
web.enabled | boolean | true | Enable or disable the WhatsApp Web client |
web.heartbeatSeconds | number | — | Interval (seconds) between keep-alive heartbeats |
web.reconnect.initialMs | number | — | Initial reconnect delay in milliseconds |
web.reconnect.maxMs | number | — | Maximum reconnect delay in milliseconds |
web.reconnect.factor | number | — | Exponential backoff multiplier applied after each failed attempt |
web.reconnect.jitter | number | — | Fractional jitter (0–1) added to each computed delay to spread reconnects |
web.reconnect.maxAttempts | number | — | Maximum reconnect attempts before giving up (0 = unlimited) |
broadcast - Broadcast fan-out
agents.list.
logging - Log levels and output
OPENCLAW_LOG_LEVEL=debug overrides both level and consoleLevel.
| Key | Type | Default | Description |
|---|---|---|---|
logging.level | string | "info" | Global log level: silent | fatal | error | warn | info | debug | trace |
logging.file | string | — | Path template for the log file; YYYY-MM-DD is substituted with the current date |
logging.consoleLevel | string | "info" | Log level for console (stdout) output |
logging.consoleStyle | string | "pretty" | Console format: pretty | compact | json |
logging.redactSensitive | string | "tools" | Redaction scope: off | tools |
logging.redactPatterns | string[] | [] | Additional regex patterns whose matches are redacted from logs |
logging.maxFileBytes | integer | — | Max log file size in bytes before rotation (e.g. 10485760 = 10 MB) |
logging.maxBackups | integer | — | Number of rotated log files to retain |
logging.fileLogs | object | — | Per-profile file logging config. Contains defaults (base log config) and profiles (named overrides) sub-objects |
diagnostics - OpenTelemetry export and session capture
diagnostics.otel keys
| Key | Type | Default | Description |
|---|---|---|---|
diagnostics.otel.enabled | boolean | false | Enable OTLP export |
diagnostics.otel.endpoint | string | — | Base OTLP collector endpoint (used when per-signal endpoints are not set) |
diagnostics.otel.tracesEndpoint | string | — | Per-signal OTLP endpoint for traces; overrides endpoint for traces |
diagnostics.otel.metricsEndpoint | string | — | Per-signal OTLP endpoint for metrics; overrides endpoint for metrics |
diagnostics.otel.logsEndpoint | string | — | Per-signal OTLP endpoint for logs; overrides endpoint for logs |
diagnostics.otel.protocol | string | "http/protobuf" | "http/protobuf" | "grpc" |
diagnostics.otel.traces | boolean | true | Export trace spans |
diagnostics.otel.metrics | boolean | true | Export metrics |
diagnostics.otel.logs | boolean | false | Export logs via OTLP |
diagnostics.otel.sampleRate | number | 1.0 | Trace sample rate (0.0–1.0) |
diagnostics.otel.serviceName | string | — | Service name tag attached to all telemetry |
diagnostics.otel.flushIntervalMs | integer | — | How often (ms) buffered telemetry is flushed to the collector |
diagnostics.otel.captureContent | boolean | object | false | Capture message content in trace spans. Pass true to capture all, or an object with granular flags per signal type |
diagnostics.otel.headers | object | {} | HTTP headers sent with every OTLP request (e.g. Authorization) |
diagnostics.otel.langfuse | object | — | Langfuse integration — see sub-table below |
diagnostics.otel.runtime | object | — | Runtime metrics collection: { enabled?: boolean (default false), intervalMs?: number, collectProc?: boolean } |
diagnostics.otel.modelPricing | Record<string, Record<string, { inputPerMToken: number, outputPerMToken: number }>> | — | Per-provider model pricing overrides for cost tracking |
diagnostics.otel.langfuse sub-keys:
| Key | Type | Default | Description |
|---|---|---|---|
langfuse.host | string | "https://cloud.langfuse.com" | Langfuse instance URL |
langfuse.publicKey | string | — | Langfuse project public key |
langfuse.secretKey | string | — | Langfuse project secret key |
langfuse.filterInfraSpans | boolean | true | Exclude internal infrastructure spans from Langfuse traces |
langfuse.sessionSpans | boolean | true | Group spans by gateway session |
langfuse.sessionIdleTimeoutMs | integer | 1800000 | Idle timeout (ms) before a Langfuse session is closed (default 30 min) |
Top-level diagnostics keys
| Key | Type | Default | Description |
|---|---|---|---|
diagnostics.capture | object | — | Session capture config: { mode: "off" | "manual" | "always" | "schedule", ... } |
diagnostics.cacheTrace | object | — | Cache trace config: { enabled?: boolean, filePath?: string, includeMessages?: boolean, includePrompt?: boolean, includeSystem?: boolean } |
diagnostics.modelPayloadLog | object | — | Model payload logging config: { enabled?: boolean, usageSummaries?: boolean, rawPayloads?: boolean, captureContent?: boolean, providers?: string[], file?: string, maxQueuedBytes?: number } |
diagnostics.stuckSessionWarnMs | integer | 60000 | Emit a warning if a session has not advanced for this many milliseconds |
diagnostics.stuckSessionAbortMs | integer | 300000 | Abort a session that has been stuck longer than this many milliseconds |
diagnostics.flags | string[] | [] | Debug flag strings for internal diagnostic tracing (e.g. ["rpc-trace", "session-gc"]) |
ui, cli, meta, wizard
bindings - Multi-agent routing
Config RPC (programmatic updates)
Rate-limited to 3 requests per 60 seconds perdeviceId+clientIp. Pass baseHash from config.get to prevent conflicting writes.
Full replace:
null deletes a key, objects merge recursively, arrays replace):