Config: gateway, memory, security & platform

Gateway, tunnel, proxy, memory, Kumiho, operator, MCP, security, workspace, hardware, and node config sections.

This page is the field reference for the parts of ~/.revka/config.toml that run the gateway, expose it to the network, store memory, enforce security policy, and wire in the platform subsystems — schedulers, hardware, skills, swarms, and the sidecar integrations. Every section lists its keys with type, default, and meaning so you can edit config.toml directly and know exactly what each value does.

Use this page when you are hardening a deployment, choosing a memory backend, exposing the gateway behind a tunnel or proxy, isolating multiple clients, or attaching hardware. For the file-location and precedence rules, start at the Configuration overview. For provider, model, and agent-loop keys, see Config: provider, agent & routing; for channels and tools, see Config: channels, tools & integrations.

`[gateway]` — HTTP gateway server

The [gateway] section configures the embedded HTTP server that hosts the REST API, WebSocket, and web dashboard. The secure defaults bind to localhost only and require device pairing before any bearer-authenticated request.

[gateway]
host            = "127.0.0.1"
port            = 42617
require_pairing = true
allow_public_bind = false
path_prefix     = ""        # set to "/revka" for a reverse-proxy sub-path

Key	Type	Default	Meaning
`host`	string	`"127.0.0.1"`	Bind address. Env `REVKA_GATEWAY_HOST`.
`port`	u16	`42617`	Listen port. Env `REVKA_GATEWAY_PORT`.
`require_pairing`	bool	`true`	Require a pairing flow before bearer auth. Set `false` only for trusted local-only use.
`allow_public_bind`	bool	`false`	Guard against accidental public exposure; must be `true` to bind a non-loopback address. Env `REVKA_ALLOW_PUBLIC_BIND`.
`path_prefix`	string	`""`	URL path prefix for reverse-proxy sub-paths. Must start with `/` and must not end with `/`.
`web_root`	string?	unset	Override the filesystem path for dashboard assets. Env `REVKA_WEB_ROOT`.
`pair_rate_limit_per_minute`	u32	built-in	Max `/pair` requests per minute per client.

The dashboard is served at http://<host>:<port>/. Asset resolution order is: REVKA_WEB_ROOT env → gateway.web_root config → the embedded web/dist bundle → unavailable. Start the gateway alone with revka gateway; the full runtime (gateway + channels + heartbeat + scheduler) runs under revka daemon. See revka gateway, daemon & service.

`[tunnel]` — public exposure

The [tunnel] section wraps an external tunnel binary to expose the gateway. Revka spawns the binary, watches for the public URL, and stops it on daemon shutdown — so ingress starts and stops in lockstep with the gateway.

[tunnel]
provider = "cloudflare"   # none | cloudflare | tailscale | ngrok | openvpn | pinggy | custom

[tunnel.cloudflare]
token = "eyJhIjoiMTI..."  # from the Cloudflare Zero Trust dashboard

Set tunnel.provider to pick a backend, then fill in the matching sub-section. Provider matching is case-insensitive, so legacy PascalCase values such as "CloudFlare" still resolve.

Provider	Required sub-section keys	Optional keys
`cloudflare`	`token`	—
`tailscale`	—	`funnel` (bool, default `false` = tailnet-only `serve`), `hostname` (auto-detected if empty)
`ngrok`	`auth_token`	`domain` (paid plan)
`openvpn`	`config_file`	`auth_file`, `advertise_address`, `connect_timeout_secs` (default `30`), `extra_args`
`pinggy`	`token` (Pro only)	`region`
`custom`	`start_command` (supports `{host}` / `{port}`)	`health_url`, `url_pattern` (substring hint)

# Bring-your-own tunnel via an arbitrary command
[tunnel]
provider = "custom"

[tunnel.custom]
start_command = "bore local {port} --to bore.pub"
health_url    = "https://bore.pub/health"
url_pattern   = "bore.pub"

For the full per-provider walkthrough, see Expose your gateway with a tunnel.

`[proxy]` — outbound HTTP/HTTPS/SOCKS5 proxy

The [proxy] section routes Revka’s outbound traffic through a proxy. The scope key controls how broadly the proxy applies — including a per-service mode that routes only selected providers, channels, or tools.

[proxy]
enabled  = true
http_proxy  = "http://proxy.example.com:8080"
https_proxy = "http://proxy.example.com:8080"
scope    = "services"     # environment | revka | services
services = ["provider.anthropic", "channel.telegram"]

Key	Type	Default	Meaning
`enabled`	bool	`false`	Master switch. Env `REVKA_PROXY_ENABLED`.
`http_proxy`	string?	unset	HTTP proxy URL. Env `REVKA_HTTP_PROXY`.
`https_proxy`	string?	unset	HTTPS proxy URL. Env `REVKA_HTTPS_PROXY`.
`all_proxy`	string?	unset	SOCKS5 proxy URL. Env `REVKA_ALL_PROXY`.
`no_proxy`	string?	unset	Bypass list. Env `REVKA_NO_PROXY`.
`scope`	string	`"revka"`	`environment` (use `HTTP_PROXY`/`HTTPS_PROXY` from the env), `revka` (all Revka outbound), or `services` (per-service routing). Env `REVKA_PROXY_SCOPE`.
`services`	array	`[]`	Service keys to route when `scope = "services"`. Env `REVKA_PROXY_SERVICES` (comma-separated).

When scope = "services", list the exact subsystems to route. Service keys include provider.anthropic, provider.openai, provider.compatible, channel.telegram, channel.discord, tool.browser, tool.web_search, memory.embeddings, transcription.groq, and tunnel.custom. Wildcards provider.*, channel.*, and tool.* match whole families.

`[memory]` — memory backend

The [memory] section selects the persistent store and its hygiene, retention, cache, and audit behavior. The backend ranges from local SQLite to Kumiho graph memory (cloud or self-hosted), Markdown, or none.

[memory]
backend           = "kumiho"   # kumiho | none
auto_save         = true
hygiene_enabled   = true
archive_after_days = 7
purge_after_days   = 30

Key	Type	Default	Meaning
`backend`	string	`"kumiho"`	`kumiho` or `none`. (Legacy values `sqlite`, `lucid`, `markdown`, `qdrant` are rejected at startup.)
`auto_save`	bool	`true`	Persist user inputs (assistant outputs are excluded).
`hygiene_enabled`	bool	`true`	Hygiene: archive then purge old entries.
`archive_after_days`	u32	`7`	Archive entries older than N days (SQLite hygiene).
`purge_after_days`	u32	`30`	Delete archived entries older than N days.
`conversation_retention_days`	u32	`30`	Max conversation-history age.
`min_relevance_score`	f64	`0.4`	Minimum relevance score for recall.
`response_cache_enabled`	bool	`false`	Enable the response cache.
`response_cache_ttl_minutes`	u32	`60`	Cache entry TTL.
`response_cache_max_entries`	u32	`5000`	Max cache entries.
`snapshot_enabled`	bool	`false`	Enable workspace snapshots.
`audit_enabled`	bool	`false`	Enable the memory audit trail.
`audit_retention_days`	u32	`30`	Memory-audit retention.
`default_namespace`	string	`"default"`	Memory namespace.

Setting backend = "kumiho" activates the graph store; configure it in the [kumiho] section below. For the response cache, hardware RAG, and isolation behaviors, see Response cache, hardware RAG & isolation.

`[kumiho]` — graph memory integration

Kumiho is Revka’s canonical persistent graph memory. This section controls the MCP sidecar path, the backend mode (hosted cloud vs. self-hosted Community Edition), and project/namespace scoping.

[kumiho]
enabled                 = true
mode                    = "cloud"      # cloud | local_ce
mcp_path                = "~/.revka/kumiho/run_kumiho_mcp.py"
space_prefix            = "Revka"
api_url                 = "https://api.kumiho.cloud"
memory_project          = "CognitiveMemory"
harness_project         = "Revka"
memory_retrieval_limit  = 3

Key	Type	Default	Meaning
`enabled`	bool	`true`	Disable for testing or air-gapped deployments.
`mode`	string	`"cloud"`	`cloud` (hosted) or `local_ce` (self-hosted Community Edition).
`mcp_path`	string	`~/.revka/kumiho/run_kumiho_mcp.py`	Launcher path (tilde-expanded).
`space_prefix`	string	`"Revka"`	Memory-scoping prefix.
`api_url`	string	`https://api.kumiho.cloud`	Kumiho REST base URL. Point at `http://127.0.0.1:9190` for CE.
`memory_project`	string	`"CognitiveMemory"`	Project for user memories and sessions.
`harness_project`	string	`"Revka"`	Project for skills and operational data.
`memory_retrieval_limit`	u32	`3`	Max memories returned per recall/engage call.

Community Edition (local) mode

Self-host Kumiho CE for a tokenless, loopback-only, single-user backend. CE mode auto-sets KUMIHO_LOCAL_SERVER_ENDPOINT for the MCP client and probes its health endpoints from revka doctor.

[kumiho]
mode    = "local_ce"
api_url = "http://127.0.0.1:9190"

Variable / constant	Default	Meaning
`KUMIHO_UPSTASH_REDIS_URL` / `UPSTASH_REDIS_URL`	`redis://127.0.0.1:6379`	Redis URL for CE mode.
`KUMIHO_LOCAL_CE_API_URL` (constant)	`http://127.0.0.1:9190`	CE API endpoint.
`KUMIHO_LOCAL_CE_REDIS_URL` (constant)	`redis://127.0.0.1:6379`	CE Redis endpoint.

`[operator]` — multi-agent orchestration MCP

The Operator is a Python MCP sidecar that drives declarative YAML workflows. It is injected into every non-internal agent so workflow tools are always available.

[operator]
enabled            = true
mcp_path           = "~/.revka/operator_mcp/run_operator_mcp.py"
max_tool_iterations = 80
tool_timeout_secs   = 600

Key	Type	Default	Meaning
`enabled`	bool	`true`	Disable on deployments not running the Operator sidecar.
`mcp_path`	string	`~/.revka/operator_mcp/run_operator_mcp.py`	Launcher path.
`max_tool_iterations`	u32	`80`	Overrides `agent.max_tool_iterations` for operator sessions.
`tool_timeout_secs`	u64	`600`	Per-tool timeout (capped at `600`); some tools are slow (e.g. image generation).

Workflow checkpoints land in ~/.revka/workflow_checkpoints/; the JSONL run-log audit lives in ~/.revka/operator_mcp/runlogs/. For the workflow language, see Workflows & SOP overview.

`[mcp]` — external MCP server connections

The [mcp] section connects Revka to external Model Context Protocol servers that supply extra tools. Each server is a [[mcp.servers]] table.

[mcp]
enabled          = true
deferred_loading = true

[[mcp.servers]]
name      = "filesystem"
transport = "stdio"
command   = "npx"
args      = ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"]

[[mcp.servers]]
name      = "my-api"
transport = "http"
url       = "https://my-api.example.com/mcp"
headers   = { "Authorization" = "Bearer token" }

Key	Type	Default	Meaning
`enabled`	bool	`false`	Master switch.
`deferred_loading`	bool	`true`	Load tool schemas on demand via `tool_search` instead of eagerly.

Each [[mcp.servers]] entry:

Key	Type	Default	Meaning
`name`	string	required	Tool-name prefix (`<name>__<tool>`).
`transport`	string	`"stdio"`	`stdio`, `http`, or `sse`.
`command`	string	`""`	Executable for `stdio`.
`args`	array	`[]`	Arguments for `stdio`.
`env`	map	`{}`	Environment variables for `stdio`.
`url`	string?	unset	URL for `http`/`sse`.
`headers`	map	`{}`	HTTP headers for `http`/`sse`.
`tool_timeout_secs`	u64?	unset	Per-call timeout (hard-capped at `600`).

Security & autonomy

Revka’s security model is defence-in-depth: an autonomy level and command/path policy evaluated before any tool runs, OTP gating on sensitive actions, a persistent emergency stop, encrypted secrets, per-domain trust scoring, and commerce gating. The conceptual model is in the Security model; the operational guides are under Security.

`[autonomy]` — policy & access control

The [autonomy] section is the policy-engine entry point: it sets the autonomy level, the workspace boundary, the shell command allowlist, and the approval and budget gates.

[autonomy]
level            = "supervised"   # read_only | supervised | full
workspace_only   = true
allowed_commands = ["git", "python", "node"]
forbidden_paths  = ["/etc", "/root", "/proc", "/sys", "~/.ssh", "~/.gnupg", "~/.aws"]
allowed_roots    = ["~/Desktop/projects", "/opt/shared-repo"]

Key	Type	Default	Meaning
`level`	string	`"supervised"`	`read_only` (observe only), `supervised` (act within allowlists, approve medium/high risk), or `full` (no approval gates, allowlists still enforced).
`workspace_only`	bool	`true`	Reject absolute paths outside the workspace unless `allowed_roots` covers them.
`allowed_commands`	array	`[]`	Shell allowlist: bare names, full paths, or `"*"` for any (risk gates still apply).
`forbidden_paths`	array	built-in	System paths and sensitive dotdirs denied by default.
`allowed_roots`	array	`["~/.revka/workflows", "~/.revka/artifacts", "~/.revka/workspace"]`	Extra roots allowed outside the workspace (tilde + workspace-relative supported).
`max_actions_per_hour`	u32	`20`	Sliding-window action budget.
`max_cost_per_day_cents`	u32	`500`	Per-policy spend guardrail (US$5.00).
`require_approval_for_medium_risk`	bool	`true`	Approval gate for medium-risk commands.
`block_high_risk_commands`	bool	`true`	Hard block for high-risk commands.
`auto_approve`	array	`[]`	Tool operations always auto-approved.
`always_ask`	array	`[]`	Tool operations that always require approval.

`[security.otp]` — one-time-password gating

OTP gating protects sensitive tool calls, actions, and domains with TOTP verification. On first use with no secret present, Revka generates one and prints an otpauth:// enrollment URI once.

[security.otp]
enabled               = true
method                = "totp"        # totp (pairing / cli-prompt are reserved)
token_ttl_secs        = 30
cache_valid_secs      = 300
gated_actions         = ["shell", "browser_open"]
gated_domains         = ["*.chase.com", "accounts.google.com"]
gated_domain_categories = ["banking"]
challenge_max_attempts = 3

Key	Type	Default	Meaning
`enabled`	bool	`false`	Master switch.
`method`	string	`"totp"`	Only TOTP is implemented today.
`token_ttl_secs`	u64	`30`	TOTP time-step window (validation allows ±1 step for drift).
`cache_valid_secs`	u64	`300`	Window during which a recently validated code is accepted.
`gated_actions`	array	`["shell","file_write","browser_open","browser"]`	Tool names requiring OTP.
`gated_domains`	array	`[]`	Domain patterns requiring OTP (`*` wildcard supported).
`gated_domain_categories`	array	`[]`	Preset categories: `banking`, `medical`, `government`, `identity_providers`.
`challenge_max_attempts`	u32	`3`	Attempts per challenge.

The secret is stored encrypted at ~/.revka/otp-secret. The enrollment URI is shown only once — if lost, delete that file to regenerate. Invalid domain globs or unknown categories fail fast at startup. See OTP gating & emergency stop.

`[security.estop]` — emergency stop

The emergency stop is a persisted, fail-closed kill switch that survives restarts. Engage it from the CLI or a tool call; resume requires OTP when configured.

[security.estop]
enabled               = true
state_file            = "~/.revka/estop-state.json"
require_otp_to_resume = true

revka estop          # engage emergency stop
revka estop resume   # clear it (OTP required if configured)

Key	Type	Default	Meaning
`enabled`	bool	`false`	Master switch.
`state_file`	string	`~/.revka/estop-state.json`	Persisted state path (atomic write, `0600` on Unix).
`require_otp_to_resume`	bool	`true`	Require valid OTP before resuming.

The state composes four additive levels — kill-all, network-kill, per-domain block (glob), and per-tool freeze. A corrupt or unreadable state file defaults to kill_all = true (fail-closed), which blocks even read operations through the gateway. This is the first control to reach for in a runaway-agent situation. See revka memory & estop.

`[secrets]` — at-rest encryption

The [secrets] section encrypts sensitive config values (API keys, bot tokens) at rest with ChaCha20-Poly1305 AEAD. It is enabled by default during onboarding, and the agent encrypts new values transparently.

[secrets]
encrypt = true   # default

Encrypted values appear as enc2:<hex> in config.toml. The 32-byte key lives at ~/.revka/.secret_key (mode 0600 on Unix; restricted ACL on Windows) and is generated on first encrypt if absent. The legacy XOR enc: format is still readable and auto-upgraded to enc2: on read.

`[trust]` — domain trust scoring

Trust scoring tracks the agent’s behavior per domain over time. When a domain’s score drops below the regression threshold, autonomy is automatically downgraded one tier for that domain (Full → Supervised → ReadOnly).

[trust]
initial_score        = 0.8
decay_half_life_days  = 30
regression_threshold  = 0.5
correction_penalty    = 0.05
success_boost         = 0.01

Key	Type	Default	Meaning
`initial_score`	f64	`0.8`	Starting score (range `0.0–1.0`).
`decay_half_life_days`	f64	`30.0`	Half-life of decay back toward `initial_score`.
`regression_threshold`	f64	`0.5`	Below this, autonomy downgrades one tier.
`correction_penalty`	f64	`0.05`	Subtracted per correction event (user override, quality failure, SOP deviation).
`success_boost`	f64	`0.01`	Added per success.

See Prompt injection, leak detection & trust.

`[verifiable_intent]` — commerce gating

Verifiable Intent gates commerce-related tool calls behind an SD-JWT credential chain. The config section is a simple toggle; mandate and constraint detail are handled by the tool layer.

[verifiable_intent]
enabled    = false
strictness = "strict"   # strict | permissive

Key	Type	Default	Meaning
`enabled`	bool	`false`	Master switch.
`strictness`	string	`"strict"`	Error reporting during chain verification: `strict` or `permissive`.

For the credential model — Immediate vs. Autonomous mandates and constraint types — see Verifiable Intent (commerce gating).

`[workspace]` — multi-client isolation

The [workspace] section enables isolated workspace profiles for multi-client operator deployments. Each profile gets separate memory, secrets, audit, and tool restrictions.

[workspace]
enabled               = true
active_workspace      = "client_a"
workspaces_dir        = "~/.revka/workspaces"
isolate_memory        = true
isolate_secrets       = true
isolate_audit         = true
cross_workspace_search = false

Key	Type	Default	Meaning
`enabled`	bool	`false`	Master switch.
`active_workspace`	string?	unset	Name of the active profile.
`workspaces_dir`	string	`~/.revka/workspaces`	Base directory for profile subdirectories.
`isolate_memory`	bool	`true`	Separate memory DB per workspace.
`isolate_secrets`	bool	`true`	Separate secrets namespace per workspace.
`isolate_audit`	bool	`true`	Separate audit log per workspace.
`cross_workspace_search`	bool	`false`	Security default: no cross-workspace memory search.

Each profile lives at ~/.revka/workspaces/<name>/profile.toml:

name              = "client_a"
allowed_domains   = ["example.com"]
credential_profile = "client-a-creds"
memory_namespace  = "client_a_mem"
audit_namespace   = "client_a_audit"
tool_restrictions = ["shell"]

Profile enforcement is additive with [autonomy] — both must pass. A profile’s tool_restrictions deny those tools, domains outside allowed_domains are denied, and paths belonging to other workspaces are denied unless cross_workspace_search = true. Profile names must be alphanumeric plus -/_, and .. traversal is rejected.

Hardware & nodes

Revka can reach the physical world through serial, native, or debug-probe transports, and accept dynamic node connections at runtime. The hardware features require the hardware Cargo feature to be compiled in — see Cargo feature flags & ADRs.

`[hardware]` — microcontroller integration

[hardware]
enabled              = true
transport            = "serial"   # none | native | serial | probe
serial_port          = "/dev/ttyACM0"
baud_rate            = 115200
workspace_datasheets = true

Key	Type	Default	Meaning
`enabled`	bool	`false`	Master switch.
`transport`	string	`"none"`	`none`, `native`, `serial`, or `probe`.
`serial_port`	string?	unset	Serial device path for `serial` transport.
`baud_rate`	u32	`115200`	Serial baud rate.
`probe_target`	string?	unset	Debug-probe target (e.g. `"STM32F401RE"`); required for `transport = "probe"`.
`workspace_datasheets`	bool	`false`	Index workspace PDF datasheets for RAG-based pin lookups.

`[peripherals]` — peripheral boards

Higher-level peripheral boards (MCUs, Raspberry Pi GPIO, ESP32) become agent tools when enabled. Each board is a [[peripherals.boards]] table.

[peripherals]
enabled       = true
datasheet_dir = "docs/datasheets"

[[peripherals.boards]]
board     = "nucleo-f401re"
transport = "serial"
path      = "/dev/ttyACM0"
baud      = 115200

For supported boards and GPIO tooling, see Supported boards reference and Hardware quickstart.

`[nodes]` and `[node_transport]` — dynamic node discovery

[nodes] lets external processes or devices connect over WebSocket at /ws/nodes and advertise capabilities at runtime; [node_transport] configures the secure encrypted channel between nodes.

[nodes]
enabled    = true
max_nodes  = 16
auth_token = "secret-bearer-token"

Key	Type	Default	Meaning
`enabled`	bool	`false`	Accept dynamic node connections.
`max_nodes`	u32	`16`	Max concurrent connected nodes.
`auth_token`	string?	unset	Bearer token nodes must present to connect.

See Specialized suites: CanonWorks, Manus & nodes.

Platform subsystems

These sections wire in the platform services that run alongside the agent — storage, cost control, observability, the scheduler and cron, the heartbeat, lifecycle hooks, skills, swarms, delegate sub-agents, the skill marketplace, and the SOP engine.

`[storage]` — persistent storage provider

[storage]
provider = "sqlite"   # env: REVKA_STORAGE_PROVIDER

Backend for the structured storage used by tools and the gateway. Env override REVKA_STORAGE_PROVIDER.

`[cost]` — cost tracking & budgets

The [cost] section tracks estimated API spend and enforces daily/monthly budget limits.

[cost]
enabled         = true
daily_limit_usd  = 10.00
monthly_limit_usd = 100.00
warn_at_percent  = 80
allow_override   = false

Key	Type	Default	Meaning
`enabled`	bool	—	Master switch.
`daily_limit_usd`	f64	—	Hard daily cap.
`monthly_limit_usd`	f64	—	Hard monthly cap.
`warn_at_percent`	u8	—	Emit a warning at this fraction of the limit (requests continue).
`allow_override`	bool	`false`	Allow `--override` to bypass a hit hard limit.

At the hard limit, requests are rejected unless allow_override = true and --override is passed. See Cost tracking & budgets.

`[observability]` — metrics & tracing

[observability]
backend          = "otel"
otel_endpoint    = "http://localhost:4318"
otel_service_name = "revka"
runtime_trace_mode = "rolling"
runtime_trace_path = "state/runtime-trace.jsonl"
runtime_trace_max_entries = 200

Key	Type	Default	Meaning
`backend`	string	`"none"`	`none`, `noop`, `log`, `prometheus`, or `otel`/`opentelemetry`/`otlp`.
`otel_endpoint`	string	`http://localhost:4318`	OTLP HTTP endpoint.
`otel_service_name`	string	`"revka"`	Service name reported to OTLP.
`runtime_trace_mode`	string	`"none"`	`none`, `rolling`, or `full`.
`runtime_trace_path`	string	`state/runtime-trace.jsonl`	Trace file (workspace-relative unless absolute).
`runtime_trace_max_entries`	u32	`200`	Events retained in `rolling` mode.

OTel support requires the observability-otel feature compiled in. Runtime traces can contain model output text — keep them off by default on shared hosts, and query them with revka doctor traces. See Observability & tracing.

`[scheduler]`, `[cron]` & `[heartbeat]`

The scheduler runs cron jobs; [cron] declares periodic agent tasks (typically added via revka onboard’s DreamState offer or the gateway API); [heartbeat] fires LLM-driven check-ins on an interval.

[scheduler]
enabled = true

[heartbeat]
enabled          = true
interval_minutes  = 60
adaptive         = true
target           = "telegram"
to               = "123456789"

The heartbeat supports adaptive intervals, an optional two-phase LLM decision step, a dead-man’s switch, and delivery to a configured channel. For the full set of heartbeat keys, see Heartbeat & lifecycle hooks. For cron jobs and the scheduler, see Declarative jobs & scheduler config.

`[hooks]` — lifecycle & audit hooks

The [hooks] section toggles built-in hooks for agent and message lifecycle events. One notable hook posts an audit payload to an external endpoint for SIEM ingestion:

[hooks.webhook_audit]
enabled       = true
url           = "https://siem.example.com/revka/audit"
tool_patterns = ["shell", "file_write"]
max_args_bytes = 4096

Key	Type	Default	Meaning
`enabled`	bool	`false`	Master switch for the webhook audit hook.
`url`	string	—	Target HTTP POST endpoint.
`tool_patterns`	array	—	Glob-style tool-name patterns to match.
`max_args_bytes`	u64	`4096`	Truncate tool args in the payload.

Unlike the local audit log, the webhook hook is an outbound, real-time push. See Heartbeat & lifecycle hooks.

`[skills]` — skill loading & self-improvement

The [skills] section controls workspace skill loading, the community open-skills repository, and autonomous skill creation/improvement.

[skills]
open_skills_enabled  = false           # opt-in
open_skills_dir      = "~/open-skills"
prompt_injection_mode = "compact"      # full | compact
allow_scripts        = false

[skills.skill_creation]
enabled              = false
max_skills           = 500
similarity_threshold  = 0.85

[skills.skill_improvement]
enabled       = true
cooldown_secs = 3600

Key	Type	Default	Meaning
`open_skills_enabled`	bool	`false`	Load the community repo. Env `REVKA_OPEN_SKILLS_ENABLED`.
`open_skills_dir`	string	`~/open-skills`	Repo path. Env `REVKA_OPEN_SKILLS_DIR`.
`prompt_injection_mode`	string	`"full"`	`full` (inline) or `compact` (on-demand). Env `REVKA_SKILLS_PROMPT_MODE`.
`allow_scripts`	bool	`false`	Allow `.sh`/`.ps1`/shebang files in skills.
`skill_creation.enabled`	bool	`false`	Auto-create skills from successful multi-step tasks.
`skill_creation.max_skills`	u32	`500`	LRU eviction limit.
`skill_creation.similarity_threshold`	f64	`0.85`	Dedup threshold.
`skill_improvement.enabled`	bool	`true`	Auto-improve skills after successful use.
`skill_improvement.cooldown_secs`	u64	`3600`	Min interval between improvements per skill.

Use prompt_injection_mode = "compact" on low-context models. A static security audit rejects skills with symlinks, script-like files, or unsafe link traversal. See Skills system.

`[agents.<name>]`, `[swarms.<name>]` & `[delegate]`

Named sub-agents handle delegated work; swarms coordinate groups of them; [delegate] sets global default timeouts for the delegate tool.

[agents.researcher]
provider       = "openrouter"
model          = "anthropic/claude-sonnet-4-6"
agentic        = true
allowed_tools  = ["web_search", "http_request", "file_read"]
max_iterations = 8

[swarms.analysis]
agents   = ["researcher", "coder"]
strategy = "sequential"   # sequential | parallel | router
timeout_secs = 300

[delegate]
timeout_secs         = 120   # non-agentic calls
agentic_timeout_secs = 300   # agentic loops

agentic = true requires at least one entry in allowed_tools, and the delegate tool itself is excluded from sub-agent allowlists to prevent re-entrant loops. revka doctor validates every sub-agent’s provider. The full per-agent key list lives in Config: provider, agent & routing; the conceptual model is in Agents, teams & swarms.

`[clawhub]` — skill marketplace

ClawHub is the skill marketplace for browsing, searching, and installing skills. Anonymous browse and install work without a token; a token is needed only to publish.

[clawhub]
enabled   = true
api_token = "clh_..."             # only for publishing
api_url   = "https://clawhub.ai"

Key	Type	Default	Meaning
`enabled`	bool	—	Master switch.
`api_token`	string?	unset	Publishing token (`clh_...`).
`api_url`	string	`https://clawhub.ai`	Marketplace base URL.

Browse it from the dashboard Skills view, or via the REST endpoints GET /api/clawhub/search, /trending, GET /api/clawhub/skills/{slug}, and POST /api/clawhub/install/{slug}. See Cost, audit, ClawHub & credentials API.

`[sop]` — Standard Operating Procedures

The [sop] section enables the SOP engine for structured, multi-step procedure execution. For the SOP syntax, triggers, and execution model, see SOP reference.

[sop]
enabled = true

Next steps

Configuration overview Config file location, precedence, and the full section map.

Config: provider, agent & routing Provider/model keys, the agent loop, pacing, routing, and reliability.

Config: channels, tools & integrations Per-channel and per-tool configuration sections.

Security model How autonomy, policy, pairing, and the audit log fit together.

Kumiho setup Stand up graph memory in cloud or self-hosted CE mode.

Expose your gateway with a tunnel Cloudflare, Tailscale, ngrok, Pinggy, OpenVPN, and custom tunnels.

Config: gateway, memory, security & platform

[gateway] — HTTP gateway server

[tunnel] — public exposure

[proxy] — outbound HTTP/HTTPS/SOCKS5 proxy

[memory] — memory backend

[kumiho] — graph memory integration

Community Edition (local) mode

[operator] — multi-agent orchestration MCP

[mcp] — external MCP server connections

Security & autonomy

[autonomy] — policy & access control

[security.otp] — one-time-password gating

[security.estop] — emergency stop

[secrets] — at-rest encryption

[trust] — domain trust scoring

[verifiable_intent] — commerce gating

[workspace] — multi-client isolation

Hardware & nodes

[hardware] — microcontroller integration

[peripherals] — peripheral boards

[nodes] and [node_transport] — dynamic node discovery

Platform subsystems

[storage] — persistent storage provider

[cost] — cost tracking & budgets

[observability] — metrics & tracing

[scheduler], [cron] & [heartbeat]

[hooks] — lifecycle & audit hooks

[skills] — skill loading & self-improvement

[agents.<name>], [swarms.<name>] & [delegate]

[clawhub] — skill marketplace

[sop] — Standard Operating Procedures

Next steps

Get started

Core concepts

Guides

CLI reference

Gateway API

Dashboard

Channels

Providers & models

Tools

Memory

Workflows & SOP

Cron & scheduling

Security & audit

Deployment & ops

Hardware

MCP & extensibility

Ecosystem

Reference