Environment Variables
Environment variables AGH reads, injects, propagates, and explicitly does not support.
- Audience
- Operators running durable agent work
- Focus
- Configuration guidance shaped for scanability, day-two clarity, and operator context.
AGH reads a small core set of environment variables, injects session identity into managed agent subprocesses, and lets some extension providers use process-level overrides.
Precedence
| Source | Applies to | Precedence |
|---|---|---|
| Process environment | All AGH commands and daemon startup. | Base environment. |
<workspace>/.env | Config loads that include a workspace root. | Loaded before $AGH_HOME is resolved. Does not override variables already set by the process loader. |
config.toml | Runtime config values. | Used for AGH config. There is no AGH_CONFIG or AGH_LOG_LEVEL override today. |
| Managed session env injection | Agent subprocesses. | Starts from daemon environment, sets AGH session variables, sets AGH_BIN, and prepends the daemon binary directory to PATH. |
| Hook subprocess env | Hook subprocesses. | Starts from an allowlist of parent env vars, then applies hook env overrides. |
Core Variables AGH Reads
| Variable | Type | Default | Valid values | Description |
|---|---|---|---|---|
AGH_HOME | path | ~/.agh | Non-empty path. | Overrides the global AGH home directory. If a workspace .env sets it, that value can affect config loading for that workspace before home paths are resolved. |
AGH_DEV_VERIFY_BOUNDARIES | boolean string | unset | 1, true, or yes enable boundary verification. | Development-only daemon boundary import verification toggle. |
GITHUB_TOKEN | token string | unset | Non-empty token. | Used by the GitHub registry client for private repositories and higher rate limits. |
Provider credential variables
Provider config binds launch-time credentials only when a provider uses
auth_mode = "bound_secret". Each credential_slots entry names a target environment variable and
resolves its value from either env:NAME or an encrypted AGH secret ref such as
vault:providers/openrouter/api-key. AGH injects only the bound value into the provider
subprocess.
Direct ACP providers such as Claude Code, OpenClaw, Hermes, Codex, Gemini CLI, OpenCode, Kimi CLI,
Qoder, and similar CLIs use auth_mode = "native_cli" by default. The direct pi provider also
uses Pi's /login and auth file by default. Wrapped API-key providers such as OpenRouter, z.ai,
Moonshot/Kimi, Vercel AI Gateway, xAI, MiniMax, Mistral, and Groq default to
auth_mode = "bound_secret": AGH exposes them directly, launches Pi under the hood, and injects
the configured provider key.
| Variable | Default provider | Default | Valid values | Description |
|---|---|---|---|---|
ANTHROPIC_API_KEY | pi | unset | Provider-specific token. | Optional Pi-owned env credential for direct pi, or an explicit bound-secret target. |
OPENROUTER_API_KEY | openrouter | unset | Provider-specific token. | Default AGH-managed credential target for the OpenRouter wrapper. |
ZAI_API_KEY | zai | unset | Provider-specific token. | Default AGH-managed credential target for the z.ai wrapper. |
KIMI_API_KEY | moonshot | unset | Provider-specific token. | Default AGH-managed credential target for the Moonshot/Kimi wrapper. |
AI_GATEWAY_API_KEY | vercel-ai-gateway | unset | Provider-specific token. | Default AGH-managed credential target for the Vercel AI Gateway wrapper. |
XAI_API_KEY | xai | unset | Provider-specific token. | Default AGH-managed credential target for the xAI wrapper. |
MINIMAX_API_KEY | minimax | unset | Provider-specific token. | Default AGH-managed credential target for the MiniMax wrapper. |
MISTRAL_API_KEY | mistral | unset | Provider-specific token. | Default AGH-managed credential target for the Mistral wrapper. |
GROQ_API_KEY | groq | unset | Provider-specific token. | Default AGH-managed credential target for the Groq wrapper. |
AGH_VAULT_KEY can override the daemon-local Vault encryption key. When it is unset, AGH creates
$AGH_HOME/vault.key with 0600 permissions the first time it needs to encrypt or decrypt a
vault-backed secret.
Use Vault for AGH-managed encrypted values that should be
written through CLI, HTTP, UDS, or web surfaces. Use env:NAME when the service manager or shell
that starts the daemon should remain the source of truth for the secret value.
Automation Webhook Secrets
Config-defined webhook triggers require [[automation.triggers]].webhook_secret_ref. Use env:NAME
for operator-managed environment variables or vault:automation/... for AGH-managed encrypted
secrets.
Variable named by env: ref | Type | Default | Valid values | Description |
|---|---|---|---|---|
AGH_DEPLOY_WEBHOOK_SECRET example | string | none | Must exist and be non-empty when the ref is resolved. | Secret used to validate config-defined automation webhooks. |
Example:
[[automation.triggers]]
scope = "global"
name = "deploy-webhook"
agent = "release"
prompt = "Handle deploy webhook {{ .Kind }}."
event = "webhook"
endpoint_slug = "deploy"
webhook_secret_ref = "env:AGH_DEPLOY_WEBHOOK_SECRET"export AGH_DEPLOY_WEBHOOK_SECRET="replace-with-secret"Variables AGH Injects Into Agent Sessions
Managed ACP agent subprocesses start from the provider's env_policy. filtered inherits the
daemon environment after removing secret-shaped variables; isolated keeps only a fixed
operational allowlist. AGH then applies these changes:
| Variable | Type | Default | Valid values | Description |
|---|---|---|---|---|
AGH_SESSION_ID | string | set for every managed session | Session ID. | Injected into the agent process and read by agh whoami. |
AGH_AGENT | string | resolved agent name | Agent name. | Injected for agent identity metadata. |
AGH_AGENT_NAME | string | resolved agent name | Agent name. | Injected for agent identity metadata. |
AGH_PROVIDER | string | resolved provider id | Provider id. | Injected for provider-aware tools and diagnostics. |
AGH_PROVIDER_HARNESS | string | resolved provider harness | acp, pi_acp. | Injected for provider-aware tools and diagnostics. |
AGH_PROVIDER_AUTH_MODE | string | resolved provider auth mode | native_cli, bound_secret, none. | Identifies whether auth is native CLI, AGH-bound secret, or none. |
AGH_PROVIDER_ENV_POLICY | string | resolved provider env policy | filtered, isolated. | Identifies which daemon environment policy was used. |
AGH_PROVIDER_HOME_POLICY | string | resolved provider home policy | operator, isolated. | Identifies whether the provider uses operator or isolated home state. |
AGH_MODEL | string | resolved model | Provider model string. | Injected for provider-aware tools and diagnostics. |
PROVIDER_HOME | path | set only when home_policy = "isolated" | AGH-owned provider home. | Points generic provider CLIs at $AGH_HOME/providers/<provider>. |
HOME | path | provider home when isolated, otherwise parent. | Existing path. | Redirected to provider home only for isolated provider-home launches. |
XDG_CONFIG_HOME | path | set only when provider home is isolated | Provider config directory. | Generic config location under the isolated provider home. |
XDG_DATA_HOME | path | set only when provider home is isolated | Provider data directory. | Generic data location under the isolated provider home. |
XDG_CACHE_HOME | path | set only when provider home is isolated | Provider cache directory. | Generic cache location under the isolated provider home. |
CLAUDE_CONFIG_DIR | path | set only for isolated claude providers | Provider Claude config directory. | Points Claude Code at isolated AGH-owned auth/config state. |
CODEX_HOME | path | set only for isolated codex providers | Provider Codex home directory. | Points Codex at isolated AGH-owned auth/config state. |
PROVIDER_CODEX_HOME | path | set only for isolated codex providers | Provider Codex home directory. | Mirrors CODEX_HOME for QA and provider-launch diagnostics. |
OPENCODE_CONFIG_DIR | path | set only for isolated opencode providers | Provider OpenCode config directory. | Points OpenCode at isolated AGH-owned auth/config state. |
PI_CODING_AGENT_DIR | path | set for native Pi isolated home or Pi-backed bound_secret sessions | Pi auth/config directory. | Points Pi at the isolated native auth store or bound-secret runtime config. |
AGH_SESSION_CHANNEL | string | unset unless the session has a network channel | Network channel name. | Injected for channel sessions. Stale values are removed for non-channel sessions. |
AGH_PEER_ID | string | unset unless the session has a network channel | <agent-name>.<session-id> | Injected for channel sessions. Stale values are removed for non-channel sessions. |
AGH_BIN | absolute path | current AGH executable | Existing executable path. | Injected into ACP provider subprocesses so agents can call the same AGH binary. |
PATH | path list | inherited or allowlisted | Path list for the operating system. | The directory containing AGH_BIN is prepended and duplicate entries are removed. |
Hook Subprocess Environment
Hook subprocesses do not inherit the full daemon environment. They inherit an allowlist and then
apply explicit hook env values from config, AGENT.md, or SKILL.md.
| Variable | Type | Default | Valid values | Description |
|---|---|---|---|---|
COMSPEC | string | inherited if set | Any string. | Windows command processor environment. |
HOME | path | inherited if set | Path. | User home. |
LANG | string | inherited if set | Locale string. | Locale. |
LC_ALL | string | inherited if set | Locale string. | Locale override. |
LC_CTYPE | string | inherited if set | Locale string. | Character classification locale. |
LOGNAME | string | inherited if set | User name. | Login name. |
PATH | path list | inherited if set | Path list. | Executable lookup path for hook commands. |
PATHEXT | string | inherited if set | Windows extension list. | Windows executable extension lookup. |
SHELL | path | inherited if set | Shell path. | User shell. |
SYSTEMROOT | path | inherited if set | Windows system root. | Windows system root. |
TEMP | path | inherited if set | Path. | Temporary directory. |
TERM | string | inherited if set | Terminal type. | Terminal metadata. |
TMP | path | inherited if set | Path. | Temporary directory. |
TMPDIR | path | inherited if set | Path. | Temporary directory. |
USER | string | inherited if set | User name. | User account. |
USERPROFILE | path | inherited if set | Windows profile path. | Windows user profile. |
Explicit hook env values override inherited values with the same key.
Bridge Provider Variables
Bridge providers are extension runtimes, not config.toml sections. These environment variables
act as process-level defaults or test hooks for provider binaries.
| Variable | Provider | Default | Valid values | Description |
|---|---|---|---|---|
AGH_BRIDGE_DISCORD_LISTEN_ADDR | Discord | provider config value | Host and port string. | Default Discord webhook listener address. |
AGH_BRIDGE_DISCORD_API_BASE_URL | Discord | Discord API default | URL. | Discord API base URL override. |
AGH_BRIDGE_GITHUB_LISTEN_ADDR | GitHub | provider config value | Host and port string. | Default GitHub webhook listener address. |
AGH_BRIDGE_GITHUB_API_BASE_URL | GitHub | GitHub API default | URL. | GitHub API base URL override. |
AGH_BRIDGE_GCHAT_LISTEN_ADDR | Google Chat | provider config value | Host and port string. | Default Google Chat webhook listener address. |
AGH_BRIDGE_GCHAT_API_BASE_URL | Google Chat | Google Chat API default | URL. | Google Chat API base URL override. |
AGH_BRIDGE_GCHAT_AUTH_URL | Google Chat | Google OAuth token URL | URL. | Google Chat auth endpoint override. |
AGH_BRIDGE_GCHAT_DIRECT_CERTS_URL | Google Chat | Google direct-message cert URL | URL. | Direct-message certificate URL override. |
AGH_BRIDGE_GCHAT_PUBSUB_CERTS_URL | Google Chat | Google Pub/Sub cert URL | URL. | Pub/Sub certificate URL override. |
AGH_BRIDGE_LINEAR_LISTEN_ADDR | Linear | provider config value | Host and port string. | Default Linear webhook listener address. |
AGH_BRIDGE_LINEAR_API_BASE_URL | Linear | Linear API default | URL. | Linear API base URL override. |
AGH_BRIDGE_LINEAR_TOKEN_URL | Linear | Linear OAuth token URL | URL. | Linear OAuth token endpoint override. |
AGH_BRIDGE_SLACK_LISTEN_ADDR | Slack | provider config value | Host and port string. | Default Slack webhook listener address. |
AGH_BRIDGE_SLACK_API_BASE_URL | Slack | Slack API default | URL. | Slack API base URL override. |
AGH_BRIDGE_TEAMS_LISTEN_ADDR | Teams | provider config value | Host and port string. | Default Teams webhook listener address. |
AGH_BRIDGE_TEAMS_OPENID_METADATA_URL | Teams | Microsoft OpenID metadata URL | URL. | Teams OpenID metadata endpoint override. |
AGH_BRIDGE_TEAMS_TOKEN_URL | Teams | Microsoft OAuth token URL | URL. | Teams OAuth token endpoint override. |
AGH_BRIDGE_TELEGRAM_LISTEN_ADDR | Telegram | provider config value | Host and port string. | Default Telegram webhook listener address. |
AGH_BRIDGE_TELEGRAM_API_BASE_URL | Telegram | Telegram API default | URL. | Telegram API base URL override. |
AGH_BRIDGE_WHATSAPP_LISTEN_ADDR | provider config value | Host and port string. | Default WhatsApp webhook listener address. | |
AGH_BRIDGE_WHATSAPP_API_BASE_URL | WhatsApp API default | URL. | WhatsApp API base URL override. |
Bridge adapter harness variables are read by bridge binaries for integration and lifecycle marker paths:
AGH_BRIDGE_ADAPTER_HANDSHAKE_PATH
AGH_BRIDGE_ADAPTER_OWNERSHIP_PATH
AGH_BRIDGE_ADAPTER_STATE_PATH
AGH_BRIDGE_ADAPTER_DELIVERY_PATH
AGH_BRIDGE_ADAPTER_INGEST_PATH
AGH_BRIDGE_ADAPTER_STARTS_PATH
AGH_BRIDGE_ADAPTER_SHUTDOWN_PATH
AGH_BRIDGE_ADAPTER_CRASH_ONCE_PATHNot Supported As Environment Overrides
These names are common guesses or appear in older task notes, but current AGH code does not read them as runtime configuration variables.
| Variable | Status | Use instead |
|---|---|---|
AGH_CONFIG | Not read. | Put global config at $AGH_HOME/config.toml and workspace config at <workspace>/.agh/config.toml. |
AGH_LOG_LEVEL | Not read. | Set [log].level in config.toml. |
VITE_AGH_API_URL | Not read by AGH runtime code. | It is listed as a Turbo build cache input, not a daemon config variable. |
Related Pages
- config.toml documents config fields that replace env overrides.
- File Locations documents
$AGH_HOMEand workspace paths. - Bridge Overview explains bridge instances and provider runtime behavior.