-
Notifications
You must be signed in to change notification settings - Fork 0
Configuration
coopd is configured entirely through environment variables — no config file.
| Variable | Default | Purpose |
|---|---|---|
COOP_DATA_DIR |
~/.coop |
Data directory (vault, redb state, hen workdirs; 0700). |
COOP_LOG |
info |
Tracing filter, e.g. coopd=debug. |
COOP_VAULT + COOP_PASSPHRASE
|
(unset) | Auto-unlock this sealed vault at startup. |
COOP_SANDBOX |
1 |
Set to 0 to disable the per-hen bash OS sandbox (not recommended). |
COOP_MARKET_URL |
https://farm.startcaas.com |
Public Market URL shown in the Farm UI. |
| Variable | Default | Purpose |
|---|---|---|
COOP_API_TOKEN |
(unset) | Bearer token for the API/UI. Required before exposing beyond loopback. Unset = auth disabled. |
COOP_PUBLIC |
(unset) | Set to 1 to accept non-loopback Host/Origin headers (needed for LAN/public binds). |
COOP_LOGIN_MAX_ATTEMPTS |
10 |
Failed /auth/login attempts per client IP per 60s before HTTP 429. |
COOP_MAX_PROMPT_BYTES |
262144 |
Max job/task prompt size in bytes (0 disables); over-size → HTTP 413. |
Auth is opt-in: with COOP_API_TOKEN set, every /api/v1/* request and the UI
must present the token via Authorization: Bearer <token>, a ?token= query
param, or the coop_token cookie (set by the /login page). Healthchecks are
always exempt.
A Hen's brain.provider_id selects where its model API key comes from:
provider_id |
Backend | Notes |
|---|---|---|
vault:<secret> |
Local sealed vault | Default. Unlocked via COOP_PASSPHRASE / /api/v1/vault/unlock. |
azure-kv://<vault>/<secret> |
Azure Key Vault | Fetched over HTTPS at run time; never written to disk. |
Azure Key Vault credentials (env-driven):
| Variable(s) | Auth mode |
|---|---|
AZURE_KEYVAULT_TOKEN |
A pre-acquired AAD bearer token. Not auto-refreshed. |
AZURE_TENANT_ID + AZURE_CLIENT_ID + AZURE_CLIENT_SECRET
|
Service principal (client-credentials); tokens cached automatically. |
AZURE_KEYVAULT_DNS_SUFFIX |
Sovereign-cloud Key Vault suffix (default vault.azure.net). |
AZURE_AUTHORITY_HOST |
Sovereign-cloud AAD authority (default https://login.microsoftonline.com). |
Full walkthrough → BYOK Secrets.
| Variable | Purpose |
|---|---|
COOP_DISCORD_TOKEN |
Bot token. |
COOP_DISCORD_GUILD_ID |
Server (guild) ID. |
COOP_DISCORD_PREFIX |
Command prefix (default !coop). |
COOP_DISCORD_ALLOWED_USERS |
Comma-separated user IDs allowed to dispatch jobs (default-deny). |
See Discord Connector.
The coop CLI talks to COOP_API (default http://127.0.0.1:9700). Set it to
reach a remote daemon. When the daemon has auth enabled, give the CLI the same
token via COOP_API_TOKEN (env) or --token <TOKEN>; it is sent as an
Authorization: Bearer header.
export COOP_API=https://farm.example.com
export COOP_API_TOKEN=… # same value the daemon was started with
coop farm
coop hen listCoop is Apache-2.0 · pre-alpha (v0.1). Authoritative docs live in the repo.
Get started
Operate
Reference