Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Environment variables

This page covers the day-to-day surface only: identity/profile selection, provider auth, and the handful of VEYYON_* variables that are actually read by the runtime today. Veyyon also reads a large number of PI_* debug/behavior-toggle variables (timing, startup tracing, TUI flags, eval-runtime toggles, and more) that are not day-to-day configuration. For the complete, code-grounded reference — including every provider credential var, precedence chains, and internal toggles — see docs/environment-variables.md.

Location and identity

There is no VEYYON_HOME. The config directory name (not a full path) is overridable, and the active profile is selected by its own variable:

VariablePurpose
VEYYON_CONFIG_DIROverrides the config directory name under $HOME (default .veyyon). Does not accept a full path. Legacy aliases OMP_CONFIG_DIR and PI_CONFIG_DIR are still accepted (first set wins: Veyyon → OMP → PI).
PI_CODING_AGENT_DIRFull override for the agent directory (default ~/<config-dir-name>/agent).
VEYYON_PROFILESelects the active named profile (~/.veyyon/profiles/<name>/agent). Legacy aliases OMP_PROFILE and PI_PROFILE are still accepted.
VEYYON_PACKAGE_DIROverride package directory for bundled assets (Nix/Guix). Legacy OMP_PACKAGE_DIR / PI_PACKAGE_DIR.
VEYYON_NO_PTYSet to 1 to disable PTY-based interactive bash. Legacy OMP_NO_PTY / PI_NO_PTY.
VEYYON_NO_TITLESet to disable auto terminal-title updates. Legacy OMP_NO_TITLE / PI_NO_TITLE.

On Linux, veyyon config init-xdg migrates state under $XDG_DATA_HOME/$XDG_STATE_HOME/$XDG_CACHE_HOME when those are set; unmigrated installs stay under ~/.veyyon. See packages/utils/src/dirs.ts.

There is no separate SQLite-state-directory override; state lives under the resolved agent directory above.

Authentication

Provider BYOK uses each provider’s native key variable — there is no Veyyon-branded API key or access token (a VEYYON_API_KEY/VEYYON_ACCESS_TOKEN legacy alias does not exist in the current runtime). When a provider’s key variable is set, it is used without an interactive sign-in. For providers with OAuth (Anthropic, xAI, Qwen, Cursor, and others), the OAuth token variable takes precedence over the plain API key — see the provider tables below and docs/environment-variables.md.

OAuth sign-in itself is interactive: run /login inside the TUI (or --provider <id> at startup) to open the OAuth selector. There is no veyyon login --with-api-key/--with-access-token CLI subcommand; piping a key into a login command is not part of the shipped CLI surface.

Provider keys

Each model provider reads its own standard key variable (or the name in [model_providers.<id>].env_key for a custom provider). When set, it is used without an interactive sign-in and wins over a stored key.

ProviderVariable
OpenAIOPENAI_API_KEY
AnthropicANTHROPIC_API_KEY (or ANTHROPIC_OAUTH_TOKEN, which takes precedence)
DeepSeekDEEPSEEK_API_KEY
MoonshotMOONSHOT_API_KEY
Z.AIZAI_API_KEY
OpenRouterOPENROUTER_API_KEY
Google GeminiGEMINI_API_KEY
xAIXAI_API_KEY (or XAI_OAUTH_TOKEN, which takes precedence for xai-oauth)
GroqGROQ_API_KEY
MistralMISTRAL_API_KEY
CursorCURSOR_ACCESS_TOKEN

A custom provider uses whatever variable its [model_providers.<id>].env_key names. See Configuration and the full provider table in docs/environment-variables.md (30+ providers, cloud auth chains for Bedrock/Vertex/Azure, and web-search provider keys).

Local and self-hosted providers

VariablePurpose
OLLAMA_BASE_URL / OLLAMA_HOSTOllama discovery base URL (defaults to http://127.0.0.1:11434).
LM_STUDIO_BASE_URLLM Studio discovery base URL (defaults to http://127.0.0.1:1234/v1).
LLAMA_CPP_BASE_URLllama.cpp discovery base URL (defaults to http://127.0.0.1:8080).
LITELLM_BASE_URLLiteLLM proxy base URL fallback (defaults to http://localhost:4000/v1).
PI_EDIT_VARIANTForce edit tool variant: hashline, apply_patch, patch, replace.

There is no VEYYON_OSS_BASE_URL/VEYYON_OSS_PORT; each local backend has its own discovery variable above.

TLS and certificates

VariablePurpose
NODE_EXTRA_CA_CERTSExtra CA bundle (path or inline PEM) merged into the trust root for every provider fetch (OpenAI-compatible, Codex, Ollama, Azure Responses, Google, Anthropic).
CLAUDE_CODE_CLIENT_CERT / CLAUDE_CODE_CLIENT_KEYmTLS client certificate/key, used in Anthropic Foundry gateway mode (CLAUDE_CODE_USE_FOUNDRY=1).

There is no VEYYON_CA_CERTIFICATE or SSL_CERT_FILE support; NODE_EXTRA_CA_CERTS is the real override, honored across providers because Bun’s fetch does not read it natively (Veyyon merges it into RequestInit.tls.ca itself).

Install and updates

VariablePurpose
VEYYON_INSTALL_DIROverrides the install script’s target directory (default ~/.local/bin on Unix, %LOCALAPPDATA%\veyyon on Windows). Legacy alias PI_INSTALL_DIR is still accepted.

There is no VEYYON_NON_INTERACTIVE or VEYYON_INSTALL_URL; the install scripts (scripts/install.sh, scripts/install.ps1) do not read those names today.

MCP

Any MCP server names its own bearer-token secret via [mcp_servers.<name>].bearer_token_env_var in config.yml — this points at any env var you choose (for example plain GITHUB_PERSONAL_ACCESS_TOKEN), not a fixed VEYYON_* name. There is no VEYYON_GITHUB_PERSONAL_ACCESS_TOKEN or VEYYON_CONNECTORS_TOKEN convention in the current runtime.

VariablePurpose
VEYYON_MCP_TIMEOUT_MSOverrides the MCP client request timeout (ms) for every server; 0 disables client-side timeouts. Default 30000. Legacy alias OMP_MCP_TIMEOUT_MS.

See Configuration for bearer_token_env_var examples.

Remote auth broker (optional)

Real, shipped VEYYON_* variables that switch credential resolution from local SQLite to a remote broker host:

VariablePurpose
VEYYON_AUTH_BROKER_URLBase URL of the remote auth-broker; selects broker mode. Legacy alias OMP_AUTH_BROKER_URL.
VEYYON_AUTH_BROKER_TOKENBearer token sent to the broker. Legacy alias OMP_AUTH_BROKER_TOKEN.
VEYYON_AUTH_BROKER_SNAPSHOT_TTL_MSFreshness window (ms) for the encrypted local snapshot cache; default 3600000.
VEYYON_AUTH_BROKER_SNAPSHOT_CACHEPath to the encrypted local snapshot cache.

Most installs never set these. Details: docs/auth-broker-gateway.md.

Repair

VariablePurpose
VEYYON_REPAIR_DISABLETruthy disables the shipped tool-call schema repair (see Repair overview) at the tool-dispatch seam.

There is no VEYYON_REPAIR_LOG; per-(model,tool,shape) repair telemetry is Spec — not shipped.

Terminal behavior

VariablePurpose
NO_COLORWhen set (to any value), Veyyon renders without color; hierarchy comes through emphasis, spacing, and glyphs instead.
TERM / COLORTERMRead to detect terminal capabilities (truecolor, ANSI-256, ANSI-16) and pick the matching palette mapping.
PI_HARDWARE_CURSORTruthy enables hardware cursor mode.
PI_TUI_WRITE_LOGWhen set, logs TUI writes to the given file (debugging).

There is no VEYYON_TUI_DISABLE_KEYBOARD_ENHANCEMENT, VEYYON_TUI_RECORD_SESSION, or VEYYON_TUI_SESSION_LOG_PATH; see docs/environment-variables.md for the real PI_*-prefixed TUI flags.

Removed / does not exist

NameStatus
VEYYON_HOMENever existed. Config location is VEYYON_CONFIG_DIR (dirname override, legacy OMP_CONFIG_DIR/PI_CONFIG_DIR) + optional XDG migration, not a single home-path variable.
VEYYON_SQLITE_HOMENever existed. No separate SQLite-state override; state lives under the resolved agent directory.
VEYYON_API_KEY / VEYYON_ACCESS_TOKENNever existed as a Veyyon-branded credential; use each provider’s native key variable.
VEYYON_AUTHAPI_BASE_URLNever existed. The ChatGPT AuthAPI host used by personal-access-token whoami is not overridable via env today.
VEYYON_APP_SERVER_LOGIN_ISSUERBelonged to the removed app-server daemon; no equivalent exists in this runtime.
VEYYON_MANAGED_BY_NPM / VEYYON_MANAGED_BY_BUN / VEYYON_MANAGED_PACKAGE_ROOTNever existed.
VEYYON_SANDBOX / VEYYON_SANDBOX_NETWORK_DISABLED / VEYYON_THREAD_IDNever existed under these names.

Config values can also be overridden per run with -c key=value, which is usually clearer than an environment variable; see the CLI reference.