GenosOS configuration is stored as JSON5 at ~/.genosv1/genosos.json. The schema is validated with Zod on every load. You should rarely edit this file directly.
The recommended interface is natural conversation with the agent:
"Set WhatsApp dmPolicy to pairing"
"Add my phone number to the Telegram allowlist"
"Show me the gateway configuration"
"What's the current security configuration?"
"Only let my contacts message me"
config_manage operations, applies type coercion, checks cross-field dependencies, and confirms the result — all in one exchange.
If you are not sure what a setting does, ask the agent: “Describe the channels.telegram.dmPolicy setting.”
Direct access with config_manage
For scripting or advanced use, the config_manage tool (exposed via genosos config) accepts explicit actions against any config path.
Actions
| Action | Description |
|---|
describe <path> | Get guidance, type info, and examples for a path |
set <path> <value> | Set a configuration value (with coercion + validation) |
get <path> | Read the current value at a path |
remove <path> <value> | Remove a value from an array path |
list <section> | List all paths and summaries in a section |
# Describe a path before changing it
genosos config describe channels.discord.dmPolicy
# Set a value
genosos config set channels.telegram.dmPolicy pairing
# Read a value
genosos config get gateway.port
# Remove a value from an array
genosos config remove channels.telegram.allowFrom "+34600000000"
# List all paths in the agents section
genosos config list agents
Coercion and validation
config_manage does not write raw user input. Before every set, it:
- Loads the blueprint for the target path
- Applies type coercion (Discord IDs stay as strings, Telegram IDs follow smart rules)
- Checks cross-field dependencies (e.g.,
dmPolicy=open requires allowFrom=["*"])
- Rejects invalid combinations with an explanation of what to fix
This is the same enforcement layer the agent uses — chat and CLI share one source of truth.
Configuration sections
190 blueprints across 12 files cover every configurable path in GenosOS.
channels.*
Per-channel settings. Each channel has its own sub-namespace.
| Path | Description |
|---|
channels.<id>.dmPolicy | Who can send DMs: open, pairing, allowlist, or closed |
channels.<id>.allowFrom | Allowlist of peer IDs (phone numbers, user IDs, etc.) |
channels.<id>.token | Bot token or API credential |
channels.<id>.enabled | Whether the channel is active |
whatsapp, telegram, discord, slack, signal, imessage, matrix, msteams, googlechat, line, nostr, twitch, and others.
security.*
Vault, Fortress Mode, and WebAuthn configuration.
| Path | Description |
|---|
security.vault.enabled | Master switch for NYXENC1 encryption at rest |
security.vault.autoLockMinutes | Idle timeout before vault locks (default: 30) |
security.fortress.enabled | Full hardening mode (Keychain, buffer zeroing, etc.) |
security.webauthn.enabled | Require Touch ID / WebAuthn for sensitive operations |
gateway.*
Server bind address, port, TLS, and authentication.
| Path | Description |
|---|
gateway.port | Port to listen on (default: 18789) |
gateway.bind | Bind address (loopback, lan, or explicit IP) |
gateway.auth | Authentication mode for the Control UI |
gateway.tls | TLS configuration (cert path, key path) |
The gateway binds to 127.0.0.1 by default. Binding to a public interface without authentication configured is rejected at startup.
agents.*
Agent list, defaults, tool profiles, and subagent delegation.
| Path | Description |
|---|
agents.list | Array of configured agent objects |
agents.defaults.workspace | Default workspace directory for new agents |
agents.defaults.tools | Default tool profile (coding, messaging, minimal, full) |
providers.*
API credentials and custom endpoints for LLM providers.
| Path | Description |
|---|
providers.<id>.apiKey | API key for the provider |
providers.<id>.baseUrl | Custom base URL (for LM Studio, vLLM, etc.) |
anthropic, openai, google, xai, openrouter, together, venice, huggingface, ollama, lmstudio, vllm, litellm, and others.
models.*
Default model selection, fallbacks, and routing.
| Path | Description |
|---|
models.default | Default model identifier |
models.defaultTier | Tier routing: simple, normal, or complex |
models.fallbacks | Ordered fallback chain when the primary is unavailable |
sessions.*
Session retention, send policy, and agent-to-agent ping-pong limits.
| Path | Description |
|---|
sessions.retention | How long to keep session transcripts |
sessions.sendPolicy | Default send behavior for outgoing messages |
sessions.a2a.maxPingPongTurns | Maximum A2A turns per exchange (default: 2, max: 5) |
advanced.*
Environment variables, logging, and plugins.
| Path | Description |
|---|
advanced.env | Environment variable overrides |
advanced.logging.level | Log level (debug, info, warn, error) |
advanced.plugins | Additional plugin paths to load |
Conversational examples
These natural language requests map to config_manage operations behind the scenes:
| You say | What happens |
|---|
| ”Set WhatsApp dmPolicy to pairing” | set channels.whatsapp.dmPolicy pairing |
| ”Add my phone number to the Telegram allowlist” | remove/set channels.telegram.allowFrom ["+34..."] |
| ”Show me the gateway configuration” | list gateway |
| ”What’s the current security configuration?” | list security |
| ”Increase the vault auto-lock timeout to 60 minutes” | set security.vault.autoLockMinutes 60 |
| ”Disable the Slack channel” | set channels.slack.enabled false |
Config file location
The file is JSON5 (comments allowed, trailing commas OK). It is validated against the Zod schema on every load. Edits take effect within 200ms due to the config cache TTL.
The config file may be encrypted at rest if Fortress Mode is enabled. Use genosos vault cat ~/.genosv1/genosos.json to read it, or use genosos config get to inspect individual values.
