# Flynn Configuration # Copy to ~/.config/flynn/config.yaml and customize # Log verbosity: debug | info | warn | error | silent (default: info) # Set to 'debug' to see model fallback details. # log_level: info telegram: bot_token: ${FLYNN_TELEGRAM_TOKEN} allowed_chat_ids: [] # Add your Telegram chat ID # Optional: Signal via signal-cli # signal: # account: "+15551234567" # signal_cli_path: signal-cli # allowed_numbers: [] # Empty = allow all DMs # allowed_group_ids: [] # Empty = no groups # require_mention: true # mention_name: flynn # poll_interval_ms: 5000 # send_timeout_ms: 15000 # Optional: Mattermost # mattermost: # server_url: ${MATTERMOST_SERVER_URL} # bot_token: ${MATTERMOST_BOT_TOKEN} # allowed_channel_ids: [] # Empty = allow all channels (pairing/mention rules still apply) # require_mention: true # mention_name: flynn # poll_interval_ms: 3000 # Optional: Microsoft Teams (Bot Framework) # teams: # app_id: ${TEAMS_APP_ID} # app_password: ${TEAMS_APP_PASSWORD} # allowed_conversation_ids: [] # Empty = allow all conversations # require_mention: true # Optional: Google Chat # google_chat: # service_account_key_file: ~/.config/flynn/google-chat-service-account.json # # or inline via env var expansion: # # service_account_json: ${GOOGLE_CHAT_SERVICE_ACCOUNT_JSON} # webhook_token: ${GOOGLE_CHAT_WEBHOOK_TOKEN} # allowed_space_names: [] # Empty = allow all spaces # require_mention: true # Optional: iMessage via BlueBubbles # bluebubbles: # endpoint: http://localhost:1234 # api_key: ${BLUEBUBBLES_API_KEY} # webhook_token: ${BLUEBUBBLES_WEBHOOK_TOKEN} # allowed_chat_guids: [] # Empty = allow all chats # require_mention: true # mention_name: flynn # Optional: LINE # line: # channel_access_token: ${LINE_CHANNEL_ACCESS_TOKEN} # channel_secret: ${LINE_CHANNEL_SECRET} # allowed_source_ids: [] # Empty = allow all users/groups/rooms # require_mention: true # mention_name: flynn # Optional: Feishu / Lark # feishu: # app_id: ${FEISHU_APP_ID} # app_secret: ${FEISHU_APP_SECRET} # webhook_token: ${FEISHU_WEBHOOK_TOKEN} # allowed_chat_ids: [] # Empty = allow all chats # require_mention: true # mention_name: flynn # endpoint: https://open.feishu.cn # Optional: Zalo # zalo: # oa_access_token: ${ZALO_OA_ACCESS_TOKEN} # webhook_token: ${ZALO_WEBHOOK_TOKEN} # allowed_user_ids: [] # Empty = allow all users # require_mention: true # mention_name: flynn # endpoint: https://openapi.zalo.me server: # Tailscale Serve config (optional). Enable `serve: true` to expose the # gateway to your tailnet via `tailscale serve`. tailscale: serve: false localhost: true port: 18800 # Maximum inbound HTTP request body size (bytes) for webhooks/Gmail push. max_request_body_bytes: 1048576 ws_rate_limit: enabled: true capacity: 30 refill_per_sec: 15 max_violations: 8 violation_window_ms: 10000 # Per-session FIFO lane queue for gateway requests. queue: mode: collect # collect | followup | steer | steer_backlog | interrupt cap: 50 # max queued (pending) requests per session lane overflow: drop_old # drop_old | drop_new debounce_ms: 0 # delay before starting next queued request summarize_overflow: true overrides: channels: {} # e.g. ws: { mode: followup, cap: 10, debounce_ms: 100 } sessions: {} # e.g. ws:vip-user: { mode: interrupt, overflow: drop_new } # Companion-node capability negotiation surface (default disabled). nodes: enabled: false allowed_roles: [companion] feature_gates: {} location: enabled: false push: enabled: false # Local-network service discovery (mDNS/Bonjour). Keep disabled by default. # Requires server.localhost: false so LAN clients can actually connect. discovery: enabled: false service_name: flynn-gateway service_type: _flynn._tcp txt: {} models: # ── Model tiers ──────────────────────────────────────────────────── # Each tier (default, fast, complex, local) defines a primary model. # When an Anthropic tier fails, Flynn automatically tries the same # model via GitHub Models before falling through to the global chain. # # You can override auto-fallback with an inline `fallback:` block: # # default: # provider: anthropic # model: claude-sonnet-4-20250514 # fallback: # ← inline per-tier fallback # provider: openai # model: gpt-4o # # ── Fallback order ───────────────────────────────────────────────── # 1. Primary client for the tier # 2. Auto same-model fallback via GitHub Models (Anthropic tiers only, # skipped when an inline `fallback:` block is present) # 3. Inline `fallback:` client (if configured) # 4. Global fallback_chain (tried in order) # default: provider: anthropic model: claude-sonnet-4-20250514 # auth_mode: auto # auto | api_key | oauth (provider-specific) # use_oauth: false # compat alias for auth_mode: oauth # supports_audio: false # Override native audio detection per tier fast: provider: anthropic model: claude-haiku-4-5-20251001 complex: provider: anthropic model: claude-opus-4-6-20250715 local: provider: ollama model: glm-4.7-flash # ── Global fallback chain ────────────────────────────────────────── # Entries can be tier names (default, fast, complex, local) or keys # from local_providers below. Tried in order after per-tier fallbacks # are exhausted. fallback_chain: [local] # ── Named providers (optional) ───────────────────────────────────── # Define additional providers that can be referenced by name in # fallback_chain. Useful for secondary API accounts or self-hosted # endpoints that aren't tied to a specific tier. # # Use /backend in the TUI to switch between these providers local_providers: ollama: provider: ollama model: glm-4.7-flash endpoint: http://localhost:11434 llamacpp: provider: llamacpp model: gpt-oss-20b endpoint: http://localhost:8080 # # Then reference them in fallback_chain: # fallback_chain: [ollama, llamacpp, local] hooks: confirm: - shell.* - file.write - file.patch log: - web.* - file.read silent: - notify # ── Safety Notes ───────────────────────────────────────────────────── # - Tool policy (tools.profile/allow/deny) controls which tools are available. # - Skills can declare capability permissions in skills//manifest.json under `permissions`. # Those permissions are enforced at runtime when requests are routed into a skill context. # - See: docs/security/SAFE_PERSONAL_AGENT.md # ── Prompt Assembly ─────────────────────────────────────────────────── # Tune how much context Flynn loads into the system prompt. # # prompt: # search_dirs: [] # extra_sections: [] # context_level: normal # minimal | normal | detailed | debug # skills: # # Registry catalog source for discovery and install-by-id: # # local path or HTTPS URL. Can also be set via FLYNN_SKILLS_REGISTRY_SOURCE. # registry_source: ~/.config/flynn/skills-registry.json # # Global installer execution policy. # # disabled: never run installer commands (default) # # enabled: allow command execution only with --execute --confirm # installation_execution: disabled # # Allow shell-based installer runner when --runner shell is requested. # allow_shell_runner: false # # Allowlist command patterns for shell runner (`*` wildcard supported). # # Empty list means no shell commands are allowed. # shell_runner_allowlist: [] # # Governance metadata for shell-runner allowlist and rollout decisions. # shell_runner_governance: # owner: "skills-team" # Required when allow_shell_runner is true # review_cadence_days: 7 # Review `skills rollout-status` at this cadence # promotion_min_success_rate: 0.9 # Rollout threshold for broader enablement # ── Automation ────────────────────────────────────────────────────── # Uncomment and configure any automation sources you need. # automation: # # shared_session: keep one session per cron job/webhook name. # # isolated_job: create a fresh session per cron trigger/webhook request. # delivery_mode: shared_session # cron: # - name: daily-summary # schedule: "0 9 * * *" # message: "Give me a summary of today's tasks" # output: # channel: telegram # peer: "123456789" # # # Optional built-in morning briefing job (auto-registered as a cron job) # daily_briefing: # enabled: false # name: daily-briefing # schedule: "0 8 * * *" # timezone: America/New_York # output: # channel: telegram # peer: "123456789" # model_tier: fast # prompt: | # Create my daily briefing. # Summarize today's calendar, unread/important email, and top pending tasks. # # webhooks: # - name: github-push # secret: "whsec_..." # message: "GitHub push to {{json.repository.full_name}}: {{json.head_commit.message}}" # output: # channel: telegram # peer: "123456789" # # gmail: # enabled: false # credentials_file: ~/.config/flynn/gmail-credentials.json # token_file: ~/.config/flynn/gmail-token.json # # # Optional Pub/Sub delivery # # Push mode: configure a topic and a push subscription that POSTs to /gmail/push # pubsub_topic: projects/your-project/topics/gmail-push # disable_push: false # # # Pull mode: no inbound webhook required (requires Application Default Credentials) # pubsub_subscription_id: projects/your-project/subscriptions/gmail-pull # pubsub_pull_interval: "60s" # pubsub_max_messages: 10 # watch_labels: [INBOX] # poll_interval: "60s" # message: "New email from {{from}}: {{subject}}\n\n{{snippet}}" # output: # channel: telegram # peer: "123456789" # # heartbeat: # enabled: false # interval: "5m" # checks: [gateway, model, channels, memory, disk, process_memory, backup, provider_errors] # notify: # channel: telegram # peer: "123456789" # failure_threshold: 2 # disk_threshold_mb: 100 # process_memory_threshold_mb: 1500 # backup_failure_threshold: 1 # provider_error_rate_threshold: 0.5 # provider_error_min_calls: 5 # ── Backup ────────────────────────────────────────────────────────── # Snapshot sessions.db, vectors.db (optional), and memory/ into a tarball. # If MinIO is enabled, upload with `mc` using ephemeral credentials. # # backup: # enabled: false # # Optional cron schedule (takes precedence over interval), e.g. nightly at 2 AM. # schedule: "0 2 * * *" # interval: "24h" # run_on_start: false # notify: # channel: telegram # peer: "123456789" # failure_threshold: 1 # notify_recovery: true # local_dir: ~/.local/share/flynn/backups # include_vectors: true # minio: # enabled: false # endpoint: localhost:9000 # access_key: ${MINIO_ACCESS_KEY} # secret_key: ${MINIO_SECRET_KEY} # bucket: flynn-backups # prefix: flynn # secure: true # ── Session Lifecycle ─────────────────────────────────────────────── # sessions: # ttl: "30d" # end_summary: # enabled: false # tier: fast # max_messages: 50 # max_input_chars: 20000 # max_tokens: 512 # write_to_memory: true # memory_namespace: session/summaries # ── Audio ──────────────────────────────────────────────────────────── # Configure a Whisper-compatible endpoint for audio transcription. # Models that support native audio input (Gemini, OpenAI, GitHub) will # receive raw audio directly; others fall back to this endpoint. # # For local transcription with whisper.cpp: # docker run -d --name whisper-server -p 18801:8080 \ # ghcr.io/ggml-org/whisper.cpp:main \ # --model /app/models/ggml-base.en.bin \ # --host 0.0.0.0 --port 8080 --convert --language en \ # --inference-path /v1/audio/transcriptions # # audio: # enabled: true # provider: # type: custom # openai, groq, ollama, llamacpp, custom # endpoint: "http://localhost:18801/v1/audio/transcriptions" # api_key: "${WHISPER_API_KEY}" # Optional Bearer token # model: "whisper-1" # Model name (default: whisper-1) # talk_mode: # enabled: false # wake_phrase: "hey flynn" # timeout_ms: 120000 # allow_manual_toggle: true