Skip to main content
Risoluto’s configuration is layered with this merge order (last wins):
  1. Built-in defaults — from Zod schemas in src/config/schemas/
  2. Persistent overlay~/.risoluto/config/overlay.yaml (or $DATA_DIR/config/overlay.yaml)
  3. Environment variables and $SECRET:name resolution at runtime

Managing Configuration

# View effective (merged) config
curl -s http://127.0.0.1:4000/api/v1/config

# View overlay only
curl -s http://127.0.0.1:4000/api/v1/config/overlay

# Update overlay (deep merge)
curl -s -X PUT http://127.0.0.1:4000/api/v1/config/overlay \
  -H 'Content-Type: application/json' \
  -d '{"codex":{"model":"gpt-5.4","reasoningEffort":"high"}}'

# Patch a single path
curl -s -X PATCH http://127.0.0.1:4000/api/v1/config/overlay/agent.maxConcurrentAgents \
  -H 'Content-Type: application/json' \
  -d '{"value": 5}'

# Delete an overlay key
curl -s -X DELETE http://127.0.0.1:4000/api/v1/config/overlay/codex.personality

# View config schema (JSON Schema)
curl -s http://127.0.0.1:4000/api/v1/config/schema
Overlay changes via the API or dashboard are persisted to disk and survive restarts. You never need to restart Risoluto after a config change — the orchestrator reloads automatically.

Configuration Sections

KeyTypeDefaultDescription
server.portnumber4000HTTP server port
polling.intervalMsnumber15000Tracker polling interval in milliseconds
KeyTypeDefaultDescription
tracker.kindstring"linear"Tracker provider ("linear" or "github")
tracker.apiKeystring""Tracker API key (prefer $SECRET:LINEAR_API_KEY)
tracker.endpointstring"https://api.linear.app/graphql"Tracker GraphQL endpoint
tracker.projectSlugstringnullLinear project slug to watch
tracker.ownerstring""GitHub owner (when kind: "github")
tracker.repostring""GitHub repo (when kind: "github")
tracker.activeStatesstring[]["Backlog", "Todo", "In Progress"]States that trigger agent dispatch
tracker.terminalStatesstring[]["Done", "Canceled"]States that mark issues as complete
KeyTypeDefaultDescription
agent.maxConcurrentAgentsnumber10Maximum simultaneous agent workers
agent.maxConcurrentAgentsByStateobject{}Per-state concurrency limits (e.g. {"In Progress": 3})
agent.maxTurnsnumber20Max conversation turns per agent run
agent.maxRetryBackoffMsnumber300000Maximum retry backoff (5 min)
agent.maxContinuationAttemptsnumber5Max continuation turns after initial run
agent.successStatestringnullLinear state to transition to on success
agent.stallTimeoutMsnumber1200000Agent stall detection timeout (20 min)
agent.preflightCommandsstring[][]Shell commands to run before each agent turn
KeyTypeDefaultDescription
codex.commandstring"codex app-server"Command to start the Codex agent
codex.modelstring"gpt-5.4"Model identifier
codex.reasoningEffortenum"high"none, minimal, low, medium, high, xhigh
codex.personalitystring"friendly"Agent personality/tone
codex.selfReviewbooleanfalseEnable agent self-review before completing
codex.structuredOutputbooleanfalseEnable structured output mode
codex.approvalPolicystring|objectreject allTool call approval policy
codex.threadSandboxstring"workspace-write"Thread-level sandbox policy
codex.turnSandboxPolicyobject{type: "workspaceWrite"}Per-turn sandbox policy
Timeouts:
KeyTypeDefaultDescription
codex.readTimeoutMsnumber5000JSON-RPC read timeout
codex.turnTimeoutMsnumber3600000Max duration per turn (1 hour)
codex.drainTimeoutMsnumber2000Drain timeout on shutdown
codex.startupTimeoutMsnumber30000Container startup timeout (30s)
codex.stallTimeoutMsnumber300000Per-turn stall detection (5 min)
Authentication:
KeyTypeDefaultDescription
codex.auth.modeenum"api_key"api_key or openai_login
codex.auth.sourceHomestring"~/.codex"Path to Codex auth credentials
KeyTypeDefaultDescription
codex.sandbox.imagestring"risoluto-codex:latest"Docker image for worker containers
codex.sandbox.networkstring""Docker network name
codex.sandbox.extraMountsstring[][]Extra bind mounts
codex.sandbox.envPassthroughstring[][]Env vars forwarded to containers
codex.sandbox.egressAllowliststring[][]Allowed egress domains
Resources:
KeyTypeDefaultDescription
codex.sandbox.resources.memorystring"4g"Memory limit
codex.sandbox.resources.memoryReservationstring"1g"Guaranteed memory
codex.sandbox.resources.memorySwapstring"4g"Swap limit
codex.sandbox.resources.cpusstring"2.0"CPU limit
codex.sandbox.resources.tmpfsSizestring"512m"tmpfs mount size
Security:
KeyTypeDefaultDescription
codex.sandbox.security.noNewPrivilegesbooleantrue--security-opt=no-new-privileges
codex.sandbox.security.dropCapabilitiesbooleantrueDrop all Linux capabilities
codex.sandbox.security.gvisorbooleanfalseEnable gVisor runtime
codex.sandbox.security.seccompProfilestring""Custom seccomp profile path
Logging:
KeyTypeDefaultDescription
codex.sandbox.logs.driverstring"json-file"Docker log driver
codex.sandbox.logs.maxSizestring"50m"Max log file size
codex.sandbox.logs.maxFilenumber3Max number of log files
KeyTypeDefaultDescription
workspace.rootstring"../risoluto-workspaces"Root directory for issue workspaces
workspace.strategyenum"directory"Isolation strategy: directory (clone) or worktree (git worktree)
workspace.branchPrefixstring"risoluto/"Branch name prefix for agent branches
Hooks:
KeyTypeDefaultDescription
workspace.hooks.afterCreatestringnullShell command after workspace creation
workspace.hooks.beforeRunstringnullShell command before each agent run
workspace.hooks.afterRunstringnullShell command after each agent run
workspace.hooks.beforeRemovestringnullShell command before workspace removal
workspace.hooks.timeoutMsnumber60000Hook execution timeout (1 min)
KeyTypeDefaultDescription
notifications.slack.webhookUrlstringSlack incoming webhook URL
notifications.slack.verbosityenum"critical"off, critical, verbose
See the Notifications guide for event types and severity levels.
KeyTypeDefaultDescription
webhook.webhookUrlstringHTTPS-only webhook URL (enables webhook mode)
webhook.webhookSecretstringHMAC signing secret for verification
webhook.pollingBaseMsnumber15000Polling interval when webhook is healthy
webhook.pollingStretchMsnumber120000Polling interval stretched when webhook active
webhook.healthCheckIntervalMsnumber300000Health check interval (5 min)
KeyTypeDefaultDescription
github.tokenstringGitHub Personal Access Token
github.apiBaseUrlstring"https://api.github.com"GitHub API endpoint (for GHES)

Secrets Management

Secrets are stored in an AES-256-GCM encrypted store, separate from config: 
curl -s -X POST http://127.0.0.1:4000/api/v1/secrets/SLACK_WEBHOOK_URL \
  -H 'Content-Type: application/json' \
  -d '{"value":"https://hooks.slack.com/services/..."}'
Keep secrets out of committed files. Use $SECRET:name references in config or environment variable expansion like $LINEAR_API_KEY.

Environment Variables

VariableRequiredDefaultDescription
LINEAR_API_KEYYesLinear API key
LINEAR_PROJECT_SLUGYesLinear project to watch
MASTER_KEYYesEncryption key for secrets store
OPENAI_API_KEYNoOpenAI API key (alternative to Codex auth)
GITHUB_TOKENNoGitHub PAT for PR creation
DATA_DIRNo~/.risolutoRoot directory for archives and config
RISOLUTO_BINDNo127.0.0.1HTTP bind address
RISOLUTO_WRITE_TOKENNoBearer token for remote API writes
LOG_LEVELNoinfoLog verbosity
DISPATCH_MODENolocallocal or remote dispatch mode
DISPATCH_URLNoData plane URL (when DISPATCH_MODE=remote)
DISPATCH_SHARED_SECRETNoShared secret for control/data plane auth

What’s Next

Dashboard

Explore the real-time dashboard views.

Security

Harden your deployment with network controls and sandbox policies.
Last modified on March 31, 2026