Reference

Configuration

Everything SlyCode needs lives in the workspace folder the scaffolder creates. Two files carry the settings: slycode.config.js for host, ports, and service toggles, and .env for secrets and integrations. Per-project data stays in each project's own directory.

The workspace folder

npx @slycode/create-slycode slycode creates the folder SlyCode runs from. It is not one of your projects; it holds SlyCode's own configuration and state:

  • Config: slycode.config.js and .env, both created by the setup wizard.
  • Data files: provider configs, project registry, settings, and other service state under data/ and projects/.
  • Skills and the store: the skills and actions that ship with SlyCode, refreshed by slycode sync and slycode update.

The CLI finds the workspace through the SLYCODE_HOME environment variable, then ~/.slycode/config.json (written by the scaffolder), then by walking up from the current directory looking for slycode.config.js. You rarely set this by hand.

slycode.config.js

The main config file, created by the scaffold. It holds three groups of keys:

  • host: the address the web dashboard binds to. Default 127.0.0.1. An explicit value in the file always wins over the default.
  • ports: ports.web, ports.bridge, and ports.messaging (defaults 7591, 7592, 7593).
  • services: boolean toggles for services.web, services.bridge, and services.messaging.

Edit it with the slycode config command rather than by hand. It handles nested keys and coerces types (ports to integers, service toggles to booleans):

terminal
slycode config                    # view the full config
slycode config ports.web          # read one key
slycode config ports.web 8080     # set a value
slycode config host 0.0.0.0       # expose the dashboard on your network

Restart with slycode restart for changes to take effect.

.env

Secrets and integrations live in .env in the workspace root, seeded by the setup wizard. The main variables:

  • TZ: IANA timezone used to evaluate cron schedules for automations. Defaults to UTC if unset.
  • TELEGRAM_BOT_TOKEN / TELEGRAM_USER_ID: enable the Telegram messaging channel. The messaging service only runs when a channel token is present.
  • STT_BACKEND: speech-to-text backend for voice messages: openai (default), aws-transcribe, or local.
  • OPENAI_API_KEY: required when STT_BACKEND=openai.
  • ELEVENLABS_API_KEY: enables voice replies (text-to-speech).
.env
TZ=America/New_York

TELEGRAM_BOT_TOKEN=your-bot-token
TELEGRAM_USER_ID=your-telegram-user-id

STT_BACKEND=openai
OPENAI_API_KEY=your-openai-api-key
ELEVENLABS_API_KEY=your-elevenlabs-api-key

Services and ports

ServiceDefault portWhat it does
Web7591The dashboard: kanban boards, terminals, settings.
Bridge7592Manages the PTY sessions that run the AI agents.
Messaging7593Telegram channel and voice pipeline. Only runs when a channel token is set in .env.

Ports come from slycode.config.js. Change them with slycode config ports.web 8080 and so on.

Network binding and security

SlyCode is local-only out of the box. The web dashboard binds 127.0.0.1 by default; binding 0.0.0.0 to reach it from other devices is an explicit opt-in, either in the setup wizard or later with slycode config host 0.0.0.0.

  • Password required. The dashboard asks you to set a password on first launch. That password is what makes exposing the web UI safe.
  • Local reset. slycode reset-password clears the password and signs out all sessions. It needs no network access, so you can never be permanently locked out.
  • HTTPS when exposed. SlyCode does not provision certificates. If you expose the dashboard beyond localhost, serve it over HTTPS with a reverse proxy or tailscale serve.

Provider configuration

data/providers.json defines how SlyCode launches each AI agent: the CLI command, permission and resume flags, the model list shown in the terminal's model picker, and which instruction file the agent reads in a project. Claude reads CLAUDE.md, Codex reads AGENTS.md (falling back to CODEX.md), and Gemini reads GEMINI.md.

Defaults are a single global setting (provider, permissions, and an optional model) with per-project overrides. Resolution checks the project override first, then the global default. You edit all of this from the dashboard; you rarely need to touch the file directly. slycode sync and slycode update refresh provider templates while preserving your defaults.

Where card data lives

Card data is per project, not centralized in the workspace. Each project keeps:

  • documentation/kanban.json: the live board, a flat card list across the five stages.
  • documentation/events.json: the activity log that feeds the dashboard's activity feed, capped at 100 entries.
  • documentation/kanban-archive.json: cold storage for archived cards, same shape as the board file, so the hot file stays small no matter how much history accumulates.

These files are human-readable JSON and safe to read or diff in git, but manage them through the dashboard or the sly-kanban CLI rather than hand-editing. Both write paths use atomic writes and keep counters consistent.

Next steps

  • Multi-provider setup: defaults, per-project overrides, and running Claude, Codex, and Gemini side by side.
  • Troubleshooting: what to check when a service will not start, beginning with slycode doctor.