Configuration
Everything SlyCode needs lives in the workspace folder the scaffolder creates. Two files carry the settings: slycode.config.js for host, ports, and service toggles, and .env for secrets and integrations. Per-project data stays in each project's own directory.
The workspace folder
npx @slycode/create-slycode slycode creates the folder SlyCode runs from. It is not one of your projects; it holds SlyCode's own configuration and state:
- Config:
slycode.config.jsand.env, both created by the setup wizard. - Data files: provider configs, project registry, settings, and other service state under
data/andprojects/. - Skills and the store: the skills and actions that ship with SlyCode, refreshed by
slycode syncandslycode update.
The CLI finds the workspace through the SLYCODE_HOME environment variable, then ~/.slycode/config.json (written by the scaffolder), then by walking up from the current directory looking for slycode.config.js. You rarely set this by hand.
slycode.config.js
The main config file, created by the scaffold. It holds three groups of keys:
host: the address the web dashboard binds to. Default127.0.0.1. An explicit value in the file always wins over the default.ports:ports.web,ports.bridge, andports.messaging(defaults 7591, 7592, 7593).services: boolean toggles forservices.web,services.bridge, andservices.messaging.
Edit it with the slycode config command rather than by hand. It handles nested keys and coerces types (ports to integers, service toggles to booleans):
slycode config # view the full config
slycode config ports.web # read one key
slycode config ports.web 8080 # set a value
slycode config host 0.0.0.0 # expose the dashboard on your networkRestart with slycode restart for changes to take effect.
.env
Secrets and integrations live in .env in the workspace root, seeded by the setup wizard. The main variables:
TZ: IANA timezone used to evaluate cron schedules for automations. Defaults to UTC if unset.TELEGRAM_BOT_TOKEN/TELEGRAM_USER_ID: enable the Telegram messaging channel. The messaging service only runs when a channel token is present.STT_BACKEND: speech-to-text backend for voice messages:openai(default),aws-transcribe, orlocal.OPENAI_API_KEY: required whenSTT_BACKEND=openai.ELEVENLABS_API_KEY: enables voice replies (text-to-speech).
TZ=America/New_York
TELEGRAM_BOT_TOKEN=your-bot-token
TELEGRAM_USER_ID=your-telegram-user-id
STT_BACKEND=openai
OPENAI_API_KEY=your-openai-api-key
ELEVENLABS_API_KEY=your-elevenlabs-api-keyServices and ports
| Service | Default port | What it does |
|---|---|---|
| Web | 7591 | The dashboard: kanban boards, terminals, settings. |
| Bridge | 7592 | Manages the PTY sessions that run the AI agents. |
| Messaging | 7593 | Telegram channel and voice pipeline. Only runs when a channel token is set in .env. |
Ports come from slycode.config.js. Change them with slycode config ports.web 8080 and so on.
Network binding and security
SlyCode is local-only out of the box. The web dashboard binds 127.0.0.1 by default; binding 0.0.0.0 to reach it from other devices is an explicit opt-in, either in the setup wizard or later with slycode config host 0.0.0.0.
- Password required. The dashboard asks you to set a password on first launch. That password is what makes exposing the web UI safe.
- Local reset.
slycode reset-passwordclears the password and signs out all sessions. It needs no network access, so you can never be permanently locked out. - HTTPS when exposed. SlyCode does not provision certificates. If you expose the dashboard beyond localhost, serve it over HTTPS with a reverse proxy or
tailscale serve.
Provider configuration
data/providers.json defines how SlyCode launches each AI agent: the CLI command, permission and resume flags, the model list shown in the terminal's model picker, and which instruction file the agent reads in a project. Claude reads CLAUDE.md, Codex reads AGENTS.md (falling back to CODEX.md), and Gemini reads GEMINI.md.
Defaults are a single global setting (provider, permissions, and an optional model) with per-project overrides. Resolution checks the project override first, then the global default. You edit all of this from the dashboard; you rarely need to touch the file directly. slycode sync and slycode update refresh provider templates while preserving your defaults.
Where card data lives
Card data is per project, not centralized in the workspace. Each project keeps:
documentation/kanban.json: the live board, a flat card list across the five stages.documentation/events.json: the activity log that feeds the dashboard's activity feed, capped at 100 entries.documentation/kanban-archive.json: cold storage for archived cards, same shape as the board file, so the hot file stays small no matter how much history accumulates.
These files are human-readable JSON and safe to read or diff in git, but manage them through the dashboard or the sly-kanban CLI rather than hand-editing. Both write paths use atomic writes and keep counters consistent.
Next steps
- Multi-provider setup: defaults, per-project overrides, and running Claude, Codex, and Gemini side by side.
- Troubleshooting: what to check when a service will not start, beginning with
slycode doctor.