oxios 1.12.0

Oxios Agent OS — Agent Operating System powered by oxi-sdk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265

# Oxios Agent OS — Default Configuration
# Copy to ~/.oxios/config.toml and customize as needed.

# ── Secrets (API keys, tokens, passwords) ─────────────────────────────────
# All sensitive values in one place.
# Environment variables serve as fallback when not set here.
# Priority: config.toml → ~/.oxi/auth.json → env var
#
# [secrets]
# # Web API authentication key (falls back to OXIOS_API_KEY env var)
# oxios_api_key = ""
#
# # Email SMTP password (falls back to OXIOS_EMAIL_PASSWORD / RESEND_API_KEY env var)
# email_smtp_password = ""
#
# # Telegram bot token (falls back to TELEGRAM_BOT_TOKEN env var)
# telegram_bot_token = ""
#
# # ClawHub marketplace API key (falls back to CLAWHUB_TOKEN env var)
# clawhub_api_key = ""
#
# # LLM provider API keys (fall back to OXIOS_<PROVIDER>_API_KEY env var)
# [secrets.providers]
# anthropic = "sk-ant-..."
# openai = "sk-..."
# google = "..."

[kernel]
# Path to the workspace directory.
# workspace = "~/.oxios/workspace"
event_bus_capacity = 256
max_agents = 10

[engine]
# Default model in "provider/model" format.
# MUST be set before first run — onboarding wizard will prompt if empty.
# default_model = ""
# Explicit API key (highest priority).
# If empty, falls back to ~/.oxi/auth.json, then environment variables.
# api_key = ""
# Enable complexity-based model routing.
# routing_enabled = false
# Prefer cost-efficient models when routing.
# prefer_cost_efficient = false
# Fallback models to try when primary fails.
# fallback_models = ["anthropic/claude-3-5-haiku-20241022"]

[daemon]
# PID file for background daemon.
# pid_file = "~/.oxios/oxios.pid"
# Log directory.
# log_dir = "~/.oxios/logs"

[gateway]
# Host to bind the web server to.
# NOTE: Bind to localhost only. Change to "0.0.0.0" only if you understand the risks.
host = "127.0.0.1"
# Port for the web dashboard.
port = 4200
# Expose /api-docs (Swagger UI) and /openapi.json.
# Gated to loopback binds (127.0.0.0/8, ::1, "localhost") for safety.
# Set to true during local dev to inspect the OpenAPI schema.
# Default: false (production-safe).
# expose_api_docs = false

# RFC-024 SP1: ceiling on HTTP→gateway request-response matching.
# The HTTP layer returns 504 when the orchestrator does not respond
# within this duration. Default: 120s.
# response_timeout_secs = 120

# RFC-024 SP1: in-memory replay buffer for WS resume / C2 (order+replay).
[gateway.reliability]
# Per-channel ring buffer size. Older messages are evicted on overflow.
# replay_buffer_size = 512
# How long a message stays in the buffer.
# replay_ttl_secs = 60

[exec]
# Default execution mode: "structured" (recommended) or "shell".
# Shell mode is DANGEROUS — requires explicit allow_shell_mode=true.
default_mode = "structured"
# Allow shell mode (bash -c execution). DANGEROUS — keep false in production.
allow_shell_mode = false
# Commands allowed for structured execution.
allowlist_mode = "enforced"
allowed_commands = [
    "ls", "cat", "head", "tail", "wc",
    "grep", "rg", "find", "fd",
    "git",
    "cargo", "rustc",
    "python3", "node", "bun",
    "curl", "wget",
    "jq", "yq",
    "echo", "mkdir", "cp", "mv",
]
# Default command timeout in seconds.
default_timeout_secs = 120
# Maximum command timeout in seconds.
max_timeout_secs = 600

[orchestrator]
# Maximum Ouroboros evolution iterations before giving up.
max_evolution_iterations = 3
# Minimum evaluation score for task to be considered passed.
min_evaluation_score = 0.8
# Enable evaluation result caching (avoids re-evaluating same seed+output).
eval_cache_enabled = true
# Keywords that trigger spec (Ouroboros) mode. Prefix-only match.
spec_keywords = ["#spec", "#plan"]
# Default execution mode: "spec" (Ouroboros pipeline) or "chat" (direct agent).
default_mode = "spec"

[context]
active_limit_tokens = 100000
cache_limit_entries = 50

[security]
# NOTE: auth_enabled should be true in production.
auth_enabled = false
# Allowed CORS origins. Browsers treat `localhost` and `127.0.0.1` as distinct
# origins, so both are included. 5173 covers the Vite dev server (`bun dev`).
cors_origins = ["http://localhost:4200", "http://127.0.0.1:4200", "http://localhost:5173", "http://127.0.0.1:5173"]
# Default allowed tools for agents.
allowed_tools = ["read", "write", "edit", "bash", "grep", "find", "exec"]
network_access = false
max_execution_time_secs = 300
max_memory_mb = 512
can_fork = false

[logging]
# Log format: "pretty" (default), "json" (for ELK/Loki/CloudWatch), "compact"
format = "pretty"
# Log level override. Falls back to RUST_LOG env var, then "info".
# level = "info"

[otel]
enabled = false
endpoint = "http://localhost:4317"
service_name = "oxios"
sampling_ratio = 1.0

[channels]
enabled = ["web"]

# Telegram channel settings (when enabled)
# [channels.telegram]
# Allowed Telegram user IDs (empty = allow all)
# allowed_users = []
# [channels.telegram.session]
# Auto-rotate session after N hours of inactivity (0 = disabled)
# rotation_hours = 2
# Max messages per session before auto-rotate (0 = unlimited)
# max_messages = 0

# Session management (applies to all channels)
[session]
# Maximum number of sessions to retain. Oldest are pruned first.
# Set to 0 for unlimited.
max_sessions = 100
# Session TTL in hours. Sessions older than this are auto-deleted.
# Set to 0 for unlimited (no TTL-based pruning).
ttl_hours = 168
# Enable automatic pruning on every session save.
auto_prune = true

# ── Mounts (RFC-025) ───────────────────────────────────────────────────────
# Auto-promote frequently-used paths into Mounts. A background scanner counts
# how often each path appears in session trajectories (tool calls) and user
# messages; paths that cross the threshold within the window become Mounts.

[mounts]
auto_promote_enabled = true
# Minimum distinct touches within the window to trigger promotion.
auto_promote_threshold = 3
# How far back to look, in days.
auto_promote_window_days = 14
# Seconds between promotion scans (background cadence).
auto_promote_interval_secs = 3600

# ── Memory (RFC-012) ────────────────────────────────────────────────────────
# All memory settings have sensible defaults — no configuration needed.
# Override only if you want to change behavior.

[memory]
enabled = true
max_recall = 10

# SQLite-backed storage (replaces JSON files, single memory.db file).
[memory.sqlite]
enabled = true
# path = ""  # Empty = ~/.oxios/workspace/memory.db
# embedding_dim = 256  # Matryoshka: 128 (fast) | 256 (balanced) | 512 | 768 (full)
wal_mode = true

# Embedding provider for semantic search.
# "gguf" = local EmbeddingGemma-300m (auto-downloaded, ~329MB)
# "tfidf" = TF-IDF fallback (no download, keyword-only)
[memory.embedding]
provider = "gguf"
# dimension = 256
# model_ttl_secs = 300  # Unload after 5 min of inactivity

# Learning engine (SONA + ReasoningBank).
[memory.learning]
enabled = true
# sona_mode = "balanced"  # realtime | balanced | research | edge
# distill_interval_hours = 6
# auto_promote_quality = 0.8
# auto_promote_min_usage = 3

# AutoMemoryBridge (SQLite ↔ MEMORY.md sync).
[memory.bridge]
sync_enabled = false
# interval_secs = 3600

# Memory consolidation (RFC-008 Dream process).
# 프리셋: "conservative" | "balanced" | "aggressive" | "custom"
# 프리셋을 변경하면 아래 개별 필드가 무시되고 프리셋 값으로 덮어씌워집니다.
# 개별 필드를 직접 제어하려면 preset = "custom" 으로 설정하세요.
# Calendar system (disabled by default).
# Enable to allow agents and users to manage events.
# Events are stored as .ics files in ~/.oxios/workspace/calendar/events/
# [calendar]
# enabled = true
# timezone = "Asia/Seoul"
# default_reminder_minutes = [15]
# alarm_channels = ["web"]
# journal_sync = "on_open"
# system_calendar = true
# archive_after_days = 365

# Agent history log (enabled by default).
# Controls how past agent executions are retained for transparent observation.
[agent_log]
# Maximum number of agent records to keep (0 = unlimited)
max_entries = 10000
# TTL for agent records in hours (0 = unlimited)
ttl_hours = 720  # 30 days
# Max tool_calls per agent to persist (0 = unlimited)
# Truncates old calls to keep storage bounded
# Full traces remain available via Session.trajectory_steps
max_tool_calls_per_agent = 500
# How many agents to prune per cycle (prevents long locks)
prune_batch_size = 100
# Path to the SQLite database file (empty = ~/.oxios/state/agent_log.db)
# db_path = ""

# Email system (disabled by default).
# Enable to allow agents to send HTML emails via SMTP.
# v1: sends to your own email only (my_email).
# [email]
# enabled = true
# my_email = "me@gmail.com"
# provider = "gmail"  # gmail | icloud | fastmail | custom
# Set password via: export OXIOS_EMAIL_PASSWORD="your-app-password"
# rate_limit_per_hour = 10

[memory.consolidation]
preset = "balanced"
# dream_enabled = true
# dream_interval_hours = 24
# decay_enabled = true
# auto_protection = true
# auto_classification = true
# proactive_recall = true