Purpose: Single index of commonly used environment
variables. For agent behavior and trust in depth, see guides/AGENT_SETUP_AND_USAGE.md.
For IDE backend guardrails when hosted, see
../dal-ide/README.md (sibling
dal-ide/ checkout under lang_mark/, next to
dist_agent_lang/; agent guardrails section).
RAG and MCP (how to use, not just env names):
RAG is optional lexical retrieval into prompts
(DAL_RAG, index under .dal/rag/).
MCP is an optional stdio adapter so IDEs can call the
same routes as curl against your
dal serve / dal agent serve
base URL — set DAL_AGENT_HTTP_BASE (or
DAL_MCP_HTTP_BASE) for dal mcp-bridge or the
example under COO/mcp/ (or ../COO/mcp/ when
running from dist_agent_lang/). Step-by-step context: AGENT_SETUP_AND_USAGE.md
§12–13, IDE_AND_AGENT_INTEGRATION.md, RAG_MVP_SPEC.md.
| Area | Variable(s) | Notes |
|---|---|---|
Process logging (Rust tracing) |
RUST_LOG, DAL_LOG_FORMAT,
DAL_METRICS |
RUST_LOG — standard filter (e.g. info,
dal_http=debug, dal_stream=info).
DAL_LOG_FORMAT=json — JSON lines to stderr.
DAL_METRICS=1 — expose GET /metrics
(Prometheus text counters) on HTTP servers that ship observability
(dal web, dal ide serve,
dal agent serve, dal-registry,
start_http_server). IDE SSE metrics include stream active
gauges, connection/resume counters, gap counters, replay-eviction
counters, and global rejection counters
(dal_http_auth_rejections_total,
dal_http_rate_limit_rejections_total). In
legacy preset local dev, auth rejection counters are
typically zero unless auth is explicitly enabled. |
| LLM / AI | OPENAI_API_KEY, ANTHROPIC_API_KEY,
DAL_AI_PROVIDER, DAL_AI_ENDPOINT,
DAL_AI_MODEL, DAL_AI_TEMPERATURE, … |
Provider-specific; see guides/AI_FEATURES_GUIDE.md, CUSTOM_AI_PROVIDERS.md. |
| Agent serve / IDE agent loop | DAL_AGENT_* (e.g.
DAL_AGENT_MAX_TOOL_STEPS,
DAL_AGENT_SHELL_TRUST, DAL_AGENT_CONTEXT_PATH,
DAL_AGENT_GUARDS_STRICT_MODE, runtime persistence) |
AGENT_SETUP_AND_USAGE.md. |
dal agent serve (prompt-only) — sync +
idempotency |
JSON body wait: true on
POST /message or POST /task; HTTP header
Idempotency-Key |
When wait is true, the handler blocks
until the tool loop finishes and returns
result (final_text,
steps_used, max_steps_reached,
is_ask_user). Same
Idempotency-Key within ~10 minutes returns
the cached JSON (safe cron retries). See AGENT_SETUP_AND_USAGE.md. |
Agent search tool (requires
http-interface) |
DAL_WEB_SEARCH_PROVIDER,
DAL_WEB_SEARCH_TIMEOUT_SECS,
DAL_BRAVE_SEARCH_API_KEY /
BRAVE_SEARCH_API_KEY, DAL_SERPAPI_KEY /
SERPAPI_KEY |
DAL_WEB_SEARCH_PROVIDER —
duckduckgo (default, no API key), brave, or
serpapi. Brave/SerpAPI need the corresponding API key env;
see AUTONOMOUS_JOBS_LANGUAGE_GAPS.md
§2.1. Timeout default 15 seconds (5–60). |
Build: outbound HTTP (search,
fetch_url, …) |
Cargo feature http-interface |
On by default in root Cargo.toml
(default = ["http-interface"]).
cargo build --no-default-features omits
reqwest; web tools then error at runtime unless you add
--features http-interface. |
| Long agent HTTP requests (ops) | — | Not an env var: overlapping LLM + tool-loop calls share blocking worker capacity. Stagger cron, cap concurrency, or serialize jobs. AUTONOMOUS_JOBS_LANGUAGE_GAPS.md §2.3; AGENT_SETUP_AND_USAGE.md. |
Agent fetch_url tool and DAL
http::fetch_text (HTTP GET; requires
http-interface) |
DAL_HTTP_FETCH_TIMEOUT_SECS,
DAL_HTTP_FETCH_MAX_BYTES,
DAL_HTTP_FETCH_ALLOW_HOSTS,
DAL_HTTP_FETCH_BLOCK_PRIVATE |
Same policy for both. Timeout default 30s (1–120). Max body default
512 KiB (capped). DAL_HTTP_FETCH_ALLOW_HOSTS — optional
comma-separated host allowlist; if unset, any host allowed subject to
other checks. DAL_HTTP_FETCH_BLOCK_PRIVATE — default on:
blocks localhost and private/loopback IPs; set
0 or false to allow (e.g. local dev). See STDLIB_REFERENCE.md (http
module). |
DAL graph::* primitives (requires
http-interface) |
DAL_GRAPH_ALLOW_INSECURE_HTTP |
Production default requires https:// for graph base
URLs and token endpoints. Set
DAL_GRAPH_ALLOW_INSECURE_HTTP=1 only for local/dev HTTP
endpoints. |
| RAG (lexical MVP) | DAL_RAG, DAL_RAG_INDEX_DIR,
DAL_RAG_TOP_K |
DAL_RAG=1 — enable retrieval when the client omits
include_rag or leaves it null (same rules for
dal agent serve, agent HTTP
POST /api/message / POST /api/task / agents
& workflows, and DAL
workflow::run_steps(steps, input, optional include_rag)).
Index: cargo run --bin rag-index from repo root →
.dal/rag/chunks.jsonl. Default index dir:
.dal/rag. DAL_RAG_TOP_K — 1–50, default 5.
Optional JSON include_rag: true /
false. DAL apps:
rag::prompt_block(query, include_rag). See RAG_MVP_SPEC.md. |
MCP bridge (dal mcp-bridge, example
under COO/mcp/ or ../COO/mcp/ from
dist_agent_lang/) |
DAL_AGENT_HTTP_BASE, DAL_MCP_HTTP_BASE,
DAL_MCP_BRIDGE_SCRIPT, DAL_MCP_TRANSPORT,
DAL_MCP_HTTP_TIMEOUT_MS, DAL_MCP_STREAM_HOST,
DAL_MCP_STREAM_PORT,
DAL_MCP_STREAM_HEARTBEAT_MS,
DAL_MCP_STREAM_SESSION_IDLE_MS |
MCP bridge forwards tool calls to your
dal serve base URL.
`DAL_MCP_TRANSPORT=stdio |
| IDE SSE contract flags (Phase 0) | DAL_IDE_SSE_STRUCTURED,
DAL_IDE_SSE_REPLAY, DAL_IDE_SSE_REPLAY_CAP,
DAL_IDE_SSE_KEEPALIVE_SECS,
DAL_IDE_SSE_JOB_RETENTION_SECS,
DAL_IDE_SSE_MAX_CHUNK_BYTES,
DAL_IDE_SSE_MAX_STREAMS_PER_CLIENT,
DAL_IDE_SSE_MAX_ESTABLISH_PER_MINUTE,
DAL_IDE_SSE_MAX_STREAM_LIFETIME_SECS,
DAL_IDE_SSE_IDLE_TIMEOUT_SECS,
DAL_IDE_SSE_MAX_HEADER_BYTES,
DAL_IDE_MAX_BODY_BYTES,
DAL_IDE_SSE_AUTH_TOKEN,
DAL_IDE_CORS_ALLOW_ANY,
DAL_IDE_CORS_ALLOW_ORIGIN,
DAL_IDE_SSE_VERSION |
DAL_IDE_SSE_STRUCTURED=1 enables envelope events with
id, type, timestamp,
payload, version on
/api/run/stream/:job_id and /api/events/stream
(chunk, terminal types `done |
| Hosted IDE agent safety | DAL_AGENT_MAX_TOOL_STEPS,
DAL_AGENT_MAX_WALL_CLOCK_MS,
DAL_AGENT_MAX_TOTAL_TOKENS,
DAL_AGENT_MAX_COST_MICROUSD,
DAL_AGENT_GUARDS_STRICT_MODE, … |
Listed in PRODUCTION_ROADMAP.md
and ../dal-ide/README.md. |
dal serve security presets |
DAL_SERVE_SECURITY_PRESET,
DAL_SERVE_ENABLE_AUTH,
DAL_SERVE_ENABLE_INPUT_VALIDATION,
DAL_SERVE_RATE_LIMIT_RPM,
DAL_SERVE_MAX_BODY_BYTES |
`DAL_SERVE_SECURITY_PRESET=legacy |
Optional dal serve HTTP Basic Auth
(browser / curl -u; separate from
DAL_COO_API_TOKEN and from JWT) |
DAL_HTTP_USER and one of
DAL_HTTP_PASSWORD_HASH (bcrypt, preferred) or
DAL_HTTP_PASSWORD (plaintext, dev only); optional
DAL_HTTP_AUTH_EXEMPT (comma paths, merges with built-ins);
brute-force: DAL_HTTP_AUTH_MAX_FAILS_PER_IP (default 15),
DAL_HTTP_AUTH_FAIL_WINDOW_SECS (default 300),
DAL_HTTP_AUTH_DISABLE_BRUTE=1 |
Set WWW-Authenticate: Basic realm="dal serve". Hash:
dal crypto forge → copy into
DAL_HTTP_PASSWORD_HASH (quote in .env if
$ in hash). |
| HTTP server auth | JWT_SECRET |
Required when JWT auth is used; enforced in
http_server_security. See SECURITY.md. |
DAL fs::* (language stdlib) |
DAL_FS_ROOT |
Optional. When set, fs::read_text /
write_text / append_text / exists
resolve relative paths under this directory; when
unset, the process current working directory is the
root. Distinct from agent LLM
read_file/write_file: enable
with DAL_AGENT_SCRIPTING=1 (jail defaults
to cwd; optional
DAL_AGENT_SCRIPT_ROOT →
<root>/scripts/). See STDLIB_REFERENCE.md fs
module. |
| Trust-split / compile | DAL_COMPILE_TRUST_MODE, chain RPC / strict policy
vars |
See TRUST_SPLIT_EVM_HARDENING_REFACTOR_PLAN.md, SMART_CONTRACTS_WITH_DAL_REVIEW.md. |