Skip to main content

Config file

The server config file at ~/.fabro/server.toml controls how fabro serve behaves — API binding, authentication, run defaults, and more. The Quick Start doesn’t require one, but production deployments should configure it explicitly.

Full reference

server.toml
# Maximum concurrent workflow runs (default: 5)
max_concurrent_runs = 8

# Override the default data directory (default: ~/.fabro)
data_dir = "/var/lib/fabro"

[api]
base_url = "https://fabro.example.com"

[api.tls]
cert = "/etc/fabro/tls/cert.pem"
key = "/etc/fabro/tls/key.pem"
ca = "/etc/fabro/tls/ca.pem"

# Authentication strategies (array of Jwt or Mtls)
[[api.authentication_strategies]]
type = "Jwt"

[web]
url = "https://fabro-web.example.com"

[web.auth]
provider = "Github"
allowed_usernames = ["alice", "bob"]

[git]
provider = "Github"
app_id = "123456"
client_id = "Iv1.abc123"

[log]
level = "info"

[git.author]
name = "fabro-bot"
email = "fabro-bot@company.com"

[git.webhooks]
strategy = "tailscale_funnel"

# Run defaults — applied to every run unless overridden by the run config
[llm]
model = "claude-sonnet-4-5"
provider = "anthropic"

[llm.fallbacks]
anthropic = ["gemini", "openai"]

[setup]
commands = ["npm install"]
timeout_ms = 120000

[sandbox]
provider = "daytona"

[sandbox.daytona]
auto_stop_interval = 60

[sandbox.daytona.labels]
team = "platform"

[checkpoint]
exclude_globs = ["**/node_modules/**", "**/.cache/**"]

[vars]
default_branch = "main"

CLI overrides

Several server.toml settings can be overridden via fabro serve flags:
FlagDefaultDescription
--port3000Port to listen on
--host127.0.0.1Host address to bind to
--modelOverride default LLM model
--providerOverride default LLM provider
--sandboxOverride default sandbox provider
--max-concurrent-runs5Maximum concurrent run executions
--config~/.fabro/server.tomlPath to server config file
--dry-runExecute with simulated LLM backend
CLI flags take precedence over server.toml values. See Run Configuration — Precedence for the full resolution order.

Run defaults

The [llm], [setup], [sandbox], [checkpoint], and [vars] sections in server.toml act as defaults for every run. A run config TOML can override any of these. For [vars], Daytona labels, and checkpoint exclude globs, values are merged — the run config wins on key collisions. All other fields use “first non-empty wins” precedence.

[log] section

Configure the default log level without environment variables. Precedence: FABRO_LOG env var > --debug flag > [log] level > "info".
KeyDescriptionDefault
levelLog level: error, warn, info, debug, trace"info"

[git.author] section

Customize the git author identity used for checkpoint commits. When not set, defaults to fabro / fabro@local.
KeyDescriptionDefault
nameGit author name"fabro"
emailGit author email"fabro@local"
The CLI can also set [git.author] in cli.toml to override the server default.

[git.webhooks] section

Enable automatic GitHub webhook delivery via Tailscale funnel. When configured, fabro serve binds a local HTTP listener, exposes it through tailscale funnel, and updates the GitHub App’s webhook URL on startup. Incoming webhooks are verified with HMAC-SHA256.
KeyDescriptionValues
strategyWebhook delivery method"tailscale_funnel"
Requires a configured GitHub App ([git] section with app_id and client_id) and the GITHUB_APP_WEBHOOK_SECRET environment variable.

[checkpoint] section

Configure checkpoint behavior for all runs.
KeyDescription
exclude_globsGlob patterns for files to exclude from checkpoint commits (e.g. ["**/node_modules/**"])
Exclude globs from server.toml and run configs are merged (union, deduplicated). See Run Configuration — Checkpoint for per-run configuration.

Environment variables

Fabro reads environment variables from a .env file in the working directory (if present) and from the shell environment. Provider API keys are required for the models you want to use; everything else is optional.

LLM provider keys

VariableProvider
ANTHROPIC_API_KEYAnthropic (Claude)
OPENAI_API_KEYOpenAI (GPT)
GEMINI_API_KEY or GOOGLE_API_KEYGoogle (Gemini)
KIMI_API_KEYKimi
ZAI_API_KEYZai (GLM)
MINIMAX_API_KEYMinimax
INCEPTION_API_KEYInception (Mercury)

Sandbox and tools

VariableDescription
DAYTONA_API_KEYDaytona cloud sandbox API key
BRAVE_SEARCH_API_KEYBrave Search API key (for the web_search tool)

Server authentication

VariableDescription
FABRO_JWT_PRIVATE_KEYEd25519 private key (base64-encoded PEM) for JWT signing
FABRO_JWT_PUBLIC_KEYEd25519 public key (base64-encoded PEM) for JWT verification
SESSION_SECRETSession encryption secret (64-character hex string)

GitHub App (optional)

VariableDescription
GITHUB_APP_CLIENT_SECRETGitHub App client secret
GITHUB_APP_WEBHOOK_SECRETGitHub App webhook secret
GITHUB_APP_PRIVATE_KEYGitHub App private key (base64-encoded)

Slack integration (optional)

VariableDescription
FABRO_SLACK_APP_TOKENSlack App-level token
FABRO_SLACK_BOT_TOKENSlack Bot token

Logging

VariableDefaultDescription
FABRO_LOGinfoLog level: error, warn, info, debug