Space Agent’s runtime behavior is controlled by a set of named parameters defined inDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/agent0ai/space-agent/llms.txt
Use this file to discover all available pages before exploring further.
commands/params.yaml. These parameters can be read, written, and overridden at multiple levels — a clear precedence order decides which value wins at startup. The get and set commands manage the project .env file, which sits in the middle of that hierarchy.
Parameter resolution order
When Space Agent starts, it resolves each parameter in this order (highest priority first):- Launch arguments —
PARAM=VALUEpassed directly tonode space serveornode space supervise - Stored
.envvalues — written bynode space set KEY=VALUE - Process environment variables — inherited from the shell
- Schema defaults — defined in
commands/params.yaml
.env.
get — read parameters
node space get reads server config parameters from the project .env file and the parameter catalog defined in commands/params.yaml.
get reads the stored .env value only — it does not resolve the full four-level hierarchy. The value printed may differ from what a running server actually uses if a launch override or process environment variable is active.set — write parameters
node space set validates one or more KEY=VALUE assignments against commands/params.yaml and writes them into the project .env file. Unrelated .env entries are preserved.
set validates the value against the parameter’s type and allowed rules before writing. If validation fails, the .env file is not modified and the command exits with an error.
Parameter reference
All parameters are defined incommands/params.yaml. The table below covers every current parameter.
Network
Hostname or interface address the local server binds to. Accepts hostnames, IPv4 addresses, and IPv6 addresses. Default
0.0.0.0 binds all interfaces.TCP port the local server listens on. Accepted range:
0–65535. Set to 0 to let the OS assign a free port at startup — useful for ephemeral local runtimes and the desktop host.Workers
Number of HTTP worker processes for
node space serve and node space supervise. Accepted range: 1–256. 1 keeps the single-process runtime. Values greater than 1 start a clustered primary plus N worker model with one authoritative primary for shared filesystem and auth state.Customware
Optional absolute or project-relative directory that owns writable
L1/ and L2/ roots. When set, user and group data live under CUSTOMWARE_PATH/L1/ and CUSTOMWARE_PATH/L2/ rather than inside the source checkout. Required by node space supervise. Set persistently with node space set CUSTOMWARE_PATH=<path> before creating users or groups.Enable live customware
fs.watch listeners, config watching, and the periodic reconcile backstop. When false, startup indexing and explicit mutation sync are still active, but background watch paths are disabled — useful for diagnostics or tightly controlled deployments.Enable debounced local Git history repositories in writable
L1 group and L2 user roots. Commits are adaptively debounced: 10 seconds of quiet initially, reducing to 5 seconds after 1 minute of pending writes, 1 second after 5 minutes, and immediate after 10 minutes. With WORKERS>1, debounced commits are scheduled only by the primary process. The user and group CLI commands flush pending commits before returning when this is enabled.User access
Run the app as a single always-authenticated user named
user with implicit _admin access. Disables the login flow entirely. Frontend-exposed — injected as meta tags into page shells.Allow the public login page and password-login endpoints in multi-user mode. When
false, the /login shell remains available as a landing page but authentication endpoints are disabled. Guest-backed session flows may still run when ALLOW_GUEST_USERS is also enabled. Frontend-exposed.Allow guest-account creation from the login screen when password login is enabled. Enables guest-backed public share flows. Frontend-exposed.
Cloud share
Allow this server to receive hosted cloud-share uploads under the customware share store. Requires
ALLOW_GUEST_USERS=true and a non-empty CUSTOMWARE_PATH.Public cloud-share host or URL used by the spaces share modal for hosted uploads and generated share links. Frontend-exposed — the browser reads this to know which receiver to contact.
Git
Git backend used by server-owned Git flows such as local history and Git-backed module installs. Allowed values:
auto, native, isomorphic. auto keeps the normal native → isomorphic fallback order. Set to a concrete value to force one backend for local testing or troubleshooting.Optional Git repository URL used by
node space update and node space supervise when checking and cloning releases. When unset, both commands fall back to the local origin remote URL and then to the canonical Space Agent repository.Storage limits
Maximum on-disk size in bytes for each
L2/<user>/ folder. 0 disables the cap. When a positive limit is set, app-file mutations that would push a folder over the cap are rejected, while mutations that reduce an already-over-limit folder are still allowed.Frontend-exposed parameters
Parameters markedfrontend_exposed: true in commands/params.yaml are injected as meta tags into page shells so the browser can read them without an API call. The current frontend-exposed parameters are:
| Parameter | Default |
|---|---|
SINGLE_USER_APP | false |
LOGIN_ALLOWED | true |
ALLOW_GUEST_USERS | false |
CLOUD_SHARE_URL | share.space-agent.ai |
Production auth injection
For production deployments, the following environment variables can be injected into the process to configure auth key storage. They are backend-only and never written to.env or exposed to the browser.
Backend-only encryption key used to seal and unseal password verifier envelopes. When present, auth keys are read from this variable rather than from
server/data/auth_keys.json.Backend-only HMAC key used to sign and verify session tokens. Paired with
SPACE_AUTH_PASSWORD_SEAL_KEY for injection-based key management.Override the directory from which
auth_keys.json is loaded. When set, the server reads SPACE_AUTH_DATA_DIR/auth_keys.json instead of server/data/auth_keys.json. Used by supervise and the CLI user-management commands so all processes share one canonical key file.Personal access token for fetching from private GitHub repositories. Used by both
node space update and node space supervise release staging. When absent, no GitHub auth header is sent.SPACE_AUTH_PASSWORD_SEAL_KEY, SPACE_AUTH_SESSION_HMAC_KEY, SPACE_AUTH_DATA_DIR, and SPACE_GITHUB_TOKEN are not defined in commands/params.yaml and are not managed by node space get or node space set. Inject them through the process environment or a secrets manager.