Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/builderz-labs/mission-control/llms.txt

Use this file to discover all available pages before exploring further.

Mission Control is configured entirely through environment variables. Copy .env.example to .env.local (development) or .env (production) and customize as needed.

Authentication

AUTH_USER
string
default:"admin"
required
Admin username seeded on first run (only if no users exist in the database).
AUTH_PASS
string
required
Admin password for the initial user.
If your password contains #, you must either:
  • Quote the value: AUTH_PASS="my#password"
  • Use base64 encoding via AUTH_PASS_B64 instead
AUTH_PASS_B64
string
Base64-encoded admin password. Overrides AUTH_PASS if set.Generate with:
echo -n 'my#password' | base64
API_KEY
string
required
API key for headless/external access. Send via x-api-key header for programmatic access.
Generate a secure random key:
openssl rand -hex 32
AUTH_SECRET
string
default:"random-secret-for-legacy-cookies"
Secret for legacy cookie authentication (backward compatibility).
MC_COOKIE_SECURE
boolean
Enable secure cookies (HTTPS-only). Defaults to true in production unless overridden.
Always enable this in production when serving over HTTPS.
MC_COOKIE_SAMESITE
string
default:"strict"
SameSite cookie attribute. Valid values: strict, lax, none.

Network Access Control

Mission Control implements host-based access control to prevent unauthorized access.
MC_ALLOW_ANY_HOST
boolean
default:"false"
Bypass host restrictions and allow any host to access the application.
Production: Access is blocked by default unless the host is explicitly allowed via MC_ALLOWED_HOSTS.Development: All hosts are allowed by default (NODE_ENV !== 'production').
MC_ALLOWED_HOSTS
string
default:"localhost,127.0.0.1"
Comma-separated list of allowed hostnames or patterns.Supported patterns:
  • Exact hosts: app.example.com
  • Subdomains: *.example.com (matches a.example.com but not bare example.com)
  • Prefix wildcard: 100.* (useful for Tailscale IPs like 100.64.0.1)
Example:
MC_ALLOWED_HOSTS=localhost,127.0.0.1,app.example.com,*.internal.example.com,100.*

Google OAuth Integration

GOOGLE_CLIENT_ID
string
Server-side Google OAuth client ID for Sign-In approval workflow.Create in Google Cloud Console as a Web application and configure authorized origins/redirect URIs.
NEXT_PUBLIC_GOOGLE_CLIENT_ID
string
Client-side Google OAuth client ID (exposed to browser).

OpenClaw Gateway

OPENCLAW_HOME
string
Path to .openclaw home directory. Required for memory browser, gateway config, and logs.Example: /home/user/.openclaw
OPENCLAW_CONFIG_PATH
string
Explicitly point to openclaw.json instead of deriving from OPENCLAW_HOME.
OPENCLAW_GATEWAY_HOST
string
default:"127.0.0.1"
Gateway host for server-side connections.
OPENCLAW_GATEWAY_PORT
number
default:"18789"
Gateway port for server-side connections.
OPENCLAW_GATEWAY_TOKEN
string
Authentication token for server-side gateway calls (optional).

Frontend Gateway Configuration

These variables are prefixed with NEXT_PUBLIC_ and are exposed to the browser.
NEXT_PUBLIC_GATEWAY_HOST
string
Gateway hostname for browser WebSocket connections.
NEXT_PUBLIC_GATEWAY_PORT
number
default:"18789"
Gateway port for browser WebSocket connections.
NEXT_PUBLIC_GATEWAY_PROTOCOL
string
WebSocket protocol: ws or wss. Defaults based on page protocol.
NEXT_PUBLIC_GATEWAY_URL
string
Complete gateway WebSocket URL. Overrides individual host/port/protocol settings.
NEXT_PUBLIC_GATEWAY_TOKEN
string
Client-side gateway authentication token (if required by gateway).

Coordinator Identity

MC_COORDINATOR_AGENT
string
default:"coordinator"
Server-side coordinator agent identifier for chat status replies.
NEXT_PUBLIC_COORDINATOR_AGENT
string
default:"coordinator"
Client-side coordinator agent identifier for UI.

Gateway Defaults

MC_DEFAULT_GATEWAY_NAME
string
default:"primary"
Default gateway name used for /api/gateways seeding if database is empty.

Data Paths

All paths default to .data/ in the project root if not specified.
MISSION_CONTROL_DATA_DIR
string
default:".data"
Root directory for all Mission Control data files.
MISSION_CONTROL_DB_PATH
string
default:".data/mission-control.db"
SQLite database file path.
MISSION_CONTROL_TOKENS_PATH
string
default:".data/mission-control-tokens.json"
Token storage file path.

OpenClaw Paths

These paths are derived from OPENCLAW_HOME if not explicitly set.
OPENCLAW_LOG_DIR
string
Directory containing OpenClaw logs.Default: {OPENCLAW_HOME}/logs
OPENCLAW_MEMORY_DIR
string
Directory containing agent memory files.
OpenClaw does NOT store agent memory markdown files under OPENCLAW_HOME/memory/ by default.Agent memory lives in each agent’s workspace (e.g., ~/clawd-agents/{agent}/memory/).Point this at your agents root to make the Memory Browser useful:
OPENCLAW_MEMORY_DIR=/home/you/clawd-agents
OPENCLAW_SOUL_TEMPLATES_DIR
string
Directory containing soul templates.Default: {OPENCLAW_HOME}/templates/souls
OPENCLAW_BIN
string
default:"openclaw"
OpenClaw CLI binary name or path.

1Password Integration

OP_VAULT_NAME
string
default:"default"
Vault name for 1Password CLI pulls (used by Integrations panel).

Super Admin / Provisioning

These variables are only required if using super-admin provisioning helpers.
MISSION_CONTROL_REPO_ROOT
string
Path to the Mission Control repository root.
MC_SUPER_TEMPLATE_OPENCLAW_JSON
string
Path to template openclaw.json used to seed new tenant state (required for tenant bootstrap).
MC_TENANT_HOME_ROOT
string
default:"/home"
Base path for provisioned Linux user homes.
MC_TENANT_WORKSPACE_DIRNAME
string
default:"workspace"
Workspace directory name under each tenant user home.

Data Retention

All retention periods are in days. Set to 0 to keep data forever.
MC_RETAIN_ACTIVITIES_DAYS
number
default:"90"
Activity log retention period.
MC_RETAIN_AUDIT_DAYS
number
default:"365"
Audit log retention period.
MC_RETAIN_LOGS_DAYS
number
default:"30"
Application log retention period.
MC_RETAIN_NOTIFICATIONS_DAYS
number
default:"60"
Notification retention period.
MC_RETAIN_PIPELINE_RUNS_DAYS
number
default:"90"
Pipeline run history retention period.
MC_RETAIN_TOKEN_USAGE_DAYS
number
default:"90"
Token usage statistics retention period.

Server Configuration

PORT
number
default:"3005 (direct) / 3000 (Docker)"
HTTP server port.Example:
PORT=8080 pnpm start
HOSTNAME
string
default:"0.0.0.0"
Bind address for the HTTP server. Set in Dockerfile for containerized deployments.
NODE_ENV
string
default:"development"
Node.js environment. Set to production for production deployments.
Production mode enables:
  • Default-deny host access control
  • Secure cookies by default
  • Security headers (X-Frame-Options, CSP, etc.)

Build docs developers (and LLMs) love

Get started for freeTalk to us