Documentation Index
Fetch the complete documentation index at: https://mintlify.com/math-inc/OpenGauss/llms.txt
Use this file to discover all available pages before exploring further.
All API keys and secrets used by OpenGauss live in a single file: ~/.gauss/.env. This keeps credentials out of your config file and out of version control. The file is created automatically during gauss setup and is stored with owner-only permissions (0600) so other users on the same machine cannot read it.
Setting values
Run the setup wizard (recommended for first-time setup)
The wizard walks you through selecting a provider and configuring the keys you need.
Or set keys directly with gauss config set
gauss config set OPENROUTER_API_KEY sk-or-v1-...
gauss config set TELEGRAM_BOT_TOKEN 123456:ABC-...
OpenGauss automatically routes any _API_KEY or _TOKEN value to .env instead of config.yaml.
Or edit the file directly
Never commit ~/.gauss/.env to source control. The file contains your API keys. If you accidentally expose it, rotate your keys immediately from each provider’s dashboard.
Example .env file
# ~/.gauss/.env
# ── Primary provider ───────────────────────────────────────────────────────
OPENROUTER_API_KEY=sk-or-v1-...
# ── Tool services ──────────────────────────────────────────────────────────
FIRECRAWL_API_KEY=fc-...
BROWSERBASE_API_KEY=bb-...
BROWSERBASE_PROJECT_ID=proj_...
FAL_KEY=...
# ── Voice ──────────────────────────────────────────────────────────────────
VOICE_TOOLS_OPENAI_KEY=sk-...
ELEVENLABS_API_KEY=...
# ── Messaging platforms ────────────────────────────────────────────────────
TELEGRAM_BOT_TOKEN=123456:ABC-...
DISCORD_BOT_TOKEN=...
SLACK_BOT_TOKEN=xoxb-...
SLACK_APP_TOKEN=xapp-...
Variable reference
Provider keys
These keys tell OpenGauss which LLM provider to use and how to authenticate with it.
| Variable | Description | Where to get it |
|---|
OPENROUTER_API_KEY | OpenRouter API key — gives access to 100+ models through one key | openrouter.ai/keys |
ANTHROPIC_API_KEY | Direct Anthropic API key for Claude models | console.anthropic.com |
ANTHROPIC_TOKEN | Anthropic OAuth token (set automatically by gauss login) | — |
GLM_API_KEY | Z.AI / ZhipuAI GLM key (also accepted as ZAI_API_KEY or Z_AI_API_KEY) | z.ai |
ZAI_API_KEY | Alias for GLM_API_KEY | z.ai |
Z_AI_API_KEY | Alias for GLM_API_KEY | z.ai |
GLM_BASE_URL | Override the Z.AI base URL (advanced) | — |
KIMI_API_KEY | Kimi / Moonshot AI key | platform.kimi.ai |
KIMI_BASE_URL | Override the Kimi base URL | — |
MINIMAX_API_KEY | MiniMax global endpoint key | minimax.io |
MINIMAX_BASE_URL | Override the MiniMax base URL | — |
MINIMAX_CN_API_KEY | MiniMax China endpoint key | minimaxi.com |
MINIMAX_CN_BASE_URL | Override the MiniMax China base URL | — |
DEEPSEEK_API_KEY | DeepSeek API key for direct access | platform.deepseek.com |
DEEPSEEK_BASE_URL | Custom DeepSeek base URL | — |
NOUS_BASE_URL | Nous Portal base URL override (advanced) | — |
OPENAI_BASE_URL | Custom OpenAI-compatible endpoint for local models or proxies | — |
Using a local model or vLLM? Set OPENAI_BASE_URL to your local endpoint and configure model in config.yaml to match the model name your server expects:OPENAI_BASE_URL=http://localhost:8000/v1
OPENAI_API_KEY=not-needed
# config.yaml
model: "meta-llama/Llama-3.1-70B-Instruct"
These optional keys unlock additional tool capabilities.
| Variable | Description | Unlocks | Where to get it |
|---|
FIRECRAWL_API_KEY | Firecrawl web scraping and search | web_search tool | firecrawl.dev |
FIRECRAWL_API_URL | Override for self-hosted Firecrawl instance | — | — |
BROWSERBASE_API_KEY | Browserbase cloud browser | browser_navigate, browser_click | browserbase.com |
BROWSERBASE_PROJECT_ID | Browserbase project ID | browser_navigate, browser_click | browserbase.com |
FAL_KEY | FAL.ai image generation | image_generate | fal.ai |
VOICE_TOOLS_OPENAI_KEY | OpenAI key for Whisper STT and OpenAI TTS | voice_transcription, OpenAI TTS | platform.openai.com/api-keys |
ELEVENLABS_API_KEY | ElevenLabs premium TTS voices | ElevenLabs TTS provider | elevenlabs.io |
TINKER_API_KEY | Tinker RL training service | rl_start_training, rl_check_status | tinker-console.thinkingmachines.ai |
WANDB_API_KEY | Weights & Biases experiment tracking | rl_get_results | wandb.ai/authorize |
GITHUB_TOKEN | GitHub PAT for Skills Hub (higher rate limits, skill publishing) | Skills Hub | github.com/settings/tokens |
GROQ_API_KEY | Groq Whisper API (free tier STT) | stt.provider: groq | console.groq.com |
These keys activate OpenGauss’s gateway mode for messaging platforms.
| Variable | Description | Where to get it |
|---|
TELEGRAM_BOT_TOKEN | Telegram bot token from @BotFather | @BotFather on Telegram |
TELEGRAM_ALLOWED_USERS | Comma-separated Telegram user IDs permitted to use the bot | @userinfobot |
DISCORD_BOT_TOKEN | Discord bot token from the Developer Portal | discord.com/developers |
DISCORD_ALLOWED_USERS | Comma-separated Discord user IDs permitted to use the bot | — |
SLACK_BOT_TOKEN | Slack bot token (xoxb-). Requires scopes: chat:write, app_mentions:read, im:history, im:write, users:read | api.slack.com/apps |
SLACK_APP_TOKEN | Slack app-level token (xapp-) for Socket Mode | api.slack.com/apps |
WHATSAPP_ENABLED | Set to true to enable the WhatsApp bridge | — |
WHATSAPP_MODE | WhatsApp bridge mode (see WhatsApp setup docs) | — |
WHATSAPP_ALLOWED_USERS | Comma-separated phone numbers (with country code) allowed to use the bot | — |
SLACK_ALLOWED_USERS | Comma-separated Slack user IDs permitted to use the bot | — |
GATEWAY_ALLOW_ALL_USERS | Set to true to skip the allowed-users check on messaging platforms (default: false) | — |
Agent and behavior settings
| Variable | Description |
|---|
GAUSS_HOME | Override the Gauss config directory (default: ~/.gauss). Useful for isolated environments or CI. |
GAUSS_YOLO_MODE | Set to true to bypass dangerous command approval prompts. Equivalent to approvals.mode: off in config. |
GAUSS_MAX_ITERATIONS | Maximum tool-calling iterations per conversation (default: 90). Overrides agent.max_turns in config. |
MESSAGING_CWD | Working directory for terminal commands executed via messaging platforms. |
SUDO_PASSWORD | Sudo password for commands requiring root. Piped via sudo -S. Works with all terminal backends. |
GAUSS_PREFILL_MESSAGES_FILE | Path to a JSON file containing [{role, content}] messages injected at API-call time for few-shot priming. Never persisted to sessions. |
GAUSS_EPHEMERAL_SYSTEM_PROMPT | Extra system prompt text injected at API-call time. Never saved to session logs. |
File security
OpenGauss protects your credentials automatically:
- The
~/.gauss/ directory is created with 0700 permissions (owner-only access).
- The
.env file is created with 0600 permissions (owner read/write only).
- Writes to
.env are atomic — the file is written to a temporary path and renamed, preventing partial reads.
- The file is never included in session logs or trajectories.