Advanced
Configuration
Multi-layered configuration system with project, user, and machine-local settings.
Configuration Hierarchy
Settings are merged from multiple sources, with later sources overriding earlier ones (bottom wins):
| Priority | File | Scope | Purpose |
|---|---|---|---|
| 1 (lowest) | .openanalyst.json | Project (shared) | Shared project defaults, committed to git |
| 2 | .openanalyst/settings.json | Project | Full project feature config |
| 3 | ~/.openanalyst/.env | User | API keys and base URLs |
| 4 | ~/.openanalyst/credentials.json | User | OAuth tokens (auto-managed) |
| 5 (highest) | .openanalyst/settings.local.json | Machine | Machine-specific overrides (gitignored) |
Project Guidance: OPENANALYST.md
Create an OPENANALYST.md file in your project root to provide AI instructions and project context. This file is auto-detected at startup and injected into the system prompt.
OPENANALYST.md
# Project: My App
## Architecture
This is a React + Node.js monorepo with:
- /frontend — React SPA (Vite)
- /backend — Express API server
- /shared — Shared types and utilities
## Guidelines
- Use TypeScript strict mode
- Prefer functional components with hooks
- All API routes must have error handling middleware
- Tests use Vitest for frontend, Jest for backend
## Common Tasks
- Run dev: `npm run dev` (starts both frontend and backend)
- Run tests: `npm test`
- Deploy: `npm run deploy` (requires AWS credentials)Tip
Use /init inside the TUI to generate an OPENANALYST.md template for your project.
Settings File
The main settings file supports these sections:
.openanalyst/settings.json
{
"model": "openanalyst-beta",
"permission_mode": "workspace-write",
"autoMode": "auto-edit",
"extendedThinking": { "enabled": true, "budgetTokens": 10000 },
"env": {
"OPENANALYST_API_KEY": "sk-oa-..."
},
"permissions": {
"allow": ["bash(npm test)", "write_file(src/**)"],
"deny": ["bash(rm -rf *)"]
},
"hooks": {
"PreToolUse": [{ "command": "echo $TOOL_NAME" }],
"PostToolUse": [{ "command": "echo done" }],
"SessionStart": [],
"SessionEnd": [],
"SubagentSpawned": [],
"ModelSwitch": []
},
"subagents": {
"explore": { "model": null, "maxTurns": 10 },
"plan": { "model": null, "maxTurns": 5 }
},
"modelAliases": {
"fast": "openanalyst-beta",
"smart": "claude-sonnet-4-6"
},
"mcp": {
"servers": {
"my-server": {
"transport": "stdio",
"command": "node",
"args": ["server.js"]
}
}
},
"sandbox": {
"filesystem_mode": "workspace",
"allowed_mounts": ["/data"]
}
}Permission Modes
| Mode | Bash | Write | Edit | Install | Delete |
|---|---|---|---|---|---|
read-only |
✗ | ✗ | ✗ | ✗ | ✗ |
workspace-write |
✓ | ✓ | ✓ | ✗ | ✗ |
danger-full-access |
✓ | ✓ | ✓ | ✓ | ✓ |
Set via CLI flag, config, or slash command:
# CLI flag
openanalyst --permission-mode workspace-write
# In settings.json
{ "permission_mode": "workspace-write" }
# During a session
/permissions workspace-writeHooks
Hooks are shell commands that execute in response to lifecycle events:
| Event | Fires When |
|---|---|
PreToolUse | Before a tool is executed |
PostToolUse | After a tool completes |
SessionStart | When a new session begins |
SessionEnd | When a session ends |
CwdChanged | When the working directory changes |
FileChanged | When a file is modified |
TaskCreated | When a new task is created |
Notification | System notification event |
Stop | Agent execution stopped |
SubagentSpawned | When a sub-agent is created |
SubagentCompleted | When a sub-agent finishes |
ModelSwitch | When the active model changes |
PermissionRequest | When a tool requests permission |
PermissionResult | After permission is granted/denied |
ElicitationRequest | When AI asks user a question |
ElicitationResult | After user responds to question |
Environment Variables
Authentication
| Variable | Description |
|---|---|
OPENANALYST_AUTH_TOKEN | OpenAnalyst API key |
OPENANALYST_BASE_URL | OpenAnalyst API base URL |
ANTHROPIC_API_KEY | Anthropic Claude API key |
OPENAI_API_KEY | OpenAI API key |
GEMINI_API_KEY | Google Gemini API key |
XAI_API_KEY | xAI Grok API key |
OPENROUTER_API_KEY | OpenRouter API key |
BEDROCK_API_KEY | Amazon Bedrock API key |
Runtime
| Variable | Description |
|---|---|
OPENANALYST_CONFIG_HOME | Override default config directory (~/.openanalyst) |
OPENANALYST_MODEL | Override default model |
OPENANALYST_PERMISSION_MODE | Set permission mode |
OPENANALYST_SANDBOX_FILESYSTEM_MODE | Sandbox isolation level |
OPENANALYST_SANDBOX_ALLOWED_MOUNTS | Permitted directories for sandbox |
File Structure
Project-Level (created via /init)
project/
├── OPENANALYST.md # Project-specific AI instructions
├── OPENANALYST.local.md # Personal project instructions (gitignored)
├── .openanalyst.json # Shared project defaults
├── .openanalyst/
│ ├── settings.json # Project-level settings
│ ├── settings.local.json # Machine-local overrides (gitignored)
│ ├── .env # Provider API keys (gitignored)
│ ├── .mcp.json # MCP server configuration
│ ├── sessions/ # Saved conversation sessions
│ ├── skills/ # Multi-file SKILL.md definitions
│ ├── commands/ # Simple slash commands
│ ├── rules/ # Path-specific instruction files
│ ├── agents/ # Custom subagent definitions
│ ├── hooks/ # Reusable hook scripts
│ └── output-styles/ # Custom output formattingUser-Level (all projects)
~/.openanalyst/
├── settings.json # User-wide settings
├── .env # Global API keys
├── credentials.json # Saved provider credentials
├── skills/ # User skills (available everywhere)
├── commands/ # User slash commands
├── rules/ # User rules
├── agents/ # User agents
└── output-styles/ # User output styles3-Level Config Hierarchy
All configuration (rules, skills, agents, output-styles) loads from three levels, with later levels overriding earlier ones:
| Priority | Level | Location | Purpose |
|---|---|---|---|
| 1 (lowest) | Managed | /etc/openanalyst-cli/ or C:\Program Files\OpenAnalystCLI\ | Enforced organization defaults |
| 2 | User | ~/.openanalyst/ | Personal defaults for all projects |
| 3 (highest) | Project | .openanalyst/ | Repo-specific, overrides user |