Gadriel Code — Configuration (.gadriel.toml)
gadriel reads a single unified project config file, .gadriel.toml, at the repository root.
It supplies defaults for the flags documented in the
CLI reference — a CLI flag or environment variable still overrides it for any
one-off invocation. The file is committed to the repo; it never holds secrets.
Generate a fully-commented starter file with gadriel code init — see
Scaffolding.
Contents
- Discovery & precedence
- Sections
- Environment variables
- Secrets never go in the file
- Scaffolding with
gadriel code init
Discovery & precedence
The loader merges layers in this order — later layers win
(crates/gadriel-cli/src/config/loader.rs, defaults.rs):
- Built-in defaults (compiled into the binary — see
config/defaults.rs). - Global file —
~/.gadriel/config.toml. Errors here are downgraded to warnings (the CLI keeps working). - Project file —
./.gadriel.toml. Errors here are hard errors (the repo config must be valid). - Environment variables —
GADRIEL_*(preferred), withPREFLIGHT_*legacy fallbacks for a small set of keys. - CLI flags — applied by each command handler, highest priority.
In short:
CLI flag > GADRIEL_*/env > ./.gadriel.toml > ~/.gadriel/config.toml > built-in default
Each section is a partial — setting one key in a section (e.g. [scan] fail_on) does not reset
the section's other keys; they still fall through to the lower layers. An empty or missing
.gadriel.toml resolves every key to its documented default (fail-open).
Path overrides
| Mechanism | Effect |
|---|---|
gadriel [--config <PATH>] code <cmd> | The global --config <PATH> flag replaces ./.gadriel.toml in the stack for every command (scan, report, …). It takes precedence over the env var and the default ./.gadriel.toml lookup. Works in either position (gadriel --config X code scan or gadriel code scan --config X). |
GADRIEL_PROJECT_CONFIG_PATH=<PATH> | Points the loader at a project config file outside the repo root (also the test seam). Overridden by --config. |
GADRIEL_GLOBAL_CONFIG_PATH=<PATH> | Overrides the global-file location (~/.gadriel/config.toml). |
Sections
[scan]
Defaults for gadriel code scan.
| Key | Type | Default | Paired flag | Notes |
|---|---|---|---|---|
fail_on | string | "none" | --fail-on | none|info|low|medium|high|critical |
osv_auto_sync | string | "prompt" | --osv-auto-sync | yes|no|prompt |
no_osv | bool | false | --no-osv | Skip OSV/CVE consumption. |
osv_ecosystems | string | "auto" | --osv-ecosystems | auto|all|<csv> (e.g. pypi,npm). |
git_history | bool | false | --git-history | L4 git-history secret sweep. |
workspace_taint | bool | true | --no-workspace-taint (inverts) | Cross-file SAST taint analysis. |
scan_iac | bool | false | --scan-iac | EXPERIMENTAL Terraform/K8s/CFN/Helm. |
corroborate | bool | false | --corroborate | EXPERIMENTAL Tier-1 external-tool corroboration. |
output_format | string | "ocsf" | --output-format | ocsf|json|sarif (findings file). |
regen_html | bool | true | --no-html (inverts) | Auto-regen the HTML bundle post-scan. |
toml[scan]fail_on = "critical"osv_auto_sync = "yes"scan_iac = true
[report]
Defaults for gadriel code report.
| Key | Type | Default | Paired flag | Notes |
|---|---|---|---|---|
frameworks | array<string> | [] | --compliance | e.g. ["soc2","pci-dss"] or ["all"]. Empty = supply on the CLI. |
formats | array<string> | ["pdf","html"] | --format | Any of pdf, markdown, html. |
fail_on | string | "verdict" | --fail-on | verdict|render-only. |
executive | bool | true | --no-executive (inverts) | Emit the executive/CISO PDF. |
toml[report]frameworks = ["soc2", "pci-dss"]formats = ["pdf", "html"]fail_on = "verdict"executive = true
[init]
Defaults for gadriel code init.
| Key | Type | Default | Notes |
|---|---|---|---|
skip_hooks | bool | false | Skip git hook installation. |
skip_claude | bool | false | Skip the .claude/ scaffold. |
policies_url | string | https://github.com/Gadriel-ai/gadriel-code-policies | Rule-corpus repo URL (shares its default with top-level policies_repo_url). |
platforms | array<string> | [] | e.g. ["cursor","codex"]. |
[mcp]
Defaults for gadriel code mcp.
| Key | Type | Default | Notes |
|---|---|---|---|
auth_token_env | string | "GADRIEL_TOKEN" | Name of the env var to read the auth token from — never the token itself. |
[tier2]
Host-LLM semantic-analysis layer. Off by default.
| Key | Type | Default | Notes |
|---|---|---|---|
enabled | bool | false | Enable Tier-2. Resolution order: --tier2 flag ▸ GADRIEL_TIER2/GADRIEL_TIER2_ENABLED env ▸ this key ▸ false. |
source_consent | bool | false | Persisted --send-source consent. Privacy-gated — when true, sends source to your configured model; never auto-enables. |
toml[tier2]enabled = falsesource_consent = false
[secrets]
Secrets-detector signal toggles.
| Key | Type | Default | Notes |
|---|---|---|---|
generic_keyword | bool | true | Generic keyword-based secret detection. |
generic_entropy | bool | false | Generic entropy-based secret detection. |
Top-level keys
.gadriel.toml (and the global ~/.gadriel/config.toml) also accept flat, non-sectioned keys.
These are not written into the starter file but are valid overrides. Defaults from
config/defaults.rs:
| Key | Default |
|---|---|
portal_url | https://app.gadriel.ai |
auth_token_path | ~/.gadriel/auth/token.jwt |
auth_offline_grace_days | 7 |
policies_repo_url | https://github.com/Gadriel-ai/gadriel-code-policies |
policies_repo_branch | main |
policies_local_path | ./gadriel-code-policies |
store_dir | ~/.gadriel/store/ |
repo_store_dir | ./.security/store/ |
osv_mirror_url | https://osv-vulnerabilities.storage.googleapis.com |
osv_max_staleness_days | 7 |
osv_auto_refresh_days | 7 |
osv_ecosystems_mode | auto |
claude_api_url | https://api.anthropic.com |
claude_model_default | claude-3-5-sonnet-latest |
claude_model_escalation | claude-3-opus-latest |
claude_l1_confirmation | true |
claude_rate_limit_rpm | 60 |
agent_runner | claude |
mcp_server_port | 8765 |
dashboard_port | 8765 |
dashboard_open_browser | true |
install_url | https://get.gadriel.ai |
homebrew_tap | gadriel-ai/tap/gadriel |
npm_package | @gadriel/cli |
history_retention_days | 90 |
verdict_pass_threshold | gadriel_scoring::PASS_THRESHOLD |
verdict_partial_threshold | gadriel_scoring::PARTIAL_THRESHOLD |
verdict_pass_threshold must be within 0.0..=10.0 and strictly greater than
verdict_partial_threshold, or the project file is rejected as a hard error.
Environment variables
Every sectioned key has a matching GADRIEL_<SECTION>_<KEY> env var (which sits between the config
file and CLI flags in precedence). The most operationally relevant:
| Variable | Effect |
|---|---|
PREFLIGHT_OFFLINE | Local-only mode for any command — runs without a portal token. (PREFLIGHT_LOCAL is an alias.) |
GADRIEL_TIER2 | Shorthand for [tier2].enabled (1/true/yes/on = on). GADRIEL_TIER2_ENABLED wins if both are set. |
GADRIEL_TIER2_SOURCE_CONSENT | Sets [tier2].source_consent. Part of the --send-source consent chain (fix.rs). |
GADRIEL_CALIBRATION_TABLE | Explicit path to the false-positive-prevention calibration table (commands/code/stubs.rs). |
GADRIEL_AUTH_TOKEN_PATH | Override the auth-token cache path read by the auth layer (auth/cache.rs). |
GADRIEL_TOKEN_PATH | Sets the config key auth_token_path. |
GADRIEL_TOKEN | Default env var the MCP server reads the auth token from (name is configurable via [mcp].auth_token_env). |
Section-key env vars (all GADRIEL_*):
| Section | Variables |
|---|---|
[scan] | GADRIEL_SCAN_FAIL_ON, GADRIEL_SCAN_OSV_AUTO_SYNC, GADRIEL_SCAN_NO_OSV, GADRIEL_SCAN_OSV_ECOSYSTEMS, GADRIEL_SCAN_GIT_HISTORY, GADRIEL_SCAN_WORKSPACE_TAINT, GADRIEL_SCAN_SCAN_IAC, GADRIEL_SCAN_CORROBORATE, GADRIEL_SCAN_OUTPUT_FORMAT, GADRIEL_SCAN_REGEN_HTML |
[report] | GADRIEL_REPORT_FRAMEWORKS (csv), GADRIEL_REPORT_FORMATS (csv), GADRIEL_REPORT_FAIL_ON, GADRIEL_REPORT_EXECUTIVE |
[init] | GADRIEL_INIT_SKIP_HOOKS, GADRIEL_INIT_SKIP_CLAUDE, GADRIEL_INIT_POLICIES_URL, GADRIEL_INIT_PLATFORMS (csv) |
[mcp] | GADRIEL_MCP_AUTH_TOKEN_ENV |
[tier2] | GADRIEL_TIER2, GADRIEL_TIER2_ENABLED, GADRIEL_TIER2_SOURCE_CONSENT |
[secrets] | GADRIEL_SECRETS_GENERIC_KEYWORD, GADRIEL_SECRETS_GENERIC_ENTROPY |
Booleans accept 1, true, yes, or on (case-insensitive) for "on"; anything else is "off".
Flat-key env vars follow the mapping in loader.rs (e.g. GADRIEL_PORTAL_URL,
GADRIEL_OSV_MIRROR_URL, GADRIEL_VERDICT_PASS_THRESHOLD, …). A small legacy set falls back to
PREFLIGHT_* when the GADRIEL_* name is unset (GADRIEL_PORTAL_URL→PREFLIGHT_PORTAL_URL,
GADRIEL_CLAUDE_MODEL_DEFAULT→PREFLIGHT_LLM_MODEL); using a legacy name emits a one-shot
migration warning.
Secrets never go in the file
Credentials are never read from .gadriel.toml. A top-level key that looks like a secret —
ANTHROPIC_API_KEY, GADRIEL_TOKEN, PREFLIGHT_API_KEY, PREFLIGHT_AUTH_TOKEN — is dropped
silently and surfaced as an operator warning; set it as an environment variable instead. [mcp] auth_token_env stores the name of an env var to read the token from, not a token value.
Scaffolding with gadriel code init
gadriel code init writes a fully-commented starter .gadriel.toml at the repo root. Its values
are read live from Config::default(), so the scaffold never drifts from the code defaults it
documents. Refresh it later with gadriel code init --upgrade (appends any new section a later
version ships; never touches a section you already customised) or --force to replace wholesale.
Starter file (default values):
toml# .gadriel.toml — Gadriel project configuration.## Precedence (highest wins):# inline CLI flag > GADRIEL_*/ANTHROPIC_* env > this file ># ~/.gadriel/config.toml (global) > built-in defaults## Secrets NEVER go here (ANTHROPIC_API_KEY, GADRIEL_TOKEN, ...) — set them as# environment variables. `[mcp] auth_token_env` stores the NAME of an env var,# never a token value.[scan]fail_on = "none" # none|info|low|medium|high|critical (--fail-on)osv_auto_sync = "prompt" # yes|no|prompt (--osv-auto-sync)no_osv = false # skip OSV/CVE consumption (--no-osv)osv_ecosystems = "auto" # auto|all|<csv> (--osv-ecosystems)git_history = false # L4 git-history secret sweep (--git-history)workspace_taint = true # cross-file SAST taint (--no-workspace-taint inverts)scan_iac = false # EXPERIMENTAL Terraform/K8s/CFN/Helm (--scan-iac)corroborate = false # EXPERIMENTAL Tier-1 tool corrob. (--corroborate)output_format = "ocsf" # ocsf|json|sarif (findings file) (--output-format)regen_html = true # auto-regen HTML bundle post-scan (--no-html inverts)[report]frameworks = [] # e.g. ["soc2","pci-dss"] or ["all"] (--compliance)formats = ["pdf", "html"] # (--format)fail_on = "verdict" # verdict|render-only (--fail-on)executive = true # emit executive/CISO PDF (--no-executive inverts)[init]skip_hooks = falseskip_claude = falsepolicies_url = "https://github.com/Gadriel-ai/gadriel-code-policies"platforms = [] # cursor|windsurf|copilot|codex|claude-code|…[mcp]auth_token_env = "GADRIEL_TOKEN" # NAME of the env var to read the token from[tier2]enabled = false # host-LLM semantic layer — OFF by defaultsource_consent = false # persist --send-source consent; privacy-gated[secrets] # detector signal togglesgeneric_keyword = truegeneric_entropy = false
See also: CLI reference. </content>
