Skip to main content

Settings File

Bossanova reads global settings from a JSON file on disk:

  • macOS: ~/Library/Application Support/bossanova/settings.json
  • Linux: $XDG_CONFIG_HOME/bossanova/settings.json (defaults to ~/.config/bossanova/settings.json)
  • Profile override: set BOSS_SETTINGS_PATH to an absolute path to select a specific settings file.

The file is optional. When it's absent, defaults apply. Both boss and bossd read the same file. Use BOSS_SETTINGS_PATH when you want a dev build and an installed build to run in parallel without sharing local state.

Press s from the home screen to open the Settings view. It hosts the global toggles (such as the Skip permissions checkbox) and is also the gateway to the Repos (r), Cron (c), and Trash (t) screens.

Bossanova settings view

Example

{
"worktree_base_dir": "/Users/you/work/worktrees",
"default_agent": "claude",
"poll_interval_seconds": 120,
"plugins": [
{
"name": "claude",
"path": "/opt/homebrew/libexec/plugins/bossd-plugin-claude",
"enabled": true,
"config": {
"dangerously_skip_permissions": "true"
}
},
{
"name": "codex",
"path": "/opt/homebrew/libexec/plugins/bossd-plugin-codex",
"enabled": true
},
{
"name": "repair",
"path": "/opt/homebrew/libexec/plugins/bossd-plugin-repair",
"enabled": true
}
],
"repair": {
"skills": { "repair": "boss-repair" },
"cooldown_minutes": 1,
"poll_interval_seconds": 5,
"sweep_interval_minutes": 1
}
}

Cloud-sync settings (orchestrator URL, WorkOS client ID, daemon ID) are configured via environment variables. See Environment overrides below.

Top-level fields

FieldTypeDefaultDescription
worktree_base_dirstring~/.bossanova/worktreesDirectory where per-session git worktrees are created. Auto-created on load.
app_data_dirstringplatform defaultAbsolute directory for local daemon data: bossd.db, bossd.lock, profile plugin discovery, and default socket placement.
socket_pathstringderived from data directoryAbsolute path to the local bossd Unix-domain socket. If unset and app_data_dir is set, defaults to app_data_dir/bossd.sock.
default_agentstringclaudeName of the default agent plugin used for new sessions.
skills_declinedboolfalseSet after the user declines the one-time skills install prompt so it's not shown again.
poll_interval_secondsint120How often the Terminal UI (TUI) polls for PR display status, in seconds.
pluginsarrayauto-discoveredPlugin binaries to load (see below). If unset, bossd auto-discovers bossd-plugin-* binaries next to its own.
repairobjectdefaults belowRepair plugin configuration.

plugins[] entries

FieldTypeDescription
namestringPlugin name (matches the suffix after bossd-plugin-).
pathstringAbsolute path to the plugin binary.
enabledboolWhen false, the plugin is loaded-but-inert.
versionstringOptional version string, informational.
configobjectPlugin-specific string key/value pairs.

claude plugin config keys

KeyTypeDefaultDescription
dangerously_skip_permissionsstring "true" / "false""false" (omit for default)Pass --dangerously-skip-permissions to the Claude Code CLI invoked by the claude plugin. Off by default. Toggle via boss settings --skip-permissions / --no-skip-permissions, or in the boss TUI settings view.

repair fields

FieldTypeDefaultDescription
skills.repairstringboss-repairSkill invoked to attempt repair.
cooldown_minutesint1Minimum gap between repair attempts on the same session.
poll_interval_secondsint5Poll interval for repair status checks.
sweep_interval_minutesint1How often the plugin sweeps for sessions needing repair.

Development profile

To run a development build beside the Homebrew build, keep a profile in the repo-local .config/ directory:

mkdir -p .config/data

Put this settings content in .config/settings.json, replacing /path/to/bossanova with your repo path:

{
"app_data_dir": "/path/to/bossanova/.config/data",
"socket_path": "/path/to/bossanova/.config/bossd.sock",
"default_agent": "claude"
}
export BOSS_SETTINGS_PATH="/path/to/bossanova/.config/settings.json"

With that environment, the development boss CLI reads .config/settings.json, starts or dials the daemon at .config/bossd.sock, and stores daemon data in .config/data. The Homebrew install can continue using the standard macOS Application Support paths.

If BOSS_SOCKET is set in your shell, it overrides the socket selected by socket_path. Unset BOSS_SOCKET when using profile files unless you are intentionally debugging a single socket path.

Environment overrides

Cloud-sync settings (orchestrator URL, WorkOS client ID, daemon ID) are configured exclusively via environment variables. Other settings that have a settings.json field can also be overridden by env var. Precedence (highest wins): environment variable → settings.json → hardcoded default.

boss (TUI / CLI)

VariableNotes
BOSS_WORKOS_CLIENT_IDWorkOS client used by boss login; override when pointing at a staging orchestrator
BOSS_CLOUD_URLoverrides the authenticated cloud orchestrator URL used by boss login and remote CLI calls
BOSS_SKIP_SKILLSany non-empty value suppresses the first-run skill-install prompt (persistent equivalent: skills_declined in settings.json)
BOSS_SETTINGS_PATHabsolute path to the settings file; selects a profile before boss chooses the daemon socket or reads other settings
BOSS_SOCKETexplicit socket override for tests and one-off debugging; for normal profiles prefer BOSS_SETTINGS_PATH plus socket_path
BOSS_DAEMON_SKIP_LAUNCHCTLany non-empty value skips launchctl calls in boss daemon install/uninstall/status
BOSS_REPORT_URLoverrides the bug-report submission URL
BOSS_AUTH_E2E_EMAILe2e tests only: pre-seeds an authenticated identity so login flows can be exercised in CI; built only under the e2e build tag

bossd (daemon)

VariableNotes
BOSSD_ORCHESTRATOR_URLURL bossd syncs with (default: https://orchestrator.bossanova.dev); set to "" for local-only mode
BOSSD_DAEMON_IDstable identifier this daemon registers under (defaults to machine hostname); each value creates a separate daemon record, so change carefully
BOSSD_USER_JWTbypass the keychain and pass a WorkOS JWT directly; used in CI

XDG and path variables

VariableWhat it affects
XDG_CONFIG_HOMEWhere settings.json is read from on Linux (macOS uses ~/Library/Application Support/)
XDG_STATE_HOMEWhere rotated log files live
XDG_RUNTIME_DIRNot used for Bossanova's daemon socket; set socket_path in settings or use BOSS_SOCKET for an explicit override
HOMEUsed to resolve ~/.claude/skills/ and ~/.bossanova/

GitHub App integration

Bossanova receives GitHub PR, check, status, review, and comment events through the GitHub App webhook endpoint on the orchestrator.

Configure the GitHub App with these URLs:

GitHub App settingValue
Homepage URLhttps://app.bossanova.dev/github/setup
Setup URLhttps://app.bossanova.dev/github/setup
User authorization callback URLhttps://app.bossanova.dev/github/setup
Webhook URLhttps://orchestrator.bossanova.dev/webhooks/github

The Homepage URL, Setup URL, and User authorization callback URL must match BOSSO_GITHUB_APP_CALLBACK_URL. Enable Request user authorization during installation and Redirect on update. Set the GitHub webhook secret to the same value as BOSSO_GITHUB_APP_WEBHOOK_SECRET.

Required repository permissions:

PermissionAccess
Pull requestsRead and write
ChecksRead and write
ContentsRead-only
MetadataRead-only
StatusesRead and write

Subscribe to these events:

  • pull_request
  • check_run
  • check_suite
  • status
  • push
  • issue_comment
  • pull_request_review

Required environment variables:

Terraform Cloud variableKubernetes runtime envSource
TF_VAR_bosso_github_app_idBOSSO_GITHUB_APP_IDGitHub App settings page, App ID
TF_VAR_bosso_github_app_slugBOSSO_GITHUB_APP_SLUGGitHub App URL slug
TF_VAR_bosso_github_app_private_keyBOSSO_GITHUB_APP_PRIVATE_KEYGitHub App private key PEM, stored as one escaped env value
TF_VAR_bosso_github_app_webhook_secretBOSSO_GITHUB_APP_WEBHOOK_SECRETWebhook secret configured on the GitHub App
TF_VAR_bosso_github_app_callback_urlBOSSO_GITHUB_APP_CALLBACK_URLFrontend setup route, for example https://app.bossanova.dev/github/setup
TF_VAR_bosso_github_app_client_idBOSSO_GITHUB_APP_CLIENT_IDGitHub App settings page, Client ID
TF_VAR_bosso_github_app_client_secretBOSSO_GITHUB_APP_CLIENT_SECRETGitHub App generated client secret

Mark the private key, webhook secret, and client secret as sensitive in Terraform Cloud. Terraform stores the desired GitHub App values for configuration wiring and exposes the runtime values through the kubernetes_secret_bosso output. Do not pass secret values as command-line arguments; process argv can be inspected.

cd infra/kustomize
./pull-secrets.sh production

For staging, run ./pull-secrets.sh staging. The generated .env-bosso file is gitignored and must not be committed.

Bosso GKE Runtime

Bosso runs on GKE with Cloud SQL Postgres, Redis, Google Artifact Registry, and the Google external ALB. Terraform writes the Kubernetes secret values:

BOSSO_DB_DRIVER=postgres
BOSSO_DATABASE_URL=postgres://...
BOSSO_MULTI_INSTANCE=true
BOSSO_REDIS_URL=redis://bs-redis-service.<namespace>.svc.cluster.local:6379/0
BOSSO_ROUTING_PROVIDER=kubernetes
BOSSO_WEBHOOK_ROUTING_URL=http://bs-bosso-service.<namespace>.svc.cluster.local:80

Generate each BOSSO_INTERNAL_WEBHOOK_TOKEN as a high-entropy secret, for example with openssl rand -base64 32, and set the same value on every bosso instance in that environment. The token authenticates internal routed webhook delivery when one bosso instance forwards webhook work to the instance that owns the target daemon stream.

Use this token only for internal routed webhook delivery between bosso instances; it is separate from the GitHub App webhook secret.

Kubernetes sets BOSSO_INSTANCE_ID from the pod name. Local or manual multi-instance runs must set BOSSO_INSTANCE_ID on each process to a distinct stable value.

Webhook behavior:

  • GitHub signs webhook payloads with the app webhook secret.
  • The orchestrator verifies the signature, then routes the event by installation_id to the WorkOS user that completed setup.
  • Pull request events trigger a targeted refresh for the affected repository and PR.
  • The polling fallback backs off for 5 minutes on repositories that recently delivered webhooks.