npm install -g @karmaniverous/jeeves-server
The postinstall script automatically downloads the PlantUML jar for local diagram rendering.
Jeeves Server uses JSON-only configuration. Config files follow the path convention <configDir>/jeeves-server/config.json.
# Generate a starter config
jeeves-server init --config /path/to/config-dir
# Or specify an explicit path
jeeves-server start --config /path/to/jeeves-server/config.json
Legacy paths (jeeves-server.config.json) are auto-migrated to the new convention on first use.
{
"port": 1934,
"chromePath": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe",
"auth": {
"modes": ["keys", "google"],
"google": {
"clientId": "your-google-client-id",
"clientSecret": "your-google-client-secret"
},
"sessionSecret": "random-session-signing-secret"
},
"scopes": {
"restricted": {
"allow": ["/d/projects/*"],
"deny": ["/d/projects/secret/*"]
}
},
"insiders": {
"alice@example.com": {},
"contractor@example.com": { "scopes": "restricted" }
},
"keys": {
"_internal": "random-hex-seed-for-pdf-export",
"_plugin": "random-hex-seed-for-openclaw-plugin",
"primary": "random-hex-seed-for-api-access",
"webhook-notion": {
"key": "random-hex-seed",
"scopes": ["/event"]
}
},
"events": {}
}
String values in the config support ${VAR_NAME} substitution from process.env:
{
"auth": {
"google": {
"clientId": "${GOOGLE_CLIENT_ID}",
"clientSecret": "${GOOGLE_CLIENT_SECRET}"
}
}
}
jeeves-server config validate [--config <path>]
This loads and validates the config against the Zod schema, reporting any errors. Use config [jsonpath] to query the fully resolved configuration:
jeeves-server config # Full resolved config
jeeves-server config '$.port' # Query specific field
jeeves-server config '$.auth.modes' # Nested query
Windows — drives are auto-discovered; no roots config needed:
{ "chromePath": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" }
Linux — configure filesystem roots for the file browser:
{
"chromePath": "/usr/bin/chromium-browser",
"roots": {
"home": "/home",
"projects": "/opt/projects"
}
}
On Windows, roots is ignored. On Linux, if omitted, it defaults to { "root": "/" }.
Once the server starts, the config is loaded once and never written to. Mutable state (like auto-generated insider keys) lives in a separate state.json file that the server manages itself.
Jeeves Server supports two authentication methods, configured via auth.modes:
{
"auth": {
"modes": ["google", "keys"]
}
}
You can enable one or both. The order matters — modes are checked in the order listed.
"google")Best for: Teams where insiders log in via browser.
Users authenticate with their Google account. The server checks their email against the insiders map to determine access.
Requirements when enabled:
auth.google.clientId and auth.google.clientSecret — from Google Cloud Consoleauth.sessionSecret — a random string for signing session cookiesinsidersGoogle Cloud setup:
https://your-domain.com/auth/google/callback"keys")Best for: Headless access, bot integrations, simple setups without Google.
Users authenticate by appending ?key=<value> to any URL. The server derives keys from configured seeds using HMAC-SHA256.
Requirements when enabled:
keysHow keys work: You configure a seed (a random secret string). The server derives the actual key from it via HMAC. You never put the derived key in the config — only the seed. To get the derived key:
curl -H "X-API-Key: <seed>" https://your-domain.com/insider-key
When both are active, browser users log in with Google, and bots/scripts use ?key= for stateless access. Both methods work on every endpoint.
| Scenario | Recommended |
|---|---|
| Team of humans accessing via browser | ["google"] |
| Bot/script access only | ["keys"] |
| Humans + bots on the same server | ["google", "keys"] |
| Quick local setup, no Google credentials | ["keys"] |
Define reusable scope policies at the top level, then reference them by name from insiders, keys, or the outsider policy:
{
"scopes": {
"engineering": {
"allow": ["/d/repos/*", "/d/docs/*"],
"deny": ["/d/docs/hr/*"]
},
"readonly-projects": {
"allow": ["/d/projects/*"]
}
},
"insiders": {
"dev@example.com": { "scopes": "engineering" },
"contractor@example.com": {
"scopes": "readonly-projects",
"deny": ["/d/projects/secret/*"]
}
}
}
Named scopes are atomic — composition happens at the point of use. An insider or key referencing a named scope can add extra allow and deny patterns that merge on top of the named scope's rules.
Scopes can also be specified inline (without named references) using the same formats as before:
{ "scopes": ["/d/projects/*"] }
{ "scopes": { "allow": ["/d/*"], "deny": ["/d/secrets/*"] } }
The insiders map defines who has full browsing access:
{
"insiders": {
"alice@example.com": {},
"contractor@example.com": { "scopes": "restricted" },
"team@example.com": {
"scopes": { "allow": ["/d/*"], "deny": ["/d/secrets/*"] }
}
}
}
See the Insiders, Outsiders & Sharing guide for the full access model.
The keys map defines named API keys for machine and human access:
{
"keys": {
"primary": "a-random-64-char-hex-string",
"webhook-notion": {
"key": "another-random-hex-string",
"scopes": ["/event"]
},
"_internal": "seed-for-pdf-export",
"_plugin": "seed-for-openclaw-plugin"
}
}
Generate seeds with:
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
| Key | Purpose | Scopes |
|---|---|---|
_internal |
Puppeteer uses this to authenticate when rendering PDFs/DOCX. Required for export. | Must be unscoped |
_plugin |
OpenClaw plugin authentication. See OpenClaw Integration. | Must be unscoped |
Both reserved keys are enforced unscoped by the Zod schema.
See the Event Gateway guide for full configuration and usage.
The server proxies semantic search queries to jeeves-watcher and provides a search UI in the header, with filter facets and scope-aware result filtering. The watcher URL is resolved automatically via core service discovery (default port 1936).
To override the default URL, configure it in {configRoot}/jeeves-core/config.json:
{ "services": { "watcher": { "url": "http://custom-host:1936" } } }
The server proxies runner API calls for the process dashboard UI. The runner URL is resolved automatically via core service discovery (default port 1937).
To override the default URL, configure it in {configRoot}/jeeves-core/config.json:
{ "services": { "runner": { "url": "http://custom-host:1937" } } }
Mermaid is bundled as a direct dependency — no configuration needed. PlantUML uses a fallback pipeline:
postinstall) — fastest, supports !includeplantuml.com) — always appended as last resort{
"plantuml": {
"jarPath": "/opt/plantuml/plantuml.jar",
"javaPath": "/usr/bin/java",
"servers": ["https://internal.plantuml.example.com/plantuml"]
}
}
If plantuml is omitted entirely, only the community server is used.
| Field | Type | Default | Description |
|---|---|---|---|
port |
number | 1934 |
Server port |
chromePath |
string | required | Path to Chrome/Chromium executable |
auth |
object | required | Authentication configuration |
scopes |
object | {} |
Named scope definitions |
insiders |
object | {} |
Email → insider entry map |
keys |
object | {} |
Named key entries |
events |
object | {} |
Event gateway schemas |
eventTimeoutMs |
number | 30000 |
Default event command timeout |
eventLogPurgeMs |
number | 2592000000 |
Event log retention (default: 30 days) |
maxZipSizeMb |
number | 100 |
Max directory size for ZIP export |
roots |
object | — | Linux filesystem roots (ignored on Windows) |
watcherUrl |
— | — | Deprecated in v3.6.0. Use core service discovery. |
runnerUrl |
— | — | Deprecated in v3.6.0. Use core service discovery. |
host |
— | — | Deprecated in v3.6.0. Use getBindAddress() via core. |
metaUrl |
— | — | Deprecated in v3.6.0. Use core service discovery. |
plantuml |
object | — | PlantUML rendering config |
diagramCachePath |
string | .diagram-cache |
Cached rendered diagram directory |
outsiderPolicy |
scopes | — | Global outsider sharing constraints |
mermaidCliPath |
string | — | Deprecated. Mermaid is now bundled. |