Configuration
Full reference for ~/.servonaut/config.json — every option explained with examples.
Config file location
Servonaut creates ~/.servonaut/config.json on first run with sensible defaults.
Edit it with any text editor. Changes take effect the next time you launch the TUI.
Full example config
~/.servonaut/config.json
{
"aws_regions": ["us-east-1", "eu-west-1"],
"custom_servers": [
{
"name": "prod-web-1",
"host": "192.168.1.100",
"user": "deploy",
"key_file": "~/.ssh/id_ed25519",
"port": 22,
"tags": {"env": "production", "role": "web"}
}
],
"ssh": {
"default_key": "~/.ssh/id_rsa",
"terminal": "auto",
"proxy_jump": null
},
"ai_provider": "anthropic",
"ai_api_key": "$ANTHROPIC_API_KEY",
"ai_model": "claude-3-5-haiku-20241022",
"ollama_base_url": "http://localhost:11434",
"mcp": {
"guard_level": "standard",
"allowed_tools": ["list_instances", "get_logs", "run_command", "transfer_file"]
},
"log_paths": [
"/var/log/nginx/access.log",
"/var/log/nginx/error.log",
"/var/log/auth.log"
]
}
AWS settings
| Key | Type | Default | Description |
|---|---|---|---|
aws_regions |
array | ["us-east-1"] |
List of AWS regions to scan for EC2 instances. All regions are queried on launch. |
example
{
"aws_regions": ["us-east-1", "us-west-2", "eu-west-1", "ap-southeast-1"]
}
Custom servers
The custom_servers array lets you add any server — DigitalOcean, Hetzner, bare metal, on-prem VMs —
alongside your AWS EC2 instances.
| Field | Required | Type | Description |
|---|---|---|---|
name | Yes | string | Display name in the TUI server list |
host | Yes | string | IP address or hostname |
user | Yes | string | SSH username (e.g. ubuntu, ec2-user) |
key_file | No | string | Path to SSH private key. Defaults to ssh.default_key. |
port | No | integer | SSH port. Default: 22 |
tags | No | object | Arbitrary key/value pairs for filtering. E.g. {"env":"prod","role":"db"} |
SSH settings
| Key | Type | Default | Description |
|---|---|---|---|
ssh.default_key |
string | ~/.ssh/id_rsa |
Default SSH private key used when a server has no key_file set. |
ssh.terminal |
string | "auto" |
Terminal emulator for SSH sessions. Options: "auto", "gnome-terminal", "iTerm2", "kitty", "wt" (Windows Terminal). |
ssh.proxy_jump |
string / null | null |
Bastion / jump host for SSH ProxyJump. Format: "user@bastion-host". Applied globally; override per-server in custom_servers. |
Bastion / ProxyJump example
config.json
{
"ssh": {
"default_key": "~/.ssh/id_ed25519",
"proxy_jump": "[email protected]",
"terminal": "auto"
}
}
AI provider settings
| Key | Type | Description |
|---|---|---|
ai_provider |
string | AI backend to use. One of: "anthropic", "openai", "ollama". |
ai_api_key |
string | API key. Supports $ENV_VAR and file:/path/to/key syntax. |
ai_model |
string | Model identifier. E.g. "claude-3-5-haiku-20241022", "gpt-4o", "llama3.2". |
ollama_base_url |
string | Base URL for a local Ollama instance. Default: "http://localhost:11434". |
Secrets syntax
Never hard-code API keys in config.json. Use environment variable references:
"ai_api_key": "$ANTHROPIC_API_KEY"
// or from a file:
"ai_api_key": "file:~/.secrets/anthropic_key"
MCP server settings
| Key | Type | Description |
|---|---|---|
mcp.guard_level |
string |
Controls what MCP tools are allowed. Values:
"readonly" — read-only operations only,
"standard" (default) — read + safe writes,
"dangerous" — full access including destructive commands.
|
mcp.allowed_tools |
array | Explicit list of tool names to expose. Leave empty to use all tools permitted by guard_level. |
config.json — readonly mode example
{
"mcp": {
"guard_level": "readonly",
"allowed_tools": ["list_instances", "get_logs", "check_status", "get_server_info"]
}
}
Log viewer paths
Configure the default log paths that Servonaut will offer when you open the log viewer for a server. These are resolved on the remote host, not locally.
config.json
{
"log_paths": [
"/var/log/nginx/access.log",
"/var/log/nginx/error.log",
"/var/log/syslog",
"/var/log/auth.log",
"/var/log/mysql/error.log"
]
}