Environment Variables
Anyy uses environment variables in two ways: runtime selection variables
that affect Anyy itself, and env: secret references that resolve
provider, channel, MCP, or media credentials. Prefer profile-local secret:
refs for durable secrets; use env: when the surrounding service manager already
owns credential injection.
Where Values Belong
| Value type | Preferred location |
|---|---|
| One-off profile/home selection | CLI flags such as --home and --profile. |
| Durable provider or channel credentials | Profile-local secret: refs. |
| Service-manager injected credentials | env:NAME refs. |
| MCP stdio server environment | mcp.client.servers.<id>.env. |
| Non-secret runtime defaults | config.yaml. |
env: refs are resolved when Anyy needs the value. An unset or empty
variable is treated as a missing secret.
Home And Profile
| Variable | Used by | Meaning |
|---|---|---|
ANYY_HOME | CLI, workspace paths, service scripts, installer | Explicit Anyy home directory. |
ANYY_DEFAULT_HOME | Profile manager, dashboard tests, profile-aware commands | Default base home/profile root override. |
HOME | Installer fallback | Used by install scripts when ANYY_HOME is not set. |
NO_COLOR | CLI renderer | Disables colored output when set. |
TERM=dumb | CLI renderer | Disables terminal styling for dumb terminals. |
Most commands also accept --home PATH, which is clearer than relying on
environment when running one-off diagnostics.
Provider Credentials
Provider credentials are usually referenced from config.yaml:
providers:
- id: openai-compatible
api_key_ref: env:OPENAI_API_KEY
Common examples from the sample config include:
| Variable | Typical use |
|---|---|
OPENAI_API_KEY | OpenAI-compatible or OpenAI Responses provider examples. |
ANTHROPIC_API_KEY | Anthropic Messages provider examples. |
DEEPSEEK_API_KEY | DeepSeek-compatible examples. |
GEMINI_API_KEY | Google Gemini provider examples. |
These names are not hard-coded requirements for every provider. Any
api_key_ref: env:NAME or credential_ref: env:NAME reads NAME.
Channel Credentials
Channel setup can store credentials as profile-local secret: refs, which is
preferred for long-running services. Channel doctor and live smoke also use
environment variables for operator-run tests.
The live smoke gate is:
| Variable | Meaning |
|---|---|
ANYY_LIVE_CHANNEL_TESTS=1 | Allows live channel smoke tests to contact external platforms. |
Channel-specific live-smoke variables:
| Channel | Variables |
|---|---|
| Telegram | ANYY_TELEGRAM_TEST_TOKEN, ANYY_TELEGRAM_TEST_CHAT_ID |
| Slack | ANYY_SLACK_TEST_BOT_TOKEN, ANYY_SLACK_TEST_CHANNEL_ID |
| Discord | ANYY_DISCORD_TEST_BOT_TOKEN, ANYY_DISCORD_TEST_CHANNEL_ID |
| Feishu | ANYY_FEISHU_TEST_RECEIVE_ID plus either ANYY_FEISHU_TEST_TENANT_ACCESS_TOKEN or both ANYY_FEISHU_TEST_APP_ID and ANYY_FEISHU_TEST_APP_SECRET |
| DingTalk | ANYY_DINGTALK_TEST_SESSION_WEBHOOK |
| QQ Bot | ANYY_QQBOT_TEST_APP_ID, ANYY_QQBOT_TEST_CLIENT_SECRET, ANYY_QQBOT_TEST_TARGET_ID |
| Facebook Messenger | ANYY_FACEBOOK_TEST_PAGE_ID, ANYY_FACEBOOK_TEST_PAGE_ACCESS_TOKEN, ANYY_FACEBOOK_TEST_RECIPIENT_ID |
ANYY_EMAIL_TEST_ADDRESS, ANYY_EMAIL_TEST_PASSWORD, ANYY_EMAIL_TEST_IMAP_HOST, ANYY_EMAIL_TEST_SMTP_HOST | |
| IRC | ANYY_IRC_TEST_HOST, ANYY_IRC_TEST_NICK |
| SMS | ANYY_SMS_TEST_ACCOUNT_SID, ANYY_SMS_TEST_AUTH_TOKEN, ANYY_SMS_TEST_FROM_NUMBER, ANYY_SMS_TEST_TO_NUMBER |
| LINE | ANYY_LINE_TEST_CHANNEL_ACCESS_TOKEN, ANYY_LINE_TEST_CHANNEL_SECRET, ANYY_LINE_TEST_TARGET_ID |
ANYY_WHATSAPP_TEST_BRIDGE_URL, ANYY_WHATSAPP_TEST_CHAT_ID |
Live smoke commands are operator tests; ordinary anyy channels doctor
does not contact external platforms just because these variables exist.
MCP Credentials
MCP server environment is configured per server:
mcp:
client:
servers:
github:
transport: stdio
command: npx
env:
GITHUB_TOKEN: secret:mcp/github/token
Values under mcp.client.servers.<id>.env can be literal strings or secret refs
such as secret:mcp/github/token and env:GITHUB_TOKEN. Stdio transport does
not inherit arbitrary Anyy environment by default; pass only the variables
the server needs.
This is deliberate. It keeps provider keys, channel tokens, and unrelated shell state out of MCP subprocesses unless you explicitly expose them.
Voice And Media
Voice and media provider credentials use the same env: and secret: ref
scheme:
tts:
openai:
api_key_ref: env:OPENAI_API_KEY
media_understanding:
audio:
providers:
transcriber:
credential_ref: secret:media/transcriber/token
Configuring credentials does not enable a feature by itself. The related
enabled, provider, model, and capability fields still control runtime use.
Debugging
Installer and operator variables:
| Variable | Meaning |
|---|---|
ANYY_RELEASE_BASE_URL | Override the release base URL used by scripts/install.sh. |
ANYY_LATEST_URL | Override the endpoint that returns the latest release version. |
ANYY_INSTALL_COMPACT=1 | Ask the installer to use compact install behavior. |
ANYY_QUIET=1 | Reduce installer output when supported. |
Debugging rules:
- Prefer
anyy status --jsonandanyy doctor --jsonover printing raw environment. - Do not paste provider keys, channel tokens, OAuth credentials, or live-smoke secrets into issue reports.
- When a variable is used through
env:NAME, an unset or empty value is treated as a missing secret.