DaemonConfig Reference

Complete reference for DaemonConfig resource specifications. The DaemonConfig resource configures the AOF webhook server that connects messaging platforms to your agents.

Overview

A DaemonConfig defines how the AOF server runs, which platforms it connects to, and how it routes messages to agents.

Basic Structure

apiVersion: aof.dev/v1
kind: DaemonConfig
metadata:
  name: string              # Required: Unique identifier
  labels:                   # Optional: Key-value labels
    key: value

spec:
  server:                   # Required: Server configuration
    port: int
    host: string
  platforms:                # Required: Platform integrations
    slack: object
    telegram: object
    discord: object
    whatsapp: object
  agents:                   # Required: Agent discovery
    directory: string
  fleets:                   # Optional: Fleet discovery
    directory: string
  flows:                    # Optional: AgentFlow routing
    directory: string
  runtime:                  # Optional: Runtime settings
    default_agent: string
    max_concurrent_tasks: int

---

Server Configuration

spec.server

Field	Type	Required	Default	Description
port	int	Yes	8080	HTTP port to listen on
host	string	No	"0.0.0.0"	Host to bind to
cors	bool	No	false	Enable CORS headers
timeout_secs	int	No	30	Request timeout

Example:

spec:
  server:
    port: 8080
    host: "0.0.0.0"
    cors: true
    timeout_secs: 30

---

Platform Configurations

Slack Platform

Field	Type	Required	Description
enabled	bool	Yes	Enable Slack integration
bot_token_env	string	Yes	Env var for bot token (xoxb-...)
signing_secret_env	string	Yes	Env var for signing secret
approval_allowed_users	array	No	User IDs who can approve commands

Required OAuth Scopes:

• chat:write - Send messages
• app_mentions:read - Respond to @mentions
• reactions:read - Read approval reactions
• reactions:write - Add approval buttons

Required Event Subscriptions:

• app_mention - Bot mentions
• message.channels - Channel messages
• message.im - Direct messages
• reaction_added - For approval workflow

Example:

spec:
  platforms:
    slack:
      enabled: true
      bot_token_env: SLACK_BOT_TOKEN
      signing_secret_env: SLACK_SIGNING_SECRET

      # Optional: Restrict who can approve destructive commands
      approval_allowed_users:
        - U12345678  # SRE Lead
        - U87654321  # Platform Lead

Telegram Platform

Field	Type	Required	Description
enabled	bool	Yes	Enable Telegram integration
bot_token_env	string	Yes	Env var for bot token from @BotFather
webhook_secret	string	No	Optional webhook verification secret
allowed_users	array	No	Telegram user IDs allowed to use bot
allowed_groups	array	No	Telegram group IDs allowed

Note: Telegram is read-only by default for safety. Destructive commands are blocked.

Example:

spec:
  platforms:
    telegram:
      enabled: true
      bot_token_env: TELEGRAM_BOT_TOKEN

      # Optional: Restrict to specific users
      allowed_users:
        - 123456789  # Your Telegram user ID
        - 987654321  # Team member

      # Optional: Restrict to specific groups
      allowed_groups:
        - -1001234567890  # Your ops group

Discord Platform

Field	Type	Required	Description
enabled	bool	Yes	Enable Discord integration
bot_token_env	string	Yes	Env var for bot token
application_id_env	string	Yes	Env var for application ID

Example:

spec:
  platforms:
    discord:
      enabled: true
      bot_token_env: DISCORD_BOT_TOKEN
      application_id_env: DISCORD_APPLICATION_ID

WhatsApp Platform

Field	Type	Required	Description
enabled	bool	Yes	Enable WhatsApp Business integration
phone_number_id_env	string	Yes	Env var for phone number ID
access_token_env	string	Yes	Env var for access token
verify_token_env	string	Yes	Env var for webhook verify token

Example:

spec:
  platforms:
    whatsapp:
      enabled: true
      phone_number_id_env: WHATSAPP_PHONE_NUMBER_ID
      access_token_env: WHATSAPP_ACCESS_TOKEN
      verify_token_env: WHATSAPP_VERIFY_TOKEN

---

Agent Discovery

spec.agents

Field	Type	Required	Default	Description
directory	string	Yes	-	Path to Agent YAML files
watch	bool	No	false	Hot-reload on file changes

Example:

spec:
  agents:
    directory: "./agents"
    watch: true  # Reload agents when files change

---

Fleet Discovery

spec.fleets

Field	Type	Required	Default	Description
directory	string	No	-	Path to Fleet YAML files
watch	bool	No	false	Hot-reload on file changes

Example:

spec:
  fleets:
    directory: "./fleets"
    watch: false

---

AgentFlow Routing

spec.flows

Field	Type	Required	Default	Description
directory	string	No	-	Path to AgentFlow YAML files
enabled	bool	No	false	Enable flow-based routing
watch	bool	No	false	Hot-reload on file changes

Example:

spec:
  flows:
    directory: "./flows"
    enabled: true
    watch: false

---

Runtime Configuration

spec.runtime

Field	Type	Required	Default	Description
default_agent	string	No	-	Fallback agent for unmatched messages
default_model	string	No	-	Default model if agent doesn't specify
max_concurrent_tasks	int	No	10	Max parallel agent executions
task_timeout_secs	int	No	300	Timeout per task execution
max_tasks_per_user	int	No	3	Rate limit per user

Example:

spec:
  runtime:
    default_agent: k8s-ops
    max_concurrent_tasks: 10
    task_timeout_secs: 300
    max_tasks_per_user: 3

---

Complete Examples

Minimal Telegram Bot

apiVersion: aof.dev/v1
kind: DaemonConfig
metadata:
  name: telegram-bot

spec:
  server:
    port: 8080

  platforms:
    telegram:
      enabled: true
      bot_token_env: TELEGRAM_BOT_TOKEN

  agents:
    directory: "./agents"

  runtime:
    default_agent: k8s-ops

Production Slack Bot

apiVersion: aof.dev/v1
kind: DaemonConfig
metadata:
  name: slack-production
  labels:
    env: production

spec:
  server:
    port: 3000
    host: "0.0.0.0"
    cors: true
    timeout_secs: 30

  platforms:
    slack:
      enabled: true
      bot_token_env: SLACK_BOT_TOKEN
      signing_secret_env: SLACK_SIGNING_SECRET
      approval_allowed_users:
        - U12345678  # SRE Lead
        - U87654321  # Platform Lead

  agents:
    directory: "/app/agents"
    watch: false

  fleets:
    directory: "/app/fleets"

  flows:
    directory: "/app/flows"
    enabled: true

  runtime:
    default_agent: devops
    max_concurrent_tasks: 20
    task_timeout_secs: 600
    max_tasks_per_user: 5

Multi-Platform Configuration

apiVersion: aof.dev/v1
kind: DaemonConfig
metadata:
  name: multi-platform

spec:
  server:
    port: 8080
    host: "0.0.0.0"

  platforms:
    slack:
      enabled: true
      bot_token_env: SLACK_BOT_TOKEN
      signing_secret_env: SLACK_SIGNING_SECRET

    telegram:
      enabled: true
      bot_token_env: TELEGRAM_BOT_TOKEN
      allowed_users:
        - 123456789

    discord:
      enabled: false
      bot_token_env: DISCORD_BOT_TOKEN
      application_id_env: DISCORD_APPLICATION_ID

  agents:
    directory: "./agents"
    watch: true

  fleets:
    directory: "./fleets"

  runtime:
    default_agent: devops
    max_concurrent_tasks: 10
    task_timeout_secs: 300

---

Environment Variables

DaemonConfig references environment variables for sensitive data. Never hardcode tokens in YAML files.

Required variables by platform:

Platform	Variables
Slack	SLACK_BOT_TOKEN, SLACK_SIGNING_SECRET
Telegram	TELEGRAM_BOT_TOKEN
Discord	DISCORD_BOT_TOKEN, DISCORD_APPLICATION_ID
WhatsApp	WHATSAPP_PHONE_NUMBER_ID, WHATSAPP_ACCESS_TOKEN, WHATSAPP_VERIFY_TOKEN

LLM API keys:

Provider	Variable
Google	GOOGLE_API_KEY
Anthropic	ANTHROPIC_API_KEY
OpenAI	OPENAI_API_KEY
Groq	GROQ_API_KEY

Example startup:

export TELEGRAM_BOT_TOKEN=123456789:ABCdefGHIjklMNOpqrSTUvwxYZ
export SLACK_BOT_TOKEN=xoxb-your-slack-token
export SLACK_SIGNING_SECRET=your-signing-secret
export GOOGLE_API_KEY=your-google-api-key

# Use the built-in example config
aofctl serve --config examples/config/daemon.yaml

# Or with a custom config
aofctl serve --config config/daemon.yaml

---

CLI Usage

# Start server with config file
aofctl serve --config daemon-config.yaml

# Override directories via CLI
aofctl serve \
  --config daemon-config.yaml \
  --agents-dir ./agents \
  --fleets-dir ./fleets \
  --flows-dir ./flows

# Override port
aofctl serve --config daemon-config.yaml --port 3000

---

Platform Safety

Telegram Read-Only Mode

Telegram is configured as read-only by default:

• Allowed: kubectl get, docker ps, aws describe-*
• Blocked: kubectl delete, docker rm, aws terminate-*

This protects against accidental destructive commands from mobile.

Slack Approval Workflow

Slack supports human-in-the-loop approval for destructive commands:

1. Agent detects destructive command
2. Agent outputs requires_approval: true
3. User sees approval message with reactions
4. User reacts with checkmark to approve or X to deny
5. Command executes only on approval

---

Webhook Endpoints

The server exposes these endpoints for each platform:

Platform	Webhook URL
Slack	https://your-domain/webhook/slack
Telegram	https://your-domain/webhook/telegram
Discord	https://your-domain/webhook/discord
WhatsApp	https://your-domain/webhook/whatsapp

---

See Also

• Agent Spec - Agent resource reference
• Fleet Spec - Fleet resource reference
• AgentFlow Spec - Workflow routing
• aofctl CLI - Command reference
• Slack Bot Tutorial - Build a Slack bot
• Telegram Bot Tutorial - Build a Telegram bot