Environment variables
Complete reference for Forven's environment variables — startup, safety, auth, encryption, integrations, and packaged-app-only keys with meanings and defaults.
Forven reads a small set of environment variables to control where it stores data, which port it binds, whether trading is locked to paper, and how the local HTTP API is secured. This page is the authoritative reference: every variable, what it does, and its default.
Most users never set these by hand. The desktop installer seeds a sensible .env on first run, and the rest of configuration lives in the UI. Set these only when you are running from source, hardening a non-localhost deployment, or wiring up an integration.
How variables are resolved
Environment variables sit at the top of Forven's configuration precedence:
env var > KV store (settings) > config.json > built-in defaultSo an env var always wins over the same value set in the configuration file or the in-app settings. In the packaged desktop app, the first-run wizard seeds FORVEN_HOME/.env from a baked-in template; in a source checkout, Forven reads .env from the repository root. See Configuration reference for the file-level structure.
On Windows, set a variable for the current PowerShell session like this:
$env:FORVEN_PORT = "8003"
$env:FORVEN_BIND_HOST = "127.0.0.1"To persist a value, add it to your .env file (one KEY=value per line) rather than exporting it each session.
Startup & paths
These control where Forven lives and how it listens.
| Variable | Meaning | Default |
|---|---|---|
FORVEN_HOME | Root directory for all app state: config.json, forven.db, forven_lab.db, workspace/, chromadb/. Auto-merges a legacy .juddex/.judex home on first run. | ~/.forven |
FORVEN_PORT | Port the FastAPI backend (uvicorn) binds. A startup guard detects port collisions. | 8003 |
FORVEN_BIND_HOST | Host the backend binds to. Loopback-only by default. | 127.0.0.1 |
FORVEN_CLIENT_BASE | Explicit API base URL the frontend calls. | http://127.0.0.1:8003 |
FORVEN_DATA_DIR | Custom directory for OHLCV and backtest data. | ./data (dev) or FORVEN_HOME/data (packaged) |
FORVEN_FRONTEND_DIR | Path to a prebuilt SvelteKit bundle. If set and present, the SPA is mounted at /. | (unset) |
FORVEN_HOME is the single most important variable: point it at a different directory to run an isolated second instance, or to relocate your data. Everything Forven knows lives under it.
Safety: execution mode & mainnet gate
These two variables, together with the build channel, decide whether Forven can ever touch real capital. Treat them as the load-bearing safety surface.
| Variable | Meaning | Default |
|---|---|---|
FORVEN_EXECUTION_MODE | paper or live. Paper records trades in SQLite against local candle prices; live routes orders to HyperLiquid. | paper |
FORVEN_ALLOW_MAINNET | Must be 1 to permit real-funds (mainnet) orders. Default-deny — the exchange risk gate refuses mainnet unless this is explicitly set. | 0 |
FORVEN_ENV | Deployment channel. The Rust launcher injects beta in the packaged app; dev runs leave it unset. beta hard-locks execution to paper. | (unset in dev; beta in packaged) |
FORVEN_EXECUTION_FAST_PATH | When true, the scanner attempts direct exchange execution before queuing an execution-trader task. | true |
Beta builds hard-lock paper trading. The lock is read at the point of execution, not at the write site, so even a stale execution_mode: live in config.json can never take effect in a beta build — get_execution_mode() returns paper regardless. To go live you need a non-beta build, FORVEN_EXECUTION_MODE=live, and FORVEN_ALLOW_MAINNET=1 for mainnet. See Execution modes and Going live safely.
The public docs sometimes call the paper stage a candidate strategy; internally and in these variables it is always paper.
API authentication
Forven's local HTTP API binds to 127.0.0.1 by default and is unauthenticated unless you set keys. For any deployment that is not strictly localhost, set keys and require them. See the full REST & WebSocket API reference for endpoint groups and headers.
| Variable | Meaning | Default |
|---|---|---|
FORVEN_API_KEY | If set, every /api/* request must carry this key (header x-api-key or Authorization: Bearer). /api/health and /api/shutdown are exempt. | (unset — no auth required) |
FORVEN_OPERATOR_KEY | Higher-privilege key (header x-operator-key) for operator-gated routers and dangerous endpoints (/api/system/*, /api/execution-mode, /api/kill-switch/*). | (unset — no auth required) |
FORVEN_AUTH_REQUIRED | When true, the backend refuses to start unless both FORVEN_API_KEY and FORVEN_OPERATOR_KEY are set. | false |
FORVEN_ALLOWED_HOSTS | Comma-separated DNS-rebinding guard. Middleware rejects unknown Host headers. | 127.0.0.1, localhost, [::1], testserver |
FORVEN_CORS_ORIGINS | Comma-separated CORS-allowed origins. | http://127.0.0.1:5173, http://localhost:5173, ... |
When a key is unset, Forven logs a loud warning at startup. Setting FORVEN_AUTH_REQUIRED=true turns that warning into a hard failure — recommended for anything reachable beyond loopback.
$env:FORVEN_API_KEY = "<a-long-random-string>"
$env:FORVEN_OPERATOR_KEY = "<a-different-long-random-string>"
$env:FORVEN_AUTH_REQUIRED = "true"Encryption & secrets
Forven encrypts API keys and exchange credentials at rest using Fernet symmetric encryption. The key is generated once and stored in a non-synced location.
| Variable | Meaning | Default |
|---|---|---|
FORVEN_ENCRYPTION_KEY | Explicit Fernet key for secrets. If unset, Forven auto-generates one at a preferred path. | (auto-generated) |
The auto-generated key lives at %LOCALAPPDATA%\Forven\.forven_key on Windows (~/.config/forven/.forven_key elsewhere) — deliberately outside FORVEN_HOME.
The encryption key path is non-synced on purpose: it will not follow OneDrive or Dropbox. Your encrypted credentials (in auth.json under FORVEN_HOME) and the key that decrypts them can therefore diverge if you back up one without the other. Back them up together, or set FORVEN_ENCRYPTION_KEY explicitly so the key is reproducible.
HyperLiquid credentials
These provide live-routing credentials as an environment override for file-based or encrypted-settings storage. They are only consulted when execution mode is live. Full setup is on the HyperLiquid integration page; keys stay on your machine.
| Variable | Meaning | Default |
|---|---|---|
FORVEN_HL_API_KEY | HyperLiquid API key. | (unset) |
FORVEN_HL_API_SECRET | HyperLiquid API secret (env or encrypted settings only — not file-based). | (unset) |
FORVEN_HL_WALLET_ADDRESS | HyperLiquid wallet address. | (unset) |
FORVEN_HL_USE_TESTNET | true for testnet, false for mainnet. Paper/test default to testnet, live to mainnet. | true |
Credentials are resolved from your encrypted in-app settings (Settings → HyperLiquid) first, then these env vars, then a legacy file-based settings.json. Note that FORVEN_HL_USE_TESTNET=false still does not permit real-funds orders on its own — FORVEN_ALLOW_MAINNET=1 is the separate, explicit gate.
Integrations
| Variable | Meaning | Default |
|---|---|---|
DISCORD_TOKEN | Discord bot token for the Forven bot. Required only when START_BOT=1. | (unset) |
POLYGON_API_KEY | Polygon.io key for market data. Checked in Settings → API Keys (KV store) first, then auth.json. | (unset) |
FORVEN_GITHUB_WEBHOOK_SECRET | HMAC secret enabling the /api/webhooks/github auto-pull endpoint. Dev runs only — disabled in packaged builds. | (unset) |
FORVEN_GITHUB_WEBHOOK_BRANCH | Target git branch for webhook auto-pull. | main |
Packaged-app-only variables
The Rust launcher and first-run wizard set these inside the installed desktop app. You do not set them by hand on a normal install; they exist so a fresh install has data and a paper lock from the first launch. See Building from source for how they are baked in.
| Variable | Meaning | Default |
|---|---|---|
FORVEN_DEFAULT_ENV | Source .env template seeded to FORVEN_HOME/.env on first install. | (unset) |
FORVEN_DEFAULT_SEED_DATA | Source parquet seed directory copied to FORVEN_HOME/data/ohlcv so the dashboard shows data immediately. | (unset) |
FORVEN_DISABLE_CHROMA_IN_PROCESS | Disables in-process ChromaDB (Windows ONNX workaround). Set automatically on Windows. | (auto on Windows) |
Startup script flags
These are read by the source-checkout launcher (start_all.ps1) to decide which background processes to start. They do not apply to the packaged app.
| Variable | Meaning | Default |
|---|---|---|
START_BOT | 1 starts the Discord bot, 0 skips it. | 1 |
START_DAEMON | 1 starts the data/risk daemon loop, 0 skips it. | 1 |
START_LAB_WORKER | 1 starts the Regime Lab worker. | 0 (unless FORVEN_ENABLE_REGIME_LAB=1) |
FORVEN_ENABLE_REGIME_LAB | Enables the optional Regime Lab worker and UI. | 0 |
FORCE_RESTART | 1 force-restarts backend/frontend/bot even if healthy. | 0 |
Runtime tuning (advanced)
You rarely need these. They size worker pools and timeouts; the defaults are tuned for a desktop machine. Stay within the documented bounds.
| Variable | Meaning | Default |
|---|---|---|
FORVEN_HEADLESS_AGENT_CONCURRENCY | Agent worker pool size (min 1, max 8). | 3 |
FORVEN_HEADLESS_BRAIN_LIMIT | Brain worker task limit (min 1, max 8). | 2 |
FORVEN_API_RUNTIME_THREAD_MODE | true runs scheduler/agent/brain/daemon on separate threads; false runs them as async tasks in the event loop. | true |
FORVEN_API_RUNTIME_START_DELAY_SECONDS | Delay before starting background loops, to let the DB init (0–60). | 5.0 |
FORVEN_OPTIMIZATION_MAX_WORKERS | Parameter-optimization thread pool (1–4). | 2 |
FORVEN_ROBUSTNESS_MAX_WORKERS | Robustness-test thread pool (1–8). | 5 |
FORVEN_ROBUSTNESS_TIMEOUT_SECS | Per-run robustness timeout (min 60). | 600 |
FORVEN_MAX_UPLOAD_BYTES | Max CSV upload size; 413 returned if exceeded. | 52428800 (50 MiB) |
FORVEN_ENABLE_SIMULATION_API | Includes the optional simulation router. | false |
Verifying your settings
After setting variables, confirm the backend picked them up:
- Start Forven (the desktop app, or
start_all.ps1from a source checkout). - Open
http://127.0.0.1:8003/api/health— it should return a health payload with no auth required. - Check the /ops page for the active execution mode and system health.
- If you set auth keys, confirm a request without the key is rejected with
401.
What you'll see: the /ops dashboard shows the current execution mode (it should read paper on a beta build, regardless of any env override), system health, and scheduler status. If a key is required and missing, every operator-gated call returns 401.
Caveats
- Env always wins. A value set here overrides the same key in the UI or
config.json. If a setting in the app "won't stick," check for an env override first. - Beta cannot go live. No combination of variables unlocks live trading in a beta build. The paper lock is enforced at read time.
- Secrets and their key can diverge. Back up
FORVEN_HOME/auth.jsontogether with the non-synced encryption key (or pin it viaFORVEN_ENCRYPTION_KEY). - Webhook endpoint is dev-only.
FORVEN_GITHUB_WEBHOOK_SECREThas no effect in packaged builds.
Forven is a research tool. Nothing here is financial advice, paper results are not predictive of live results, and any numbers in the app are illustrative of process — not a forecast of profit.
Related
- Configuration reference — config.json structure and the full precedence chain
- REST & WebSocket API — endpoints, headers, and the auth model these keys back
- HyperLiquid integration — credential setup and testnet/mainnet selection
- Execution modes: paper vs live — what the safety variables actually gate
Configuration reference
Where Forven keeps its configuration, the order settings are resolved, and the most-touched config.json key groups for the lab, gauntlet, and pipeline.
REST & WebSocket API
The local Forven HTTP and WebSocket API — base URL, authentication keys, the endpoint catalog by router, the live feed, and the legacy sunset.