Knaix CLIBY KOVALENT AI
BETA

Advanced configuration

Fine-tune your CLI experience with environment overrides, and explore the node security model.

Environment overrides

For headless CI/CD pipelines or automated scripts, Knaix supports standard environment variables. These bypass the local config file entirely.
KNAIX_TOKEN
Provide your Kovalent Bearer Token directly. Ideal for GitHub Actions or GitLab CI.
KNAIX_API_URL
Override the default production endpoint (e.g. for local development or private VPC proxies).

Config file path

Knaix stores its persistent state in ~/.knaix/config.json. Starting in v0.3.0, the CLI enforces strict security and reliability patterns:
0o600 Hardening
The CLI automatically sets file permissions to Owner-only. If the config is compromised locally, other users cannot read your tokens.
Atomic Saves
Config updates use the "Write-Sync-Rename" loop. This prevents JSON corruption during system crashes or power failures.
{ "token": "eyJhbGciOiJIUzI1...", "username": "diego", "api_url": "https://api.kovalentai.com", "default_node_id": "claude-ai-alpha" }

Performance & connection pooling

Knaix is designed for high-concurrency workloads. Every command uses a shared KnaixContext that warms and maintains a pool of persistent TLS connections.

Identity-first security

Knaix uses the PKCE flow for secure OAuth2 authentication. Your organization's identity (Okta, Azure AD, etc.) is verified by the Kovalent Identity Center before any mesh access is granted.

Enterprise deployments

For custom VPC deployments or air-gapped installation guides, contact support@kovalentai.com