Skip to content

Configuration

CloudSlash is configured via ~/.cloudslash/cloudslash.yaml. All settings can also be set via environment variables, CLI flags, or the TUI Config workspace.

Configuration Hierarchy

Settings are loaded in this order (later sources override earlier ones):

  1. Global config: ~/.cloudslash/cloudslash.yaml
  2. Project-level Slashfile: .cloudslash.yaml in the project directory (walks up the directory tree)
  3. Environment variables: CLOUDSLASH_<KEY> (e.g., CLOUDSLASH_RECONCILE_INTERVAL=30m)
  4. CLI flags: --flag (highest priority)

Full Configuration File

# ~/.cloudslash/cloudslash.yaml
# ─────────────────────────────────────────────────────────────

# ── Scanning ───────────────────────────────────────────────────
# How deep to scan cloud resources. Options: "full", "fast", "shallow"
scan_depth: full

# Opt-in periodic re-scan interval. Set to a Go duration (e.g. "30m", "6h")
# to enable automatic rescanning while the daemon is running.
# Set to "off", "0", or leave empty to disable (default: disabled).
# When disabled, the daemon only scans once on startup and on manual triggers.
reconcile_interval: "off"

# ── Cloud Providers ────────────────────────────────────────────
providers:
  aws:
    profile: default        # AWS CLI profile name
    regions:
      - us-east-1
      - us-west-2
  gcp:
    project: my-gcp-project
    regions:
      - us-central1
  azure:
    subscription: "..."
    regions:
      - eastus

# ── Pricing ────────────────────────────────────────────────────
pricing:
  # Enterprise Discount Program percentage (reduces calculated costs)
  edp_discount: 0

# ── AI Provider ────────────────────────────────────────────────
ai:
  # One of: gpt-4o, claude, gemini, ollama
  provider: ollama
  # Model override (e.g. gpt-4o-mini, claude-sonnet-4-20250514, gemini-pro)
  model: ""
  # API key for cloud AI providers
  api_key: ""
  # Custom base URL (for Azure OpenAI, self-hosted, etc.)
  base_url: ""
  # Ollama-specific endpoint (default: http://localhost:11434)
  ollama_endpoint: "http://localhost:11434"

# ── Notifications ──────────────────────────────────────────────
notifications:
  slack:
    webhook_url: ""
    channel: "#cloudslash-alerts"

# ── Daemon ─────────────────────────────────────────────────────
# Snapshot retention for the event store audit trail
snapshot_retention_days: 90

# Mock speed multiplier for demo mode (1.0 = normal)
mock_speed: 1.0

# ── GitHub App ─────────────────────────────────────────────────
github:
  # Webhook secret for GitHub App integration (leave empty to disable)
  webhook_secret: ""
  # App ID and private key path for GitHub App authentication
  app_id: ""
  private_key_path: ""

# ── Swarm (Parallel Execution) ─────────────────────────────────
swarm:
  # Max concurrent plugin scans. "auto" = NumCPU
  max_concurrency: auto

# ── Telemetry ──────────────────────────────────────────────────
telemetry:
  # Set to true to disable all anonymous product analytics.
  # Equivalent to passing: no-telemetry or CLOUDSLASH_TELEMETRY=0.
  # When opt_out is true, no network connection is made: the opt-out
  # check is a hard gate that runs before any HTTP client is created.
  opt_out: false

Telemetry

Anonymous scan telemetry is enabled by default. To opt out permanently via the config file:

telemetry:
  opt_out: true

See the Telemetry & Privacy reference page for a full explanation of what is collected, what is guaranteed never to be collected, and all available opt-out mechanisms.

Scanning Modes

CloudSlash supports two scanning modes:

On-Demand

Default

# One-shot scan: scans now, prints results, exits
cs scan

# Scan with the daemon running (results appear in TUI/Web)
cs daemon &
cs scan

# Manual rescan from the TUI: press Ctrl+R

The daemon performs an initial scan on startup and then waits for manual triggers:

  • Ctrl+R in TUI → queues a rescan
  • cs scan CLI → runs a one-shot scan
  • POST /api/v1/scan API → triggers a rescan programmatically

Continuous

Opt-in

Enable periodic auto-rescanning by setting reconcile_interval in your config:

# Rescan every 30 minutes while the daemon is running
reconcile_interval: "30m"

Or via environment variable:

CLOUDSLASH_RECONCILE_INTERVAL=30m cs daemon

Or via the TUI Config workspace (Workspace 4 → Plugins & Policies pane → Reconcile Interval).

When the daemon is running with continuous scanning enabled, it automatically re-runs all loaded plugins at the configured interval. Each rescan appears in the audit ledger as [Reconcile] Periodic rescan triggered.

To disable: set to "off", "0", "disabled", or leave empty.

Modifying Settings

Settings can be modified via:

Method Example
Config file Edit ~/.cloudslash/cloudslash.yaml
CLI cs config set reconcile_interval 30m
TUI Workspace 4 → Engine Settings
Web UI Settings panel
Environment CLOUDSLASH_RECONCILE_INTERVAL=30m

Changes made via cs config set or the TUI are persisted to ~/.cloudslash/cloudslash.yaml and hot-reloaded by the daemon.