Configuration

Each dtoolkit service stores its configuration in a JSON file under the user’s home directory. Every config value can be overridden with an environment variable, and all services share the same conventions for ports, authentication, and data storage.

Config file locations

Service	Config file	Data directory
dbrain	`~/.dbrain/config.json`	`~/.dbrain/`
dwork	`~/.dwork/config.json`	`~/.dwork/`
dops	`~/.dops/config.json`	`~/.dops/`
dcontext	(per-CLI config)	(none)
dproxy	`~/.dproxy/config.json`	`~/.dproxy/`

All config files are created automatically when you run the init command for each service. You can also edit them directly.

dbrain init    # creates ~/.dbrain/config.json
dwork init     # creates ~/.dwork/config.json
dops init      # creates ~/.dops/config.json
dproxy init    # creates ~/.dproxy/config.json

Service configuration

The dbrain config controls the memory server, its storage, networking, and federation connections.

{
  "dataPath": "~/.dbrain",
  "port": 7878,
  "host": "127.0.0.1",
  "token": "your-secret-token",
  "brainType": "personal",
  "connections": [
    {
      "name": "team-brain",
      "url": "http://192.168.1.50:7878",
      "token": "shared-brain-token"
    }
  ]
}

Field	Type	Default	Description
`dataPath`	`string`	`~/.dbrain`	Directory for SQLite database and data files
`port`	`number`	`7878`	REST API and MCP server port
`host`	`string`	`127.0.0.1`	Bind address
`token`	`string`	(generated)	Bearer token for API authentication
`brainType`	`"personal" \| "shared"`	`personal`	Personal brains are single-user; shared brains accept connections from multiple clients
`connections`	`array`	`[]`	List of remote brains to federate with

Adding connections:

You can add connections via the CLI or by editing the config file directly.

dbrain connect --name team-brain --url http://192.168.1.50:7878 --token shared-token

The dwork config controls the project manager server and its storage.

{
  "dataPath": "~/.dwork",
  "port": 7881,
  "host": "127.0.0.1",
  "token": "your-secret-token"
}

Field	Type	Default	Description
`dataPath`	`string`	`~/.dwork`	Directory for SQLite index and project data
`port`	`number`	`7881`	REST API and MCP server port
`host`	`string`	`127.0.0.1`	Bind address
`token`	`string`	(generated)	Bearer token for API authentication

The dops config controls the observability server.

{
  "dataPath": "~/.dops",
  "port": 7883,
  "host": "127.0.0.1",
  "token": "your-secret-token"
}

Field	Type	Default	Description
`dataPath`	`string`	`~/.dops`	Directory for SQLite database with session data
`port`	`number`	`7883`	REST API and MCP server port
`host`	`string`	`127.0.0.1`	Bind address
`token`	`string`	(generated)	Bearer token for API authentication

dcontext does not have its own config file. Instead, it writes hooks into each CLI’s native configuration:

CLI	Config modified	Context file
Claude Code	`.claude/settings.json`	`CLAUDE.md`
Gemini CLI	`settings.json`	`GEMINI.md`
Codex CLI	`config.toml`	`AGENTS.md`
OpenCode	npm plugin	`AGENTS.md`

Install hooks with:

dcontext install

Or use dbrain’s shorthand:

dbrain connect claude
dbrain connect gemini

Uninstall hooks to revert all changes:

dcontext uninstall

The dproxy config controls the universal CLI adapter, including which AI provider to use by default.

{
  "provider": "claude",
  "model": "sonnet",
  "port": 7880,
  "host": "127.0.0.1",
  "token": "your-secret-token"
}

Field	Type	Default	Description
`provider`	`string`	`claude`	Default provider: `claude`, `codex`, `gemini`, or `opencode`
`model`	`string`	(provider default)	Model to use (e.g., `sonnet`, `opus`, `haiku`)
`port`	`number`	`7880`	REST API port (used by `dproxy serve`)
`host`	`string`	`127.0.0.1`	Bind address
`token`	`string`	(generated)	Bearer token for API authentication

Environment variables

Every config field can be overridden with an environment variable. Environment variables take precedence over values in the config file. The naming convention is {SERVICE}_{FIELD} in uppercase.

dbrain

Variable	Overrides	Example
`DBRAIN_DATA_PATH`	`dataPath`	`~/.dbrain`
`DBRAIN_PORT`	`port`	`7878`
`DBRAIN_HOST`	`host`	`0.0.0.0`
`DBRAIN_TOKEN`	`token`	`my-secret-token`
`DBRAIN_BRAIN_TYPE`	`brainType`	`shared`

dwork

Variable	Overrides	Example
`DWORK_DATA_PATH`	`dataPath`	`~/.dwork`
`DWORK_PORT`	`port`	`7881`
`DWORK_HOST`	`host`	`0.0.0.0`
`DWORK_TOKEN`	`token`	`my-secret-token`

dops

Variable	Overrides	Example
`DOPS_DATA_PATH`	`dataPath`	`~/.dops`
`DOPS_PORT`	`port`	`7883`
`DOPS_HOST`	`host`	`0.0.0.0`
`DOPS_TOKEN`	`token`	`my-secret-token`

dproxy

Variable	Overrides	Example
`DPROXY_PROVIDER`	`provider`	`gemini`
`DPROXY_MODEL`	`model`	`opus`
`DPROXY_PORT`	`port`	`7880`
`DPROXY_HOST`	`host`	`0.0.0.0`
`DPROXY_TOKEN`	`token`	`my-secret-token`

# Start dbrain on a custom port, bound to all interfaces
DBRAIN_PORT=9000 DBRAIN_HOST=0.0.0.0 dbrain start

Ports summary

All dtoolkit services use a pair of consecutive ports: one for the API (REST + MCP) and one for the web dashboard.

Service	API port	Dashboard port	Protocol
dbrain	7878	7879	REST + MCP (same port)
dproxy	7880	—	REST + SSE streaming
dwork	7881	7882	REST + MCP (same port)
dops	7883	7884	REST + MCP (same port)

dproxy is the exception: it provides a REST API with SSE streaming but does not have an MCP server or dashboard.

Authentication

All dtoolkit services use Bearer token authentication. A token is generated automatically during init and stored in the config file.

How authentication works

Every HTTP request to a dtoolkit service must include the token in the Authorization header:

curl -H "Authorization: Bearer your-secret-token" http://localhost:7878/health

MCP clients also authenticate with the same token. When configuring an MCP client (such as Claude Code’s settings.json), pass the token as part of the connection URL or headers.

Setting a token

Tokens are generated automatically when you run init. To set a specific token:

# Set via the configure command
dbrain configure --token my-new-token

# Or edit the config file directly
# ~/.dbrain/config.json -> "token": "my-new-token"

# Or use an environment variable
DBRAIN_TOKEN=my-new-token dbrain start

Rotating tokens

To rotate a token, update it in the config file or via environment variable, then restart the service. Any connected clients (dcontext hooks, MCP integrations, SDK clients) must be updated with the new token.

# 1. Generate a new token
NEW_TOKEN=$(openssl rand -hex 32)

# 2. Update the config
dbrain configure --token "$NEW_TOKEN"

# 3. Restart the service
dbrain start

# 4. Update any clients that connect to this service

SDK authentication

When using the @dtoolkit/sdk package to connect to services programmatically, pass the token when creating a client:

import { DBrainClient, DWorkClient } from '@dtoolkit/sdk';

const brain = new DBrainClient({
  baseUrl: 'http://localhost:7878',
  token: 'your-secret-token',
});

const work = new DWorkClient({
  baseUrl: 'http://localhost:7881',
  token: 'your-secret-token',
});

Shared brain API keys

Shared brains support multiple API keys for team access control. This lets each team member or service authenticate independently, without sharing a single master token.

# List existing keys
dbrain keys list

# Create a new key for a team member
dbrain keys create --name "alice"

# Revoke a key
dbrain keys revoke --name "alice"

API keys provide the same access as the master token. The master token (in config.json) always works and cannot be revoked via the keys command.

Next steps

Getting started — install and initialize your first service
dbrain — deep dive into the memory server
dwork — set up your AI-native project manager
MCP tools reference — full list of MCP tools across all services
CLI reference — all CLI commands and flags