MarketDeck docs
Environment variables
Every environment variable marketdeck reads, what it does, and where it kicks in.
The CLI reads a small set of environment variables to override paths, control debug output, and inject test seams. None of them need to be set for a default install — every default is sane on a GNOME / Ubuntu host.
XDG paths#
Standard XDG variables shape where state lives:
| Variable | Default | Affects |
|---|---|---|
XDG_DATA_HOME | ~/.local/share | DB, secrets vault, plugins, snapshots, backtest blobs. |
XDG_CONFIG_HOME | ~/.config | Plugin enable state, maintenance config. |
XDG_CACHE_HOME | ~/.cache | Daemon log, web UI log, icon cache, HTTP log file (when fall-back), snapshot cache. |
HOME | (resolved by Node) | Used as the parent for the XDG defaults. |
Setting any of these to a temp dir is the cleanest way to run marketdeck against an isolated state for tests — see test-real-trading.js and test-keyring-interop.js for the pattern.
Vault passphrase (Node keyring fallback)#
| Variable | What it does |
|---|---|
MARKETDECK_VAULT_PASSPHRASE | Passphrase used to encrypt the AES-GCM secrets vault file. First match wins, otherwise the CLI checks ~/.config/marketdeck/vault.key, otherwise it prompts on TTY. |
Only consulted when libsecret is unavailable. On a default GNOME install, the libsecret bridge is the primary store and this var is unused.
Process tagging#
| Variable | What it does |
|---|---|
MARKETDECK_PROC_TAG | A short label written into every HTTP-log entry's pid field. Lets cross-process logs distinguish cli, panel, agent, daemon. The CLI defaults this to main. |
Debug output#
| Variable | What it does |
|---|---|
MARKETDECK_DEBUG | When set (any truthy value), several internal paths surface verbose error detail to stderr that is otherwise suppressed: codex turn-context parse failures, ollama-list failures, plugin load failures (now visible by default — debug just adds the stack), claude envelope-parse hiccups. |
Use it sparingly — the output is intended for bug triage, not for day-to-day operation.
Binary resolution#
| Variable | What it does |
|---|---|
MARKETDECK_BIN | Override the path the plugin loader resolves for spawnCli([...]). Used by tests / CI to pin a specific build of the CLI when multiple are installed side-by-side. |
Daemon overrides#
| Variable | What it does |
|---|---|
MARKETDECK_DEPLOY_TARGET | Used by the website's git post-receive hook (not the CLI itself). Override the target directory the auto-deploy checks out into. |
Provider config paths#
The CLI never reads vendor API keys directly. Each provider's CLI manages its own credentials at:
| Provider | Config location |
|---|---|
| Claude Code | ~/.claude/ (interactive login). |
| Codex | ~/.codex/config.toml. |
| Hermes Agent | ~/.hermes/config.yaml. |
| OpenClaw Agent | ~/.openclaw/openclaw.json. |
| Ollama / Ollama Cloud | ~/.ollama/. |
This is the source of the no-credentials-in-argv invariant: a provider adapter that ever needs to put a secret on argv should file an upstream bug instead. See ai/providers/README.md in the CLI repo for the full security contract.