OpenKakao

Configuration

Persistent CLI policy in ~/.config/openkakao/config.toml.

Introduction

OpenKakao can persist operator policy in:

~/.config/openkakao/config.toml

Use this for unattended services, launchd jobs, cron tasks, or any setup where you do not want to repeat the same policy flags on every invocation.

Persist operator policy

Keep unattended mode and allow-* decisions explicit instead of hiding them in random shell wrappers.

Reduce repeated flags

Store stable policy once and let one-off CLI flags override only what needs to change.

Control recovery behavior

Auth policy settings can change whether relogin or renewal is preferred during recovery.

Make automation legible

A checked-in or documented config is easier to reason about than an opaque service command line.

Policy should persist, targets should stay visible

Put long-lived operating rules in config.toml. Keep concrete destinations such as webhook URLs and one-off force flags on the command line.

Precedence

Configuration is resolved in this order:

  1. CLI flags
  2. config.toml
  3. built-in safe defaults

Example

[mode]
unattended = true

[send]
allow_non_interactive = true
default_prefix = true

[watch]
allow_side_effects = true
default_max_reconnect = 10

[auth]
prefer_relogin = true
auto_renew = true
password_cmd = "doppler secrets get KAKAO_PASSWORD -p openkakao -c dev --plain"

[safety]
min_unattended_send_interval_secs = 10
min_hook_interval_secs = 2
min_webhook_interval_secs = 2
hook_timeout_secs = 20
webhook_timeout_secs = 10
allow_insecure_webhooks = false

Current Fields

KeyTypePurpose
mode.unattendedbooldeclare that this environment may run without interactive confirmation
send.allow_non_interactiveboolallow send -y, send-file -y, and send-photo -y
send.default_prefixboolkeep or disable the default outgoing prefix
watch.allow_side_effectsboolallow read receipts, local hooks, and webhooks in watch mode
watch.default_max_reconnectintoverride the default reconnect count for watch
auth.prefer_reloginboolchoose whether relogin or renew runs first during recovery
auth.auto_renewboolallow or skip refresh-token renewal during recovery
auth.password_cmdstringshell command that prints the current Kakao password for relogin recovery
safety.min_unattended_send_interval_secsintminimum spacing between unattended sends
safety.min_hook_interval_secsintminimum spacing between local hook executions
safety.min_webhook_interval_secsintminimum spacing between webhook deliveries
safety.hook_timeout_secsinthard timeout for --hook-cmd
safety.webhook_timeout_secsintHTTP timeout for webhook delivery
safety.allow_insecure_webhooksboolallow non-HTTPS webhooks outside localhost

High-Value Sections

mode

Declares whether this environment may run without interactive confirmation.

send

Governs non-interactive outbound operations and the default outgoing prefix behavior.

watch

Controls whether real-time hooks, webhooks, and read receipts are allowed unattended.

auth

Determines how recovery should behave when credentials need to be refreshed or rebuilt.

safety

Governs unattended send spacing, watch side-effect rate limits, timeouts, and webhook transport policy.

Auth Policy Examples

Conservative default

[auth]
prefer_relogin = true
auto_renew = true

This keeps the recovery ladder as:

  1. saved credentials
  2. relogin
  3. renew
  4. Cache.db extraction

Skip renewal

[auth]
prefer_relogin = true
auto_renew = false

Use this when renewal has become noisy or unreliable and you only want relogin plus fresh extraction.

Try renewal first

[auth]
prefer_relogin = false
auto_renew = true

Use this only when you have reason to believe refresh-token renewal is currently the cheaper recovery path in your environment.

Pull password from Doppler

[auth]
prefer_relogin = true
auto_renew = true
password_cmd = "doppler secrets get KAKAO_PASSWORD -p openkakao -c dev --plain"

Use this when you want unattended relogin without storing the Kakao password in config.toml or credentials.json. The command is executed only when relogin needs a password. Precedence is:

  1. explicit --password
  2. auth.password_cmd
  3. cached login.json password

Config does not replace operator judgment

A persistent config makes automation more repeatable, not automatically safer. Broad unattended policy still needs a narrow workflow around it.

What Stays Command-Local

These still belong on the command line:

  • --force for open chat operations
  • concrete destinations like --webhook-url
  • hook matchers like --hook-chat-id

Policy should persist. Targets should stay visible in the command being run.

launchd

The repo now includes starting-point launchd assets in:

examples/launchd/

Use those files for long-running macOS jobs instead of inventing a service wrapper from scratch. They keep log paths, PATH, and unattended flags explicit.

Where to Go Next

Authentication

See how saved credentials, relogin, renewal, and extraction work together.

REST vs LOCO

Decide which transport belongs in each workflow before you automate it.

watch

Review the most policy-sensitive command surface before enabling hooks or webhooks.

Safe Usage

Turn configuration policy into operating rules that stay narrow in practice.

REST vs LOCO

When to use each transport and where the stability boundary sits.

Troubleshooting

Common failure modes when login, LOCO, or watch mode do not behave as expected.

On this page

Introduction
Precedence
Example
Current Fields
High-Value Sections
Auth Policy Examples
Conservative default
Skip renewal
Try renewal first
Pull password from Doppler
What Stays Command-Local
launchd
Where to Go Next