Configuration
.agentprey.toml
Full configuration template and field reference.
Default Template
toml
[target]# Optional target type: http | openclaw# type = "http"# Required for config-driven scansendpoint = "http://127.0.0.1:8787/chat"method = "POST"# Optional custom JSON request template with a {{payload}} marker# request_template = "{"messages":[{"role":"user","content":{{payload}}}]}"# Optional JSON pointer path for response extraction# response_path = "/choices/0/message/content"# Optional headers to send with every requestheaders = { }[scan]vectors_dir = "vectors"category = "prompt-injection"timeout_seconds = 30retries = 2retry_backoff_ms = 250max_concurrent = 2rate_limit_rps = 10redact_responses = true[output]# Optional default output artifact path# json_out = "./scan.json"# html_out = "./scan.html"[auth]# Optional entitlement API base URL override# api_url = "https://PLACEHOLDER.convex.site"Precedence
When both are provided, CLI flags override values loaded from the TOML config file.
[target]
| Field | Type | Default | Notes |
|---|---|---|---|
| endpoint | string | none | HTTP endpoint for config-driven scans. Required when --target is not passed. |
| method | string | none | Optional HTTP method used for target requests. |
| request_template | string | none | Optional JSON string template with a {{payload}} marker for payload injection. |
| response_path | string | none | Optional JSON pointer path used to read model output text. |
| headers | table<string,string> | {} | Headers sent with every request, merged as KEY: VALUE pairs. |
[scan]
| Field | Type | Default | Notes |
|---|---|---|---|
| vectors_dir | path | vectors | Directory containing vector YAML files. |
| category | string | prompt-injection | Category filter for scans. |
| timeout_seconds | u64 | 30 | Request timeout in seconds. |
| retries | u32 | 2 | Retry attempts for transient request failures. |
| retry_backoff_ms | u64 | 250 | Base retry backoff in milliseconds. |
| max_concurrent | usize | 2 | Maximum concurrent vector execution (minimum effective value is 1). |
| rate_limit_rps | u32 | 10 | Global request rate limit in requests per second (minimum effective value is 1). |
| redact_responses | bool | true | Enable response redaction in scan output and artifacts. |
[output]
| Field | Type | Default | Notes |
|---|---|---|---|
| json_out | path | none | Default JSON artifact path. Optional. |
| html_out | path | none | Default HTML artifact path. Optional. |
[auth]
| Field | Type | Default | Notes |
|---|---|---|---|
| api_url | string | none | Optional entitlement API base URL override. |