Skip to main content
Make flintai-cli work for you. Set these environment variables to customize scans and evals. Defaults work out of the box.

Using environment variables in config.json

Reference environment variables in your config file using ${VAR_NAME} syntax: 
{
  "models": [
    {
      "id": "my-chatbot",
      "type": "anthropic",
      "name": "Claude Haiku 4.5",
      "model_name": "claude-haiku-4-5",
      "key": "${ANTHROPIC_API_KEY}",
      "temperature": 0
    }
  ]
}
You can use this syntax anywhere in your config.json:
  • API keys: "key": "${ANTHROPIC_API_KEY}"
  • Endpoints: "host": "${STAGING_URL}"
  • Any string value: "name": "${AGENT_NAME}"
Security: Use ${...} references for API keys rather than pasting them as plaintext. This keeps credentials out of config files.

API Keys

Flint AI CLI uses an LLM to analyze your agent code and filter false positives. Choose one provider:

How to set your API key

Production and CI/CD environmentsThe .env file stores API keys as plaintext on disk. For production or shared infrastructure, use an external secret manager:
op run --env-file=.env -- flintai scan ...
Never commit .env files to version control.

GENERATOR_MODEL

GENERATOR_MODEL
string
default:"gemini:gemini-3.1-flash-lite"
Controls which LLM reads your agent code and filters false positives during scan.Format: <provider>:<model-name>Supported providers: gemini, openai, anthropic, litellmWhy this matters:
  • Faster models = faster scans (Gemini Flash is fastest)
  • More capable models = better false positive filtering (GPT-4, Claude Opus)
  • Cost varies by provider and model
Where it’s used:
  • Scan: AI reasoning to analyze agent code and filter false positives
  • Eval: LLM-as-judge scoring, security probe generation
Examples:
# Use Claude Sonnet for better reasoning
export GENERATOR_MODEL=anthropic:claude-sonnet-4.5

# Use OpenAI GPT-4
export GENERATOR_MODEL=openai:gpt-4

Scan Limits

Control how much agent code Flint AI CLI scans. Raise these if scanning large codebases.
ADK_MAX_ITERATIONS
number
default:"300"
Maximum analysis iterations per agent file.When to change: Large agents with complex logic need more iterations to analyze thoroughly.Example:
export ADK_MAX_ITERATIONS=100
flintai scan /path/to/agent
ADK_MAX_FILES_FETCHED
number
default:"50"
Maximum number of files to analyze.When to change: Scanning a very large codebase (100+ Python files).Example:
export ADK_MAX_FILES_FETCHED=200
flintai scan /path/to/large-project
ADK_MAX_FETCH_TOKENS
number
default:"200000"
Maximum tokens allowed for file content during scan. Scan stops when limit is reached.When to change: Scan stops early with “token budget exhausted” on large codebases.Example:
export ADK_MAX_FETCH_TOKENS=500000
flintai scan /path/to/agent
ADK_LOOP_TIMEOUT_SECS
number
default:"600"
Maximum seconds for analysis before timeout (default is 10 minutes).When to change: Scanning times out on large codebases or slow models.Example:
export ADK_LOOP_TIMEOUT_SECS=600  # 10 minutes
flintai scan /path/to/agent

Eval Limits

EXECUTOR_MAX_WORKERS
number
default:"20"
Thread pool size for concurrent evaluation tasks when using the thread executor.When to change: Tune up to increase eval throughput on capable machines, or down to limit resource use.Example:
export EXECUTOR_MAX_WORKERS=40
flintai eval run --model my-agent

Logging

LOG_LEVEL
string
default:"INFO"
Control verbosity of flintai-cli logs.Options:
  • DEBUG — Verbose logging (useful for troubleshooting)
  • INFO — Standard logging (default)
  • WARNING — Only warnings and errors
  • ERROR — Only errors
Example:
export LOG_LEVEL=DEBUG
flintai scan /path/to/agent 2> debug.log
Need help? See Troubleshooting for common configuration issues.