> ## Documentation Index
> Fetch the complete documentation index at: https://mulerun.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Configuration

> Configure authentication, base URL, proxy, and output format

Most users only need to run [`mulerun login`](/cli/commands/login) once.
The CLI stores the resulting OAuth token in `~/.mulerun/` and every other
command reuses it.

The variables and flags below are available for non-interactive use (CI,
agents, sandbox environments) and for advanced overrides.

## Environment variables

| Variable           | Description                                                                                                     |
| ------------------ | --------------------------------------------------------------------------------------------------------------- |
| `MULERUN_TOKEN`    | JWT authentication token. Set this to skip the browser login (CI, agents).                                      |
| `MULERUN_BASE_URL` | API base URL. Defaults to `https://mulerun.com`.                                                                |
| `MULERUN_PROXY`    | Proxy URL (e.g. `socks5h://127.0.0.1:13659` or `http://proxy:8080`). Applies to HTTP and WebSocket connections. |

A project-local `.env` file is auto-loaded when present — variables already
set in the process environment are **not** overwritten.

## Global flags

These flags are accepted by every subcommand. They take precedence over
both environment variables and the OAuth cache.

| Flag                        | Short | Description                                               |
| --------------------------- | ----- | --------------------------------------------------------- |
| `--base-url <url>`          | `-b`  | Override `MULERUN_BASE_URL`                               |
| `--token <token>`           | `-t`  | Override `MULERUN_TOKEN`                                  |
| `--output <format>`         | `-o`  | Output format: `text` (default), `json`, `jsonl`, `table` |
| `--proxy <url>`             |       | Override `MULERUN_PROXY`                                  |
| `--timeout <duration>`      |       | Max operation timeout (default `30m`)                     |
| `--idle-timeout <duration>` |       | WebSocket idle timeout (default `5m`)                     |
| `--insecure`                |       | Skip TLS certificate verification (development only)      |
| `--no-color`                |       | Disable terminal colors                                   |
| `--debug`                   |       | Enable debug logging                                      |

## Authentication

The standard flow uses OAuth in your browser:

```bash theme={null}
mulerun login
mulerun logout      # revoke + clear local cache
```

For automation, pre-mint a token and inject it via `MULERUN_TOKEN`. The
token is a JWT — `mulerun internal-auth token-info` decodes it locally
without making a network call.

## Proxy support

```bash theme={null}
export MULERUN_PROXY="socks5h://127.0.0.1:13659"
mulerun user me
```

The `h` suffix on `socks5h` makes DNS resolution happen on the proxy side.
The proxy applies to HTTPS API calls and to the WebSocket channels used by
`session`, `computer chat`, and `computer shell`.

## Output formats

Pass `-o` (or `--output`) on any command:

```bash theme={null}
mulerun -o text  session list   # pretty-printed (default)
mulerun -o json  session list   # JSON object
mulerun -o jsonl session list   # JSON Lines, one record per line
mulerun -o table session list   # ASCII table
```

For agent integration use `-o json` plus `--no-color`.

## Inspect the active configuration

```bash theme={null}
mulerun doctor
```

Prints the resolved API base URL, login status, distribution profile, and a
few environment-sanity checks. Run this before opening a support ticket.

## Resolution order

1. CLI flags (`--token`, `--base-url`, ...)
2. Process environment variables (`MULERUN_*`)
3. OAuth cache written by `mulerun login`
4. Built-in defaults
