Configuration
discli uses a layered configuration system for authentication and a profile-based system for access control. This page covers how to set up your bot token, manage configuration, and use permission profiles.
Bot token
Your Discord bot token is the only required configuration. discli resolves the token using the following priority order:
| Priority | Method | Example |
|---|---|---|
| 1 (highest) | --token flag | discli --token YOUR_TOKEN server list |
| 2 | DISCORD_BOT_TOKEN environment variable | export DISCORD_BOT_TOKEN=your_token |
| 3 (lowest) | Config file (~/.discli/config.json) | discli config set token YOUR_TOKEN |
This means a --token flag always wins, followed by the environment variable, followed by the saved config file. Use whichever method fits your workflow.
Option 1: Config file (recommended for local use)
Store the token persistently so you do not have to provide it every time:
discli config set token YOUR_BOT_TOKENSet token.This writes to ~/.discli/config.json:
{ "token": "YOUR_BOT_TOKEN"}The config file stores your token in plain text. Make sure ~/.discli/config.json has appropriate file permissions. On macOS/Linux, restrict access with:
chmod 600 ~/.discli/config.jsonOption 2: Environment variable (recommended for CI/containers)
Set the DISCORD_BOT_TOKEN environment variable:
export DISCORD_BOT_TOKEN=your_tokenAdd this to your ~/.bashrc, ~/.zshrc, or shell profile to persist across sessions.
$env:DISCORD_BOT_TOKEN = "your_token"To persist, set it as a system or user environment variable via Settings or:
[System.Environment]::SetEnvironmentVariable("DISCORD_BOT_TOKEN", "your_token", "User")docker run -e DISCORD_BOT_TOKEN=your_token my-agentOr in GitHub Actions:
env: DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_BOT_TOKEN }}Option 3: Per-command flag
Pass the token directly for one-off commands:
discli --token YOUR_BOT_TOKEN server listThe --token flag is placed before the subcommand, not after it. This is because it is a global option on the discli CLI group.
Viewing current configuration
Check what configuration is currently set:
discli config showtoken: your-bot-tokenThe token value is truncated for security. For the full JSON representation:
discli --json config show{ "token": "your-bot-token-here"}Permission profiles
Permission profiles control which commands your bot (or agent) is allowed to run. This is especially useful when giving an AI agent access to discli — you can restrict it to a safe subset of operations.
Available profiles
| Profile | Description | Use case |
|---|---|---|
| full | Full access to all commands | Local development, trusted agents |
| chat | Messages, reactions, threads, typing, DMs, listen, serve | Chatbot agents that should not moderate |
| readonly | List, info, get, search, listen only | Monitoring, logging, read-only agents |
| moderation | Full access including moderation | Moderation bots with kick/ban capability |
Setting the active profile
There are three ways to set the permission profile, with the same priority pattern as tokens:
Persistently (saved to disk):
discli permission set chatPermission profile set to: chat (Messages, reactions, threads, typing only)This writes the active profile to ~/.discli/permissions.json.
Per-command (flag):
discli --profile readonly message list "#general"The --profile flag overrides the saved profile for that single invocation.
Via environment variable:
export DISCLI_PROFILE=readonlyThis takes priority over the saved profile but is overridden by the --profile flag.
Viewing the active profile
discli permission showActive profile: chatDescription: Messages, reactions, threads, typing onlyAllowed: message, reaction, thread, typing, dm, listen, serve, config, serverDenied: member kick, member ban, member unban, channel delete, role delete, role create, channel createListing all profiles
discli permission profiles full: Full access to all commands chat: Messages, reactions, threads, typing only readonly: Read-only: list, info, get, search, listen moderation: Full access including moderationWhen building an AI agent, start with the readonly or chat profile and only escalate to full once you have tested the agent’s behavior. This follows the principle of least privilege and prevents accidental destructive actions.
Destructive action safeguards
Certain commands are considered destructive and require confirmation before execution:
member kickmember banmember unbanchannel deletemessage deleterole delete
When you run a destructive command, discli prompts for confirmation:
⚠ Destructive action: member kick (user: Alice). Continue? [y/N]To skip the prompt (useful in scripts and automation), pass the --yes or -y flag:
discli --yes member kick "My Server" @spammerUse --yes with caution, especially in automated pipelines. Combined with a restrictive permission profile, this gives you safe automation without accidental damage.
Audit log
discli records every command execution to an audit log at ~/.discli/audit.log. This is useful for tracking what actions an agent has taken.
# View recent audit entriesdiscli audit show --limit 10
# JSON outputdiscli --json audit show --limit 5
# Clear the logdiscli audit clearConfiguration file reference
~/.discli/config.json
{ "token": "YOUR_BOT_TOKEN"}~/.discli/permissions.json
{ "active_profile": "chat", "profiles": {}}The profiles key can hold custom profile definitions, though the four built-in profiles cover most use cases.
~/.discli/audit.log
A newline-delimited JSON file where each line is an audit entry:
{"timestamp": "2026-03-15T10:32:00+00:00", "command": "message send", "args": {"channel": "general", "content": "Hello"}, "result": "ok", "user": ""}