git rev-parse --show-toplevel. It is not created by TYBA; absent is the normal case.
It is versioned along with the project, and that is where the problem the next section solves lives.
The whole file
.tyba/config.toml
agent.default
Three values are recognized:
Any other value is ignored silently.
default = "cursor" raises no error and does nothing.
Since Claude Code is already the product’s default, in practice
default = "claude" changes nothing. The field only has a visible effect with "codex", and even then only when codex is in your PATH.agent.env.allow
Agent sessions do not inherit your environment. They receive a fixed baseline and nothing more:
DATABASE_URL, API keys — none of that reaches the agent by default. If the project needs some variable, list it here:
[A-Za-z_][A-Za-z0-9_]*).
The allowlist only adds on top of the baseline — it never overwrites. Listing
PATH does not hijack the agent’s PATH: TYBA forces its own afterwards, and a hostile repository cannot point the agent’s binary somewhere else.A new file is worth nothing until you approve it
This is the most important design on the page, and it exists for a concrete reason: you clone third-party repositories. If a versioned.tyba/config.toml took effect automatically, any repository could ask for your AWS_SECRET_ACCESS_KEY in the agent’s environment just because you opened the project.
So:
1
TYBA computes the file's hash
A SHA-256 of the exact content.
2
It asks you
What that file is asking for — default agent and which variables — before applying anything.
3
Your consent applies to that hash, and only that one
As long as the file doesn’t change, it holds.
4
One different byte takes the consent down
You changed it, a
git pull touched it, you switched branches — the hash changes, the consent dies, and TYBA asks again.A broken file is ignored, it doesn’t take things down
Unlike the user config, a repository’s.tyba/config.toml with invalid TOML does not stop the session from starting. It is simply ignored, and you are left with the fixed baseline.
The asymmetry is intentional. The user config is yours — if it’s broken, it’s your mistake and you want to know now. The repository config may have come from anyone, and a malformed file in a cloned repository should not be able to lock up your tool.
See also
- User configuration —
~/.tyba/config.toml - Risk classification — what needs your approval