← Back to Chat

Before You Start

Here's what you'll need to set up Warden.

🔑
Anthropic API Key REQUIRED
Powers all AI agents. Get yours at console.anthropic.com
Cost: Usage-based (~$15/1M input tokens for Claude Opus)
🐳
Docker Desktop REQUIRED
Runs PostgreSQL, Qdrant, and NATS infrastructure. Download Docker Desktop
Cost: Free for personal use
🤖
Agent Configuration
Decide which agents you want active and what to name them. Start with just Coordinator + Advisor — you can add Representative and Twin later.
Optional Services
🔢
Wolfram Alpha API Key
Computational verification and fact-checking. $5–25/month at wolframalpha.com
🎙️
Cartesia API Key
Voice synthesis for agents. Get a key at cartesia.ai
📧
Gmail Account
For the email channel — agents can read/send email on your behalf. Requires OAuth setup.
📱
Twilio Account
For SMS and voice call channels. ~$1/month + usage at twilio.com
💬
Slack Workspace
For the Slack channel — agents interact in your Slack workspace.

Welcome to Warden

Let's configure your personal AI agent system.

What is Warden?

Warden is the reference implementation of the Primacy Framework — a system where YOU retain sovereignty over AI agents that act on your behalf. Your agents follow your rules, respect your values, and always answer to you.

What Does This Wizard Do?

This wizard helps you configure your Warden deployment. We'll walk through setting up your identity, your AI agents, communication channels, and external services so everything works exactly how you want it.

How It Works

Start by telling us about your setup using the options below, and we'll tailor the remaining configuration sections to match your needs. You can always come back and change things later.

Your Setup

Principal Identity

Configure your principal identity.

A unique machine-readable identifier for you (the human) in the system. Think of it like a username — lowercase, no spaces. Example: david-rose
How your agents will address you in conversation. This is what they'll call you — first name, nickname, or however you prefer to be addressed. Example: David
Your email accounts. Penn can send from any of these when directed (e.g. "send this from my Gust email"). The first account is your primary address — used when you say "email me." Each account needs its own SMTP credentials.
Controls the system's operational mode, similar to a 'development vs. production' environment setting. Development: relaxed constraints, verbose logging, good for setup and testing. Staging: production-like with extra monitoring. Production: full governance enforcement and strict rate limits. Use 'Development' while you're getting things set up.
Your timezone for scheduling and time-based operations. Use IANA timezone format (e.g., America/New_York, Europe/London, Asia/Tokyo). Default: America/New_York
Your location, used to give agents geographic context for weather, local events, and recommendations.
Upload an image file to display as the avatar. Supports JPG, PNG, WebP.
Select which microphone and speaker to use for voice conversations. These settings are saved locally in your browser.

Your Contact Info

Where your agents should reach you on each channel for notifications.

Your Slack user ID (not display name). Find via Slack profile → three dots → Copy member ID.

Agent Constellation

Configure the five core agent archetypes. Each agent can use a different LLM provider (e.g., GPT for Coordinator, Claude for Advisor).

Agent Capabilities

LLM Providers

Register LLM providers and their API keys. Each agent can use a different provider. API keys are stored in .env, referenced here by environment variable name.

Anthropic (Claude)
The environment variable name in your .env file. The actual API key (starting with sk-ant-) goes in the .env file, not here. Default: ANTHROPIC_API_KEY
Only change this if you're using a proxy or custom endpoint. Leave empty for the standard Anthropic API.
claude-opus-4-6, claude-sonnet-4-5-20250929, claude-haiku-4-5-20251001
OpenAI (GPT)
The environment variable name for your OpenAI key. Get one at platform.openai.com/api-keys
Only change this for Azure OpenAI or a custom endpoint. Leave empty for standard OpenAI.
gpt-5.4, gpt-4.1, gpt-4.1-mini, gpt-4.1-nano, o3, o4-mini
Google (Gemini)
The environment variable name for your Google AI key. Get one at aistudio.google.com/apikey
Leave empty for the standard Google AI API.
gemini-3, gemini-2.5-pro, gemini-2.0-flash
Perplexity AI
The environment variable name for your Perplexity key. Get one at perplexity.ai/settings/api
xAI (Grok)
The environment variable name for your xAI key. Get one at console.x.ai

Agent Channels

Credentials for Penn's dedicated communication channels. These let Penn send messages from its own identity (not yours).

Channel Domain
Domain used for agent channel addresses (e.g., penn@davidsrose.com).

Email (SMTP)

Slack Bot

From Slack App settings → OAuth & Permissions.
From Slack App settings → Basic Information. Used to verify webhook requests.

Twilio (SMS & Voice)

E.164 format. Used for both SMS and voice calls.

Telegram Bot

Set via setWebhook API. Used to verify inbound webhook requests.

Discord Bot

From Discord Developer Portal → General Information. Used for webhook signature verification.

External Services

Configure API keys and credentials for external service integrations.

Anthropic

Your Anthropic API key. Get one at console.anthropic.com. Saved securely to your .env file.

OpenAI

Your OpenAI API key. Get one at platform.openai.com. Saved to .env file.

Google AI

Your Google AI API key. Get one at aistudio.google.com. Saved to .env file.

Perplexity

Your Perplexity API key for real-time web search. Get one at perplexity.ai/settings/api. Saved to .env file.

xAI (Grok)

Your xAI API key for Grok social analysis. Get one at console.x.ai. Saved to .env file.

Mistral AI

Your Mistral API key for multilingual and fast reasoning tasks. Get one at console.mistral.ai. Saved to .env file.

Tavily

Your Tavily API key for web search, extraction, and site crawling. Free tier: 1,000 credits/month. Get one at tavily.com. Saved to .env file.

Wolfram Alpha

Your Wolfram Alpha App ID. Get one at products.wolframalpha.com/api. Saved to .env file.

Voice Synthesis (TTS)

Cartesia uses cloud API (requires API key). Voxtral runs locally on Apple Silicon via MLX (no API key needed, ~2.5GB model download on first use).
Required for Cartesia provider. Get a key at play.cartesia.ai

Anam AI (Avatar)

Your Anam AI API key for 2D avatar rendering. Get one at anam.ai
The Anam AI persona ID for this agent's visual avatar.
The Anam AI persona ID for this agent's visual avatar.

OpenClaw

The URL where your OpenClaw server is running. Default is http://localhost:9000 for local installations.
Maximum number of OpenClaw skills that can run simultaneously. Higher values use more resources. Default: 10

Financial Services

Configure payment integrations, credential vault, and transaction authorization.

Master toggle for all financial operations. When disabled, all financial tools return "service unavailable." Enable only after configuring credentials below.

Credential Vault

The financial credential vault encrypts sensitive data at rest. A vault key is required before any financial services can be enabled.

This key encrypts card tokens and wallet keys. Store it securely — if lost, vault contents cannot be recovered.

Bright Lines (Inviolable)
  • Private keys and raw card numbers never leave the vault
  • Twin archetype cannot perform any financial operations
  • Maximum single transaction: $10,000
  • Maximum daily spend per agent: $5,000
  • New payees have 24-hour cooling period

Privacy.com Virtual Cards

Privacy.com provides per-merchant virtual debit cards with spend limits. Agents can create cards locked to specific merchants for governed purchases.

HMAC signing secret for validating incoming Privacy.com webhook notifications. Found in your Privacy.com dashboard under Webhooks.
Sandbox uses test credentials and simulated transactions. Switch to Production only when ready for real payments.
Governance Tiers
Tier 1 — Create, freeze, close cards
Tier 2 — Fund cards, view details
Tier 2 — List transactions
Tier 1 — Fund $500+

Ethereum Wallet

Ethereum wallet for on-chain transactions. Private keys are stored in the credential vault (sign-only interface — keys never exported).

Governance Tiers
Tier 1 — Create wallet, send $500+
Tier 2 — Send transactions <$500
Tier 3 — Check balance, estimate gas
Tier 3 — List wallets, tx status

Transaction Authorization

Four-tier authorization model with Cedar policy evaluation. Transactions are classified by amount and type, with hold windows for supervised operations.

Micro Under $25 — autonomous (no hold window) Tier 3
Standard $25 – $500 — supervised (30s hold window) Tier 2
Large Over $500 — explicit approval (120s hold window) Tier 1
Recurring Any amount — always explicit approval (120s hold) Tier 1

Service Status

Loading service status...

Skill Packages

Curated bundles of marketplace skills with pre-configured governance.

Loading available packages...

Capability Routing (DEC-044)

Configure which LLM provider handles each abstract capability. Agents see capabilities, not providers — the router dispatches to the optimal provider based on these rules.

Cost Management

Monthly budgets and per-provider spending caps for capability routing.

Total monthly budget across all providers
Alert when any provider hits this percentage of its cap

Per-Provider Spending Caps

Local provider — no cost

Memory & Knowledge

Configure semantic memory (Qdrant) and embedding models for storing and retrieving contextual information.

Store semantic embeddings of conversations and facts in Qdrant for long-term knowledge retrieval. Requires Qdrant service to be running.
The HTTP endpoint of your Qdrant vector database. Default is local development setup.
Ollama: Local inference via Ollama service (zero cost, best quality). Requires ollama serve running at port 11434.
Sentence Transformers: Local Python-based embeddings (fallback if Ollama unavailable).
Hash: Deterministic fallback for testing — not recommended for production.
Embedding model to use with Ollama. Default is nomic-embed-text (768 dimensions, Apache 2.0 licensed). Run ollama pull nomic-embed-text to install.

Memory Extraction

Controls how Warden identifies memory-worthy facts and preferences from conversations.

Use a fast AI model (Haiku-class) to identify memory-worthy content instead of keyword patterns. Produces higher-quality, distilled memories and can extract insights from agent responses. Uses API credits (~$0.001/turn). When disabled, falls back to rule-based keyword matching.
The model used for memory extraction calls. Haiku is fast and cheap (~250ms, ~$0.001/call). Sonnet is more accurate but slower and costlier. Only applies when LLM extraction is enabled.

System

Configure system-level infrastructure and behavior settings.

The default AI model used when agents don't specify their own. Claude Opus 4.6 is the most capable but uses more API credits.
If the primary AI model is unavailable (API outage, rate limit), automatically try a backup model instead of failing.
Allow agents to search the web for current information. Uses Anthropic's built-in web search capability.
Enable NATS message broker for distributed event streaming. Only needed for multi-service deployments. Leave disabled for single-machine setups.
How much detail to record in system logs. 'Info' is good for normal use. 'Debug' shows everything (useful for troubleshooting). 'Warning' and above show only problems.

Safety & Monitoring

Multi-agent safety mechanisms. These run automatically when multiple agents interact.

Detect when agents disagree on recommendations or proposed actions. Conflicts above HIGH severity are escalated to the Coordinator, then to you if unresolved. Uses keyword overlap scoring to assess divergence.
Monitor for agents coordinating to bypass governance constraints or bright-line rules. Tracks agreement frequency across agent pairs and flags suspicious patterns. CRITICAL violations automatically block the proposed action.