backant setup generates a .backant.toml at the root of each project. This file is the only place you change Kairos’s per-project behaviour. The file is committed to your repo and added to CODEOWNERS during setup so policy changes route to you for review.
Default .backant.toml
[permissions]
What Kairos is allowed to do.
[scope]
Where Kairos is allowed to look and edit.
If you set
include, only those paths are visible to Kairos. Useful for monorepos where you want Kairos focused on one app.
[behavior]
Safety caps and pacing.
[branches]
PR strategy.
Reloading policy
Edits to.backant.toml are not picked up by a running daemon. Restart with --fresh so the new policy is applied immediately:
Common adjustments
Building trust gradually
Building trust gradually
Week 1: defaults (
merge = false, modify_ci = false, modify_infrastructure = false).Week 2–3: review Kairos’s PRs daily; if they look clean, consider flipping merge = true on quiet evenings only.Week 4+: if you want it, merge = true plus modify_ci = true for non-critical CI changes. Keep modify_infrastructure = false indefinitely unless you have strong out-of-band gates.Reducing the cost ceiling
Reducing the cost ceiling
If a single turn is more expensive than expected:Combine with
backant start --pace so Kairos auto-throttles when your Anthropic rate-limit window heats up.Monorepo focus
Monorepo focus
Restrict Kairos to one app inside a monorepo:Kairos will only look and act inside
apps/api/.Strict read-only mode
Strict read-only mode
Useful while evaluating Kairos against a sensitive repo. Kairos will still observe and judge, but will not write code:Effectively reduces Kairos to a
backant watch-only product.Where .backant.toml lives
At the root of each workspace, alongside your code. It’s a normal committed file; Kairos enforces the policy on every turn. Setup auto-adds an entry to .github/CODEOWNERS for .backant.toml so the file is review-gated.