docs: retarget setup to Claude connectors

docs/configuration.md

@@ -14,8 +14,10 @@ cp .env.example .env
 | `OAUTH_MODE` | No | `false` | Enables OAuth-oriented validation settings |
 | `GITEA_OAUTH_CLIENT_ID` | Yes when `OAUTH_MODE=true` | - | OAuth client id |
 | `GITEA_OAUTH_CLIENT_SECRET` | Yes when `OAUTH_MODE=true` | - | OAuth client secret |
-| `OAUTH_EXPECTED_AUDIENCE` | No | empty | Expected JWT audience; defaults to client id |
+| `OAUTH_EXPECTED_AUDIENCE` | No | empty | Additional accepted JWT audience beyond the MCP resource and Gitea client id |
 | `OAUTH_CACHE_TTL_SECONDS` | No | `300` | OIDC discovery/JWKS cache TTL |
+| `OAUTH_STATE_SECRET` | Yes when `OAUTH_MODE=true` | - | HMAC secret for signed OAuth state wrappers |
+| `OAUTH_REDIRECT_ALLOWLIST` | No | empty | Additional allowed redirect URIs for OAuth clients |
 
 ## MCP Server Settings
 
@@ -27,6 +29,8 @@ cp .env.example .env
 | `ALLOW_INSECURE_BIND` | No | `false` | Explicit opt-in required for `0.0.0.0` bind |
 | `LOG_LEVEL` | No | `INFO` | `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL` |
 | `STARTUP_VALIDATE_GITEA` | No | `true` | Validate OIDC discovery endpoint at startup |
+| `DCR_ENABLED` | No | `true` | Enable dynamic client registration at `/register` |
+| `DCR_STORAGE_PATH` | No | `/var/lib/aegis-mcp/dcr_clients.json` | Persisted OAuth client registry path |
 
 ## Security and Limits
 
@@ -41,6 +45,7 @@ cp .env.example .env
 | `MAX_TOOL_RESPONSE_CHARS` | No | `20000` | Max chars in text fields |
 | `REQUEST_TIMEOUT_SECONDS` | No | `30` | Upstream timeout for Gitea calls |
 | `SECRET_DETECTION_MODE` | No | `mask` | `off`, `mask`, `block` |
+| `REPO_AUTHZ_CACHE_TTL_SECONDS` | No | `60` | TTL for cached per-user repository permission checks |
 
 ## Write Mode