51 lines
1.2 KiB
Plaintext
51 lines
1.2 KiB
Plaintext
# Runtime Environment
|
|
ENVIRONMENT=production
|
|
|
|
# Gitea Configuration
|
|
GITEA_URL=https://gitea.example.com
|
|
GITEA_TOKEN=your-bot-user-token-here
|
|
|
|
# MCP Server Configuration
|
|
# Secure default: bind only localhost unless explicitly overridden.
|
|
MCP_HOST=127.0.0.1
|
|
MCP_PORT=8080
|
|
ALLOW_INSECURE_BIND=false
|
|
|
|
# Authentication Configuration (REQUIRED unless AUTH_ENABLED=false)
|
|
AUTH_ENABLED=true
|
|
MCP_API_KEYS=your-generated-api-key-here
|
|
# MCP_API_KEYS=key1,key2,key3
|
|
|
|
# Authentication failure controls
|
|
MAX_AUTH_FAILURES=5
|
|
AUTH_FAILURE_WINDOW=300
|
|
|
|
# Request rate limiting
|
|
RATE_LIMIT_PER_MINUTE=60
|
|
TOKEN_RATE_LIMIT_PER_MINUTE=120
|
|
|
|
# Logging / observability
|
|
LOG_LEVEL=INFO
|
|
AUDIT_LOG_PATH=/var/log/aegis-mcp/audit.log
|
|
METRICS_ENABLED=true
|
|
EXPOSE_ERROR_DETAILS=false
|
|
|
|
# Tool output limits
|
|
MAX_FILE_SIZE_BYTES=1048576
|
|
MAX_TOOL_RESPONSE_ITEMS=200
|
|
MAX_TOOL_RESPONSE_CHARS=20000
|
|
REQUEST_TIMEOUT_SECONDS=30
|
|
|
|
# Security controls
|
|
SECRET_DETECTION_MODE=mask # off|mask|block
|
|
POLICY_FILE_PATH=policy.yaml
|
|
|
|
# Write mode (disabled by default)
|
|
WRITE_MODE=false
|
|
WRITE_REPOSITORY_WHITELIST=
|
|
|
|
# Automation mode (disabled by default)
|
|
AUTOMATION_ENABLED=false
|
|
AUTOMATION_SCHEDULER_ENABLED=false
|
|
AUTOMATION_STALE_DAYS=30
|