Hiddenden/AegisGitea-MCP
3
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
59e1ea53a8e3b2d4d132ce1a86e7e752c0262324
AegisGitea-MCP/docs/configuration.md
latte 59e1ea53a8
Some checks failed
docker / lint (push) Has been cancelled
Details
docker / test (push) Has been cancelled
Details
docker / docker-build (push) Has been cancelled
Details
lint / lint (push) Has been cancelled
Details
test / test (push) Has been cancelled
Details
Add OAuth2/OIDC per-user Gitea authentication 
Introduce a GiteaOAuthValidator for JWT and userinfo validation and
fallbacks, add /oauth/token proxy, and thread per-user tokens through
the
request context and automation paths. Update config and .env.example for
OAuth-first mode, add OpenAPI, extensive unit/integration tests,
GitHub/Gitea CI workflows, docs, and lint/test enforcement (>=80% cov).
2026-02-25 16:54:01 +01:00

2.7 KiB
Raw Blame History

Configuration

Copy .env.example to .env and set values before starting:

cp .env.example .env

OAuth/OIDC Settings (Primary)

Variable Required Default Description
GITEA_URL Yes - Base URL of your Gitea instance
OAUTH_MODE No false Enables OAuth-oriented validation settings
GITEA_OAUTH_CLIENT_ID Yes when OAUTH_MODE=true - OAuth client id
GITEA_OAUTH_CLIENT_SECRET Yes when OAUTH_MODE=true - OAuth client secret
OAUTH_EXPECTED_AUDIENCE No empty Expected JWT audience; defaults to client id
OAUTH_CACHE_TTL_SECONDS No 300 OIDC discovery/JWKS cache TTL

MCP Server Settings

Variable Required Default Description
MCP_HOST No 127.0.0.1 Interface to bind to
MCP_PORT No 8080 Port to listen on
ALLOW_INSECURE_BIND No false Explicit opt-in required for 0.0.0.0 bind
LOG_LEVEL No INFO DEBUG, INFO, WARNING, ERROR, CRITICAL
STARTUP_VALIDATE_GITEA No true Validate OIDC discovery endpoint at startup

Security and Limits

Variable Required Default Description
MAX_AUTH_FAILURES No 5 Failed auth attempts before rate limiting
AUTH_FAILURE_WINDOW No 300 Window in seconds for auth failure counting
RATE_LIMIT_PER_MINUTE No 60 Per-IP request limit
TOKEN_RATE_LIMIT_PER_MINUTE No 120 Per-token request limit
MAX_FILE_SIZE_BYTES No 1048576 Max file payload returned by read tools
MAX_TOOL_RESPONSE_ITEMS No 200 Max list items in tool responses
MAX_TOOL_RESPONSE_CHARS No 20000 Max chars in text fields
REQUEST_TIMEOUT_SECONDS No 30 Upstream timeout for Gitea calls
SECRET_DETECTION_MODE No mask off, mask, block

Write Mode

Variable Required Default Description
WRITE_MODE No false Enables write tools
WRITE_REPOSITORY_WHITELIST Required if write mode enabled and allow-all disabled empty Comma-separated owner/repo allow list
WRITE_ALLOW_ALL_TOKEN_REPOS No false Allow all repos accessible by token

Automation

Variable Required Default Description
AUTOMATION_ENABLED No false Enables automation endpoints
AUTOMATION_SCHEDULER_ENABLED No false Enables scheduler loop
AUTOMATION_STALE_DAYS No 30 Age threshold for stale issue checks

Legacy Compatibility Variables

These are retained for compatibility but not used for OAuth-protected MCP tool execution:

  • GITEA_TOKEN
  • MCP_API_KEYS
  • AUTH_ENABLED
Reference in New Issue View Git Blame Copy Permalink