-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy path.env.example
More file actions
137 lines (104 loc) · 4.66 KB
/
.env.example
File metadata and controls
137 lines (104 loc) · 4.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# Supabase Configuration
# Get these values from your Supabase project dashboard
# Project Settings → API
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_ANON_KEY=your-anon-key-here
# Optional: For service role operations (use carefully!)
# SUPABASE_SERVICE_ROLE_KEY=your-service-role-key
# LiteLLM proxy (optional; used for embeddings when set)
# LITELLM_PROXY_URL=http://localhost:4000
# LITELLM_MASTER_KEY=sk-your-master-key
# OpenAI API key (required for semantic/hybrid search embeddings)
# OPENAI_API_KEY=sk-your-openai-key
# Redis (optional; enables caching for improved performance)
# REDIS_URL=redis://localhost:6379
# VCON_REDIS_EXPIRY=3600
# Database backend: "supabase" (default) or "mongodb"
# DB_TYPE=supabase
# MongoDB (only used when DB_TYPE=mongodb)
# MONGO_URL=mongodb://localhost:27017
# MONGO_DB_NAME=vcon
# ============================================================================
# Multi-Tenant / Row Level Security
# ============================================================================
# Enable RLS-based multi-tenant isolation
# RLS_ENABLED=false
# RLS_DEBUG=false
# CURRENT_TENANT_ID=
# ============================================================================
# Tool Configuration
# ============================================================================
# Tool profile: full (default), readonly, user, admin, minimal
# MCP_TOOLS_PROFILE=full
# Fine-grained tool category control (comma-separated)
# MCP_ENABLED_CATEGORIES=read,write
# MCP_DISABLED_CATEGORIES=analytics
# MCP_DISABLED_TOOLS=delete_vcon
# ============================================================================
# Observability
# ============================================================================
# OpenTelemetry (enabled by default)
# OTEL_ENABLED=true
# OTEL_EXPORTER_TYPE=console
# OTEL_ENDPOINT=http://localhost:4318
# OTEL_SERVICE_NAME=vcon-mcp-server
# Logging
# LOG_LEVEL=info
# MCP_DEBUG=false
# ============================================================================
# Plugin Configuration
# ============================================================================
# Plugin loading (comma-separated paths to plugin modules)
# Example: @vcon/privacy-suite,./custom-plugin.js
# VCON_PLUGINS_PATH=
# License key for proprietary plugins (e.g., Privacy Suite)
# VCON_LICENSE_KEY=
# Enable offline mode for license validation (air-gapped deployments)
# VCON_OFFLINE_MODE=false
# ============================================================================
# MCP Transport Configuration
# ============================================================================
# Transport type: "stdio" (default) or "http"
# stdio = Standard input/output (for CLI usage)
# http = HTTP server with Streamable HTTP / SSE support
MCP_TRANSPORT=stdio
# HTTP Transport Settings (only used when MCP_TRANSPORT=http)
# ------------------------------------------------------------------------------
# HTTP server host and port
# MCP_HTTP_HOST=127.0.0.1
# MCP_HTTP_PORT=3000
# Session management mode
# Set to "true" for stateless mode (no session tracking)
# Default: false (stateful with session IDs)
# MCP_HTTP_STATELESS=false
# Response format
# Set to "true" to use JSON-only responses instead of SSE streaming
# Default: false (SSE streaming enabled)
# MCP_HTTP_JSON_ONLY=false
# CORS configuration
# Enable CORS for browser-based clients
# MCP_HTTP_CORS=false
# MCP_HTTP_CORS_ORIGIN=*
# DNS Rebinding Protection
# Enable DNS rebinding protection (requires allowed hosts/origins)
# MCP_HTTP_DNS_PROTECTION=false
# MCP_HTTP_ALLOWED_HOSTS=localhost,127.0.0.1
# MCP_HTTP_ALLOWED_ORIGINS=http://localhost:3000,http://127.0.0.1:3000
# ============================================================================
# API & MCP HTTP Auth (REST API and MCP endpoint when MCP_TRANSPORT=http)
# ============================================================================
# Comma-separated list of valid API keys. Clients send via header or Authorization: Bearer <key>
# API_KEYS=key1,key2
# Header for API key (default: authorization). Clients send Authorization: Bearer <key>. Set to x-api-key to use that header instead.
# API_KEY_HEADER=authorization
# Require auth for REST and MCP HTTP (default: true). Set to "false" to disable.
# API_AUTH_REQUIRED=true
# ============================================================================
# REST API Settings (only used when MCP_TRANSPORT=http)
# ============================================================================
# Base path for REST API endpoints (default: /api/v1)
# REST_API_BASE_PATH=/api/v1
# Enable/disable REST API (default: true when HTTP transport enabled)
# REST_API_ENABLED=true
# CORS allowed origin for REST API (default: *)
# CORS_ORIGIN=*