-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy path.env.example
More file actions
160 lines (128 loc) · 7.71 KB
/
.env.example
File metadata and controls
160 lines (128 loc) · 7.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
# MCP OAuth Gateway Environment Configuration
# Copy this to .env and fill with your actual values
# Domain Configuration (REQUIRED)
# Must be real, publicly accessible domains - no localhost!
BASE_DOMAIN=your-actual-domain.com
ACME_EMAIL=your-email@example.com
# GitHub OAuth App Credentials (REQUIRED)
# Create at: https://github.com/settings/developers
GITHUB_CLIENT_ID=your_github_client_id
GITHUB_CLIENT_SECRET=your_github_client_secret
# JWT Configuration (REQUIRED)
# Generate ALL secrets with: just generate-all-secrets
# Or individually:
# just generate-jwt-secret
# just generate-rsa-keys
GATEWAY_JWT_SECRET=your_jwt_secret_key_at_least_32_chars
JWT_ALGORITHM=RS256
JWT_PRIVATE_KEY_B64=your_base64_encoded_private_key_here
# Redis Security (REQUIRED)
# Generate with: just generate-redis-password
REDIS_PASSWORD=your_redis_password
REDIS_URL=redis://redis:6379
# Access Control (REQUIRED - Choose one option)
# Option 1: Specific users - comma-separated list
ALLOWED_GITHUB_USERS=user1,user2,user3
# Option 2: Any authenticated GitHub user
# ALLOWED_GITHUB_USERS=*
# ===========================================================================
# CONFIGURATION TOKENS - Have defaults but should be reviewed
# ===========================================================================
# MCP CORS Configuration (REQUIRED for web clients like Claude.ai)
# Comma-separated list of allowed origins
# Note: FastAPI CORSMiddleware doesn't support wildcard subdomains, so we list them explicitly
MCP_CORS_ORIGINS=*
# Token Lifetimes (REQUIRED - CONFIGURABLE!)
ACCESS_TOKEN_LIFETIME=86400 # 24 hours
REFRESH_TOKEN_LIFETIME=2592000 # 30 days
SESSION_TIMEOUT=3600 # 1 hour
CLIENT_LIFETIME=7776000 # 90 days - clients must re-register after this (set to 0 for eternal clients)
# MCP Protocol Version (REQUIRED!)
MCP_PROTOCOL_VERSION=2025-06-18
# MCP Supported Protocol Versions (REQUIRED!)
# Comma-separated list of versions that our system accepts
MCP_PROTOCOL_VERSIONS_SUPPORTED=2025-06-18,2025-03-26,2024-11-05
# ===========================================================================
# TESTING TOKENS - Only needed for automated tests!
# ===========================================================================
# NOTE: The gateway runs perfectly fine without ANY of these tokens!
# These are ONLY used by the test suite to verify OAuth flows.
# GitHub Personal Access Token (TESTING ONLY)
# Generated by: just generate-github-token
# Used by tests to verify GitHub API integration
GITHUB_PAT=ghp_xxx...
# Gateway OAuth Test Tokens (TESTING ONLY)
# Generated during test OAuth flows
# Used by test suite to authenticate with the gateway
GATEWAY_OAUTH_JWT_TOKEN=
# MCP Client Test Tokens (TESTING ONLY)
# Generated by: just mcp-client-token
# Used for testing mcp-streamablehttp-client
MCP_CLIENT_ACCESS_TOKEN=xxx...
# ===========================================================================
# SERVICE CONFIGURATION - Enable/disable individual MCP services
# ===========================================================================
# MCP Echo Stateful Service Configuration
MCP_ECHO_STATEFUL_ENABLED=false
MCP_ECHO_STATEFUL_TESTS_ENABLED=false
MCP_ECHO_STATEFUL_URLS=https://echo-stateful.yourdomain.com/mcp # Comma-separated list of MCP Echo Stateful URLs
# MCP Echo Stateless Service Configuration
MCP_ECHO_STATELESS_ENABLED=true
MCP_ECHO_STATELESS_TESTS_ENABLED=true
MCP_ECHO_STATELESS_URLS=https://echo-stateless.yourdomain.com/mcp # Comma-separated list of MCP Echo Stateless URLs
# MCP Everything configuration
MCP_EVERYTHING_ENABLED=false # Enable/disable mcp-everything service
MCP_EVERYTHING_TESTS_ENABLED=false # Enable/disable mcp-everything tests (set to true to run tests)
MCP_EVERYTHING_URLS=https://everything.yourdomain.com/mcp # Comma-separated list of MCP Everything URLs
# MCP Fetch configuration
MCP_FETCH_ENABLED=false # Enable/disable mcp-fetch service
MCP_FETCH_TESTS_ENABLED=false # Enable/disable mcp-fetch tests (set to true to run tests)
MCP_FETCH_URLS=https://fetch.yourdomain.com/mcp # Comma-separated list of MCP Fetch URLs
# MCP Fetchs configuration
MCP_FETCHS_ENABLED=false # Enable/disable mcp-fetchs service
MCP_FETCHS_TESTS_ENABLED=false # Enable/disable mcp-fetchs tests (set to true to run tests)
MCP_FETCHS_URLS=https://fetchs.yourdomain.com/mcp # Comma-separated list of MCP Fetchs URLs
# MCP Filesystem configuration
MCP_FILESYSTEM_ENABLED=false # Enable/disable mcp-filesystem service
MCP_FILESYSTEM_TESTS_ENABLED=false # Enable/disable mcp-filesystem tests (set to true to run tests)
MCP_FILESYSTEM_URLS=https://filesystem.yourdomain.com/mcp # Comma-separated list of MCP Filesystem URLs
# MCP Memory configuration
MCP_MEMORY_ENABLED=false # Enable/disable mcp-memory service
MCP_MEMORY_TESTS_ENABLED=false # Enable/disable mcp-memory tests (set to true to run tests)
MCP_MEMORY_URLS=https://memory.yourdomain.com/mcp # Comma-separated list of MCP Memory URLs
# MCP Playwright configuration
MCP_PLAYWRIGHT_ENABLED=false # Enable/disable mcp-playwright service
MCP_PLAYWRIGHT_TESTS_ENABLED=false # Enable/disable mcp-playwright tests (set to true to run tests)
MCP_PLAYWRIGHT_URLS=https://playwright.yourdomain.com/mcp # Comma-separated list of MCP Playwright URLs
# MCP Sequential Thinking configuration
MCP_SEQUENTIALTHINKING_ENABLED=false # Enable/disable mcp-sequentialthinking service
MCP_SEQUENTIALTHINKING_TESTS_ENABLED=false # Enable/disable mcp-sequentialthinking tests (set to true to run tests)
MCP_SEQUENTIALTHINKING_URLS=https://sequentialthinking.yourdomain.com/mcp # Comma-separated list of MCP Sequential Thinking URLs
# MCP Time configuration
MCP_TIME_ENABLED=false # Enable/disable mcp-time service
MCP_TIME_TESTS_ENABLED=false # Enable/disable mcp-time tests (set to true to run tests)
MCP_TIME_URLS=https://time.yourdomain.com/mcp # Comma-separated list of MCP Time URLs
# MCP Tmux configuration
MCP_TMUX_ENABLED=false # Enable/disable mcp-tmux service
MCP_TMUX_TESTS_ENABLED=false # Enable/disable mcp-tmux tests (set to true to run tests)
MCP_TMUX_URLS=https://tmux.yourdomain.com/mcp # Comma-separated list of MCP Tmux URLs
# Redis Connection Settings
REDIS_HOST=redis # Redis host (defaults to internal redis service)
REDIS_PORT=6379 # Redis port
REDIS_DB=0 # Redis database number
REDIS_USERNAME=default # Redis username
REDIS_PWD=${REDIS_PASSWORD} # Redis password (uses the main Redis password)
REDIS_SSL=false # Enable SSL/TLS for Redis connection
# Test Configuration (REQUIRED!)
TEST_HTTP_TIMEOUT=30.0 # HTTP timeout for tests in seconds
TEST_MAX_RETRIES=3 # Maximum retries for failed requests
TEST_RETRY_DELAY=1.0 # Delay between retries in seconds
TEST_OAUTH_CALLBACK_URL=https://auth.yourdomain.com/success # OAuth callback URL for tests - where auth server redirects after authorization
TEST_CLIENT_NAME=test-client # OAuth client name for tests
TEST_CLIENT_SCOPE="mcp:read mcp:write" # OAuth scopes for tests
TEST_INVALID_REDIRECT_URI=https://evil.com/callback # Invalid redirect URI for testing
# Health Check Configuration (REQUIRED!)
HEALTH_CHECK_TIMEOUT=30 # Health check timeout in seconds
HEALTH_CHECK_INTERVAL=5 # Health check interval in seconds
# MCP Testing URL
MCP_TESTING_URL=https://echo-stateless.yourdomain.com/mcp # Set to a valid MCP service URL for testing (defaults to stateless echo)