Copilot Studio Agent Direct Line MCP Server

# ============================================================================= # Copilot Studio Agent Direct Line MCP Server - Environment Configuration # ============================================================================= # ----------------------------------------------------------------------------- # ENVIRONMENT # ----------------------------------------------------------------------------- # Node Environment (REQUIRED) # Valid values: development | staging | production # Default: development # Affects validation requirements and security settings NODE_ENV=development # ----------------------------------------------------------------------------- # REQUIRED VARIABLES # ----------------------------------------------------------------------------- # Direct Line API Secret Key (REQUIRED) # Obtain from Azure Bot Service > Channels > Direct Line # Format: alphanumeric string with dots, hyphens, or underscores # Example: your-secret-key-here.xxxxxxxxxxxxx DIRECT_LINE_SECRET= # ----------------------------------------------------------------------------- # OPTIONAL VARIABLES # ----------------------------------------------------------------------------- # MCP Server Port (OPTIONAL) # Port for MCP server to listen on # Valid range: 1024-65535 # Default: Auto-assigned by system if not specified # MCP_SERVER_PORT=3000 # Log Level (OPTIONAL) # Controls verbosity of application logging # Valid values: debug | info | warn | error # Default: info # LOG_LEVEL=info # Token Refresh Interval (OPTIONAL) # How often to proactively refresh Direct Line tokens (in milliseconds) # Minimum: 300000 (5 minutes) # Default: 1800000 (30 minutes) # Tokens are refreshed 5 minutes before expiration # TOKEN_REFRESH_INTERVAL=1800000 # ----------------------------------------------------------------------------- # OAUTH2 / AZURE ENTRA ID CONFIGURATION # ----------------------------------------------------------------------------- # Azure Entra ID Client ID (Application ID) # REQUIRED in production, OPTIONAL in development # Obtain from Azure Portal > App registrations # Format: UUID (e.g., 12345678-1234-1234-1234-123456789abc) # AZURE_CLIENT_ID= # Azure Entra ID Client Secret # REQUIRED in production, OPTIONAL in development # Obtain from Azure Portal > App registrations > Certificates & secrets # Minimum: 16 characters for security # AZURE_CLIENT_SECRET= # Azure Entra ID Tenant ID (Directory ID) # REQUIRED in production, OPTIONAL in development # Format: UUID or domain (e.g., contoso.onmicrosoft.com) # AZURE_TENANT_ID= # OAuth2 Redirect URI # Where users are redirected after authentication # Must be HTTPS in production (except localhost) # Default: http://localhost:3000/auth/callback # REDIRECT_URI=http://localhost:3000/auth/callback # OAuth2 Scopes # Space-separated list of requested permissions # Default: openid profile email # Example: openid profile email https://graph.microsoft.com/.default # OAUTH_SCOPES=openid profile email # ----------------------------------------------------------------------------- # AUTHENTICATION & TRANSPORT MODE (OPTIONAL) # ----------------------------------------------------------------------------- # MCP Transport Mode (OPTIONAL) # Valid values: stdio | http # Default: stdio # Use 'http' to enable HTTP transport with OAuth authentication # MCP_TRANSPORT_MODE=stdio # Enable Authentication (OPTIONAL) # Set to 'true' to enable Azure Entra ID authentication even in stdio mode # Default: false (authentication only enabled in HTTP mode) # ENABLE_AUTH=false # Azure Entra ID Configuration (REQUIRED when ENABLE_AUTH=true or MCP_TRANSPORT_MODE=http) # Obtain from Azure Portal > App registrations # ENTRA_TENANT_ID=your-tenant-id # ENTRA_CLIENT_ID=your-client-id # ENTRA_CLIENT_SECRET=your-client-secret # ENTRA_REDIRECT_URI=http://localhost:3000/auth/callback # ENTRA_SCOPES=openid,profile,email # HTTP Server Configuration (when MCP_TRANSPORT_MODE=http) # HTTP_PORT=3000 # SESSION_SECRET=your-strong-session-secret-here # OPTIONAL: Auto-generated if not provided # ALLOWED_ORIGINS=http://localhost:3000,http://localhost:3001 # TRUST_PROXY=false # ============================================================================= # IMPORTANT SECURITY NOTES # ============================================================================= # 1. NEVER commit the actual .env file to version control # 2. Keep DIRECT_LINE_SECRET confidential - it provides full access to your bot # 3. Keep AZURE_CLIENT_SECRET and SESSION_SECRET confidential # 4. Use different secrets for development, staging, and production environments # 5. Rotate secrets regularly for enhanced security # 6. Set NODE_ENV=production to enforce security requirements # =============================================================================