.env.example•2.42 kB
# Vivint Credentials (REQUIRED)
VIVINT_USERNAME=your_vivint_username_here
VIVINT_PASSWORD=your_vivint_password_here
# Optional: Specific system ID if you have multiple panels
# VIVINT_SYSTEM_ID=
# 2FA/MFA Configuration (for accounts with 2FA enabled)
# VIVINT_MFA_CODE=123456 # Your current 6-digit 2FA code (temporary, only for initial setup)
# VIVINT_REFRESH_TOKEN_FILE=.vivint_tokens.json # Where to store refresh tokens
# VIVINT_MFA_AUTO_WAIT=false # Wait for interactive MFA input
# Server Configuration
ENVIRONMENT=development
PORT=8000
# MCP Transport Configuration
# Options: http (default), sse (legacy), stdio (command-line only)
# - http: Modern HTTP transport with full bidirectional communication (recommended)
# - sse: Server-Sent Events transport for legacy compatibility (not recommended)
# - stdio: Standard input/output for command-line tools (no network access)
MCP_TRANSPORT=http
# Debug Settings
DEBUG_MODE=false
LOG_LEVEL=INFO
# Session Management (seconds)
SESSION_REFRESH_INTERVAL=900
# Authentication Settings
AUTH_ENABLED=true
# Auth types: jwt (recommended), api_token (simple), bearer (legacy), oauth (full flow)
AUTH_TYPE=jwt
# Simple API Token Authentication (AUTH_TYPE=api_token)
# Use this for simple production environments where you just need a single API token
# API_TOKEN=your-api-token-here
# Bearer Token Authentication (AUTH_TYPE=bearer)
# Uses AUTH_SECRET as the bearer token - legacy method, use api_token instead
# AUTH_SECRET=your-bearer-token-here
# For HMAC JWT (HS256/384/512) - use either AUTH_SECRET OR generate with script
AUTH_SECRET=your-super-secret-key-here
# For RSA JWT (RS256/384/512) - generate with script
# JWT_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"
# JWT_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----"
# JWT Configuration
JWT_ALGORITHM=HS256
JWT_ISSUER=vivint-mcp-server
JWT_AUDIENCE=vivint-mcp-client
TOKEN_EXPIRY_HOURS=24
# OAuth Redirect URIs (comma-separated list)
OAUTH_REDIRECT_URIS=https://claude.ai/api/mcp/auth_callback,http://localhost:3000/callback,http://localhost:8080/callback
# OAuth Client Access Control
# Set to true to completely disable new client registration AND authorization
# When enabled, blocks all OAuth login attempts and new client registration
# Useful for production environments to completely lock down OAuth access
OAUTH_DISABLE_NEW_CLIENTS=false