Schema

Server Configuration

Describes the environment variables required to run the server.

Name	Required	Description	Default
`HOST`	No	Host to bind the server to	127.0.0.1
`PORT`	No	Port to bind the server to	8000
`RELOAD`	No	Enable auto-reload for development	false
`KV_MOUNT`	No	KV mount point in Vault	secret
`LOG_LEVEL`	No	Log level for the server	info
`JWT_ISSUER`	No	JWT issuer claim
`VAULT_ADDR`	No	Vault server address	http://localhost:8200
`VAULT_TOKEN`	No	Vault authentication token
`JWT_AUDIENCE`	No	JWT audience claim
`API_KEYS_JSON`	No	JSON map of API keys to agent IDs: { "<api-key>": "<agent-id>" }
`VAULT_ROLE_ID`	No	Vault AppRole role ID for authentication
`DEFAULT_PREFIX`	No	Default prefix for agent namespacing	mcp
`CHILD_TOKEN_TTL`	No	TTL for child tokens	90s
`VAULT_NAMESPACE`	No	Vault namespace (Enterprise only)
`VAULT_SECRET_ID`	No	Vault AppRole secret ID for authentication
`AUTH_JWT_ENABLED`	No	Enable JWT authentication	true
`JWT_HS256_SECRET`	No	Secret for HS256 JWT signing
`AUTH_MTLS_ENABLED`	No	Enable mTLS authentication via proxy headers	false
`MTLS_VERIFY_HEADER`	No	Header name for mTLS verification status	x-ssl-client-verify
`RATE_LIMIT_ENABLED`	No	Enable rate limiting	true
`CHILD_TOKEN_ENABLED`	No	Enable per-request child token issuance	false
`RATE_LIMIT_REQUESTS`	No	Number of requests allowed per window	60
`AUTH_API_KEY_ENABLED`	No	Enable API key authentication	true
`MTLS_IDENTITY_HEADER`	No	Header name for mTLS client identity	x-ssl-client-s-dn
`MTLS_SUBJECT_CN_PREFIX`	No	Prefix for extracting CN from mTLS subject	CN=
`CHILD_TOKEN_POLICY_PREFIX`	No	Prefix for child token policy names	mcp-agent-
`RATE_LIMIT_WINDOW_SECONDS`	No	Rate limiting window in seconds	60

Prompts

Interactive templates invoked by user choice

Name	Description
No prompts

Resources

Contextual data attached and managed by the client

Name	Description
No resources

Tools

Functions exposed to the LLM to take actions

Name	Description
No tools

Server Configuration

Schema

Prompts

Resources

Tools

MCP directory API