Tanda Workforce MCP Server

# =========================================== # Tanda Workforce MCP Server Configuration # =========================================== # Copy this file to .env and fill in your values # Server Configuration NODE_ENV=development PORT=3000 HOST=0.0.0.0 # =========================================== # Tanda OAuth Configuration (REQUIRED) # =========================================== # Get these from your Tanda developer account: # https://my.tanda.co/api/oauth/applications TANDA_CLIENT_ID=your_tanda_client_id_here TANDA_CLIENT_SECRET=your_tanda_client_secret_here # OAuth Redirect URI # ------------------ # IMPORTANT: This must match the redirect URI registered in your Tanda OAuth application # # For LOCAL DEVELOPMENT: # TANDA_REDIRECT_URI=http://localhost:3000/auth/callback # # For RAILWAY DEPLOYMENT: # Option 1 (Recommended): Leave unset - auto-detected from RAILWAY_PUBLIC_DOMAIN # Option 2: Set explicitly: TANDA_REDIRECT_URI=https://your-app.up.railway.app/auth/callback # # For OTHER PRODUCTION HOSTS: # TANDA_REDIRECT_URI=https://your-production-domain.com/auth/callback # TANDA_REDIRECT_URI=http://localhost:3000/auth/callback # Tanda API URLs (defaults should work for most cases) TANDA_API_BASE_URL=https://my.tanda.co/api/v2 TANDA_AUTH_URL=https://my.tanda.co/api/oauth/authorize TANDA_TOKEN_URL=https://my.tanda.co/api/oauth/token # =========================================== # Security Configuration (REQUIRED for production) # =========================================== # Generate secure random strings for production: # node -e "console.log(require('crypto').randomBytes(32).toString('hex'))" # # ⚠️ IMPORTANT: Never use the default values in production! # ⚠️ The server will refuse to start in production mode with weak secrets. SESSION_SECRET=change-this-to-a-secure-random-string-at-least-32-chars JWT_SECRET=change-this-to-another-secure-random-string-at-least-32-chars JWT_EXPIRY=24h # =========================================== # CORS Configuration # =========================================== # Comma-separated list of allowed origins, or * for all # # For DEVELOPMENT: # CORS_ORIGINS=* # # For PRODUCTION (recommended): # CORS_ORIGINS=https://your-frontend-domain.com,https://another-allowed-domain.com # # ⚠️ WARNING: Using * in production allows any website to make API requests. # This may be acceptable for public APIs but consider restricting for security. CORS_ORIGINS=* # =========================================== # Rate Limiting # =========================================== # Rate limiting (per 15 minutes by default) RATE_LIMIT_WINDOW_MS=900000 RATE_LIMIT_MAX_REQUESTS=100 # =========================================== # MCP Server Configuration # =========================================== MCP_SERVER_NAME=tanda-workforce-mcp MCP_SERVER_VERSION=1.0.0 # =========================================== # Railway-Specific Configuration (Auto-detected) # =========================================== # These are automatically set by Railway - do NOT set manually: # - RAILWAY_PUBLIC_DOMAIN: Your app's public domain (e.g., myapp.up.railway.app) # - RAILWAY_STATIC_URL: Full URL with protocol # - RAILWAY_ENVIRONMENT: The Railway environment name # # When deployed on Railway, TANDA_REDIRECT_URI is automatically constructed # from RAILWAY_PUBLIC_DOMAIN if not explicitly set.