ThoughtMCP

# ThoughtMCP Production Environment Configuration # ============================================================================ # IMPORTANT: Copy this file to .env.production and configure for your environment # NEVER commit .env.production with real credentials to version control # # This file is the SINGLE SOURCE OF TRUTH for production configuration. # docker-compose.prod.yml references these variables via ${VAR_NAME:-default} syntax. # # Requirements: 17.5 # ============================================================================ # ============================================================================ # DOCKER COMPOSE PRODUCTION DATABASE (docker-compose.prod.yml) # ============================================================================ # These variables are used directly by docker-compose.prod.yml # SECURITY: Change ALL default passwords before deploying to production! # PostgreSQL user for production # SECURITY: Use a unique username, not 'postgres' or 'admin' POSTGRES_USER=thoughtmcp # PostgreSQL password # SECURITY: Generate a strong password (32+ chars, mixed case, numbers, symbols) # Example: openssl rand -base64 32 POSTGRES_PASSWORD=CHANGE_ME_GENERATE_STRONG_PASSWORD # PostgreSQL database name POSTGRES_DB=thoughtmcp # PostgreSQL external port (host port mapping) # SECURITY: Consider not exposing this port externally in production # The thoughtmcp container connects via internal Docker network POSTGRES_PORT=5432 # ============================================================================ # DOCKER COMPOSE OLLAMA (docker-compose.prod.yml) # ============================================================================ # Ollama embedding service configuration # Ollama external port (host port mapping) # SECURITY: Consider not exposing this port externally in production # The thoughtmcp container connects via internal Docker network OLLAMA_PORT=11434 # ============================================================================ # APPLICATION DATABASE CONFIGURATION # ============================================================================ # These are used by the application when running outside Docker # When running in Docker, the thoughtmcp service uses internal network addresses # Full connection string for external access # Format: postgresql://user:password@host:port/database?sslmode=require # SECURITY: Enable SSL in production (sslmode=require) DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@localhost:${POSTGRES_PORT}/${POSTGRES_DB} # Individual connection settings (used when DATABASE_URL is not set) DB_HOST=localhost DB_PORT=${POSTGRES_PORT} DB_NAME=${POSTGRES_DB} DB_USER=${POSTGRES_USER} DB_PASSWORD=${POSTGRES_PASSWORD} # Connection pool size # Recommended: Start with 20, increase based on load testing # Max connections = DB_POOL_SIZE * number_of_instances DB_POOL_SIZE=20 # Connection timeout in milliseconds (default: 5000) DB_CONNECTION_TIMEOUT=5000 # Idle connection timeout in milliseconds (default: 30000) DB_IDLE_TIMEOUT=30000 # ============================================================================ # EMBEDDING MODEL CONFIGURATION # ============================================================================ # Ollama embedding service settings # Ollama host URL for external access # When running in Docker, the thoughtmcp service uses http://ollama:11434 OLLAMA_HOST=http://localhost:${OLLAMA_PORT} # Embedding model to use # Production recommendation: nomic-embed-text (local, zero cost, good quality) EMBEDDING_MODEL=nomic-embed-text # Embedding vector dimension (MUST match model) # - nomic-embed-text: 768 # - mxbai-embed-large: 1024 EMBEDDING_DIMENSION=768 # Ollama request timeout in milliseconds (default: 30000) OLLAMA_TIMEOUT=30000 # ============================================================================ # ENVIRONMENT AND LOGGING # ============================================================================ # Environment mode (MUST be 'production' for production deployments) NODE_ENV=production # Log level: DEBUG, INFO, WARN, ERROR # SECURITY: Use WARN or ERROR in production to avoid logging sensitive data LOG_LEVEL=WARN # Log format: text, json # Production recommendation: json for log aggregation systems LOG_FORMAT=json # Log file path (optional, logs to stdout by default) # Docker recommendation: Log to stdout, let Docker handle log routing # LOG_FILE=/var/log/thoughtmcp/app.log # ============================================================================ # PERFORMANCE CONFIGURATION # ============================================================================ # Query cache TTL in seconds (default: 300 = 5 minutes) # Higher values reduce database load but may serve stale data CACHE_TTL=300 # Maximum processing time in milliseconds (default: 30000 = 30 seconds) # Increase for complex reasoning tasks MAX_PROCESSING_TIME=30000 # Enable query result caching (default: true) ENABLE_CACHE=true # Enable performance monitoring (default: true) ENABLE_MONITORING=true # ============================================================================ # FEATURE FLAGS # ============================================================================ # Enable bias detection in reasoning (default: true) ENABLE_BIAS_DETECTION=true # Enable emotion detection in input (default: true) ENABLE_EMOTION_DETECTION=true # Enable metacognitive monitoring (default: true) ENABLE_METACOGNITION=true # ============================================================================ # MCP SERVER MODE # ============================================================================ # MCP Standby Mode (default: true) # When true, the container stays alive without starting the MCP server process. # MCP clients connect via: docker exec -i thoughtmcp-server node dist/index.js # Each client connection spawns a dedicated MCP server process inside the container. # # Benefits: # - No environment variables needed in MCP client config # - Uses internal Docker network for postgres/ollama connections # - Simpler MCP client configuration # # Set to false to run the MCP server directly (legacy behavior) MCP_STANDBY_MODE=true # ============================================================================ # SECURITY CONFIGURATION # ============================================================================ # SECURITY: Review and configure all security settings before production deployment # Enable SSL/TLS for database connections # SECURITY: Always enable in production DB_SSL_ENABLED=true # Path to CA certificate for database SSL (optional) # Required for self-signed certificates or private CAs # DB_SSL_CA=/path/to/ca-certificate.crt # Enable rate limiting # SECURITY: Always enable in production to prevent abuse ENABLE_RATE_LIMITING=true # Rate limit: requests per minute per user (default: 100) # Adjust based on expected usage patterns RATE_LIMIT_RPM=100 # ============================================================================ # MONITORING AND OBSERVABILITY # ============================================================================ # Enable health check endpoint (default: true) ENABLE_HEALTH_CHECK=true # Health check port (default: 8080) # SECURITY: Ensure this port is only accessible from monitoring systems HEALTH_CHECK_PORT=8080 # Enable metrics collection (default: true) ENABLE_METRICS=true # Metrics export format: prometheus, json (default: prometheus) METRICS_FORMAT=prometheus # ============================================================================ # RESOURCE LIMITS # ============================================================================ # Maximum memory per operation in MB (default: 512) MAX_MEMORY_MB=512 # Maximum concurrent operations (default: 10) MAX_CONCURRENT_OPS=10 # Maximum batch size for bulk operations (default: 1000) MAX_BATCH_SIZE=1000 # ============================================================================ # TEMPORAL DECAY CONFIGURATION # ============================================================================ # Enable automatic memory decay (default: true) ENABLE_DECAY=true # Decay scheduler cron expression (default: daily at 2 AM) DECAY_SCHEDULE=0 2 * * * # Decay batch size (default: 1000) DECAY_BATCH_SIZE=1000 # ============================================================================ # BACKUP CONFIGURATION (Optional) # ============================================================================ # SECURITY: Store backups in a secure location with appropriate access controls # Enable automatic backups (default: false) # ENABLE_AUTO_BACKUP=true # Backup schedule cron expression (default: daily at 3 AM) # BACKUP_SCHEDULE=0 3 * * * # Backup retention days (default: 30) # BACKUP_RETENTION_DAYS=30 # Backup storage path # SECURITY: Ensure backup directory has restricted permissions # BACKUP_PATH=/var/backups/thoughtmcp # ============================================================================ # DOCKER COMPOSE USAGE # ============================================================================ # Quick reference for docker-compose.prod.yml commands: # # Start all services: # docker compose -f docker-compose.prod.yml --env-file .env.production up -d # # View logs: # docker compose -f docker-compose.prod.yml logs -f # # Stop services: # docker compose -f docker-compose.prod.yml down # # Stop and remove all data (DESTRUCTIVE): # docker compose -f docker-compose.prod.yml down -v # # Rebuild after code changes: # docker compose -f docker-compose.prod.yml build thoughtmcp # docker compose -f docker-compose.prod.yml up -d thoughtmcp # # ============================================================================ # MCP CLIENT CONFIGURATION # ============================================================================ # Configure your MCP client (e.g., .kiro/settings/mcp.json) to connect: # # { # "mcpServers": { # "thoughtmcp": { # "command": "docker", # "args": ["exec", "-i", "thoughtmcp-server", "node", "dist/index.js"], # "env": {}, # "disabled": false, # "autoApprove": ["store_memory", "retrieve_memories", "think"] # } # } # } # # No environment variables needed - all config is inside the container! # ============================================================================