Security MCP Server

# ============================================================================ # MCP Server Configuration Template # ============================================================================ # This file contains all configuration options for the MCP (Machine Control Protocol) Server # Copy this file to .env and adjust values as needed for your environment # # SECURITY WARNING: Never commit .env files with actual credentials to version control # ============================================================================ # ============================================================================ # SERVER CONFIGURATION # ============================================================================ # Server transport mode: "stdio" (standard I/O) or "http" (REST API) # Default: stdio MCP_SERVER_TRANSPORT=stdio # HTTP server host (only used when transport=http) # Default: 0.0.0.0 (all interfaces) # For security, consider binding to 127.0.0.1 in production MCP_SERVER_HOST=0.0.0.0 # HTTP server port (only used when transport=http) # Default: 8080 MCP_SERVER_PORT=8080 # Maximum number of concurrent connections (HTTP transport) # Default: 100 MCP_SERVER_MAX_CONNECTIONS=100 # Number of worker processes (HTTP transport) # Default: 1 MCP_SERVER_WORKERS=1 # Graceful shutdown timeout in seconds # Time to wait for active connections to close before forcing shutdown # Default: 30 MCP_SERVER_SHUTDOWN_GRACE_PERIOD=30 # ============================================================================ # TOOL CONFIGURATION # ============================================================================ # Python package path containing tool implementations # Default: mcp_server.tools TOOLS_PACKAGE=mcp_server.tools # Comma-separated list of tool names to include (whitelist) # Leave empty to include all available tools # Example: NmapTool,MasscanTool TOOL_INCLUDE= # Comma-separated list of tool names to exclude (blacklist) # Example: GobusterTool TOOL_EXCLUDE= # Default timeout for tool execution in seconds # Can be overridden per tool or per execution # Default: 300 (5 minutes) MCP_DEFAULT_TIMEOUT_SEC=300 # Default concurrency limit for tools (number of simultaneous executions) # Default: 2 MCP_DEFAULT_CONCURRENCY=2 # ============================================================================ # SECURITY CONFIGURATION # ============================================================================ # Maximum length of tool arguments in bytes # Prevents excessive memory usage from malformed requests # Default: 2048 MCP_MAX_ARGS_LEN=2048 # Maximum stdout capture size in bytes (1 MiB) # Default: 1048576 MCP_MAX_STDOUT_BYTES=1048576 # Maximum stderr capture size in bytes (256 KiB) # Default: 262144 MCP_MAX_STDERR_BYTES=262144 # Allowed target patterns (comma-separated) # Default: RFC1918,.lab.internal MCP_SECURITY_ALLOWED_TARGETS=RFC1918,.lab.internal # ============================================================================ # CIRCUIT BREAKER CONFIGURATION # ============================================================================ # Number of failures before circuit opens # Default: 5 MCP_CIRCUIT_BREAKER_FAILURE_THRESHOLD=5 # Recovery timeout in seconds after circuit opens # Default: 60.0 MCP_CIRCUIT_BREAKER_RECOVERY_TIMEOUT=60.0 # Number of successes in half-open state before closing # Default: 1 MCP_CIRCUIT_BREAKER_HALF_OPEN_SUCCESS_THRESHOLD=1 # ============================================================================ # HEALTH CHECK CONFIGURATION # ============================================================================ # Health check interval in seconds # Default: 30.0 MCP_HEALTH_CHECK_INTERVAL=30.0 # CPU usage threshold for health warnings (percentage) # Default: 80.0 MCP_HEALTH_CPU_THRESHOLD=80.0 # Memory usage threshold for health warnings (percentage) # Default: 80.0 MCP_HEALTH_MEMORY_THRESHOLD=80.0 # Disk usage threshold for health warnings (percentage) # Default: 80.0 MCP_HEALTH_DISK_THRESHOLD=80.0 # Health check timeout in seconds # Default: 10.0 MCP_HEALTH_TIMEOUT=10.0 # Comma-separated list of Python modules to check as dependencies # Example: psutil,prometheus_client MCP_HEALTH_DEPENDENCIES= # ============================================================================ # METRICS CONFIGURATION # ============================================================================ # Enable metrics collection # Default: true MCP_METRICS_ENABLED=true # Enable Prometheus metrics endpoint # Default: true MCP_METRICS_PROMETHEUS_ENABLED=true # Prometheus metrics port (when running separately) # Default: 9090 MCP_METRICS_PROMETHEUS_PORT=9090 # Metrics collection interval in seconds # Default: 15.0 MCP_METRICS_COLLECTION_INTERVAL=15.0 # ============================================================================ # LOGGING CONFIGURATION # ============================================================================ # Log level: DEBUG, INFO, WARNING, ERROR, CRITICAL # Default: INFO LOG_LEVEL=INFO # Log format string (Python logging format) # Default: %(asctime)s %(levelname)s %(name)s %(message)s LOG_FORMAT=%(asctime)s %(levelname)s %(name)s %(message)s # Log file path (optional, logs to stdout if not set) # Example: /var/log/mcp-server/mcp.log MCP_LOGGING_FILE_PATH= # Maximum log file size in bytes (10 MB) # Default: 10485760 MCP_LOGGING_MAX_FILE_SIZE=10485760 # Number of log file backups to keep # Default: 5 MCP_LOGGING_BACKUP_COUNT=5 # ============================================================================ # DATABASE CONFIGURATION (Optional) # ============================================================================ # Database connection URL (if using database features) # Example: postgresql://user:pass@localhost/mcp_db # Default: empty (no database) MCP_DATABASE_URL= # Database connection pool size # Default: 10 MCP_DATABASE_POOL_SIZE=10 # Maximum overflow connections above pool_size # Default: 20 MCP_DATABASE_MAX_OVERFLOW=20 # Pool connection timeout in seconds # Default: 30 MCP_DATABASE_POOL_TIMEOUT=30 # Time to recycle connections in seconds # Default: 3600 (1 hour) MCP_DATABASE_POOL_RECYCLE=3600 # ============================================================================ # DEVELOPMENT/DEBUG SETTINGS # ============================================================================ # Enable debug mode (verbose logging, additional checks) # WARNING: Never enable in production # Default: false DEBUG=false # Enable development mode (auto-reload, debug endpoints) # WARNING: Never enable in production # Default: false DEVELOPMENT_MODE=false # ============================================================================ # OPTIONAL PERFORMANCE TUNING # ============================================================================ # Enable uvloop for better async performance (if installed) # Default: auto-detect USE_UVLOOP=auto # ============================================================================ # TOOL-SPECIFIC OVERRIDES (Optional) # ============================================================================ # Override settings for specific tools # Format: TOOL_<TOOLNAME>_<SETTING>=value # Example: Custom timeout for Nmap tool (seconds) # TOOL_NMAP_TIMEOUT=600 # Example: Custom concurrency for Masscan tool # TOOL_MASSCAN_CONCURRENCY=1 # Example: Custom rate limit for Masscan # TOOL_MASSCAN_RATE=1000 # ============================================================================ # NOTES # ============================================================================ # 1. All timeout values are in seconds unless specified otherwise # 2. All size limits are in bytes unless specified otherwise # 3. Percentage thresholds should be between 0.0 and 100.0 # 4. Boolean values: true/false, yes/no, 1/0 are accepted # 5. Empty values use the documented defaults # 6. Comments starting with # are ignored # ============================================================================