M.I.M.I.R - Multi-agent Intelligent Memory & Insight Repository

# ============================================================================ # MIMIR CONFIGURATION # ============================================================================ # Copy this file to .env and customize as needed # Most settings have sensible defaults - only change what you need # ============================================================================ # REQUIRED SETTINGS # ============================================================================ # Mimir Server Configuration MIMIR_SERVER_URL=http://localhost:9042 # Mimir HTTP server URL (used by clients) MIMIR_PORT=9042 # Port for Mimir HTTP server (falls back to PORT if not set) # Neo4j Database Password (CHANGE THIS IN PRODUCTION!) NEO4J_PASSWORD=password # Your main source code directory (will be mounted read-only) # Examples: # Windows: C:\Users\YourName\Documents\GitHub # macOS: ~/Documents/projects # Linux: ~/workspace HOST_WORKSPACE_ROOT=~/src # ============================================================================ # LLM CONFIGURATION (For Chat API & Orchestration) # ============================================================================ # Provider Selection MIMIR_DEFAULT_PROVIDER=openai # Options: openai, copilot, ollama, llama.cpp MIMIR_DEFAULT_MODEL=gpt-4.1 # Default LLM model # LLM API Configuration (simple concatenation: MIMIR_LLM_API + MIMIR_LLM_API_PATH) # Pattern 1: Base includes version prefix MIMIR_LLM_API=http://copilot-api:4141/v1 MIMIR_LLM_API_PATH=/chat/completions MIMIR_LLM_API_MODELS_PATH=/models MIMIR_LLM_API_KEY=dummy-key-for-proxy # Pattern 2: Path includes version prefix (also valid) # MIMIR_LLM_API=http://copilot-api:4141 # MIMIR_LLM_API_PATH=/v1/chat/completions # MIMIR_LLM_API_MODELS_PATH=/v1/models # For OpenAI direct (Pattern 1): # MIMIR_LLM_API=https://api.openai.com/v1 # MIMIR_LLM_API_PATH=/chat/completions # MIMIR_LLM_API_MODELS_PATH=/models # MIMIR_LLM_API_KEY=sk-...your-openai-api-key... # ============================================================================ # PCTX Integration (Code Mode for 90-98% token reduction) # ============================================================================ # PCTX URL (default: http://localhost:8080 for local, http://host.docker.internal:8080 for Docker) PCTX_URL=http://localhost:8080 # Enable/disable PCTX tool for agents (default: false) PCTX_ENABLED=false # ============================================================================ # AUTHENTICATION & SECURITY (Optional - disabled by default) # ============================================================================ # Enable authentication (default: false) # When true: Users must authenticate to access Mimir # When false: No authentication required (development only) MIMIR_ENABLE_SECURITY=false # Enable Role-Based Access Control (default: false) # Requires MIMIR_ENABLE_SECURITY=true # When true: Fine-grained permissions based on user roles # When false: All authenticated users get full access MIMIR_ENABLE_RBAC=false # RBAC Configuration (optional) # Supports 3 formats: # 1. Local file path: MIMIR_RBAC_CONFIG=./config/rbac.json # 2. Remote URI: MIMIR_RBAC_CONFIG=https://config-server.example.com/rbac.json # 3. Inline JSON: MIMIR_RBAC_CONFIG='{"version":"1.0","claimPath":"roles",...}' # MIMIR_RBAC_CONFIG=./config/rbac.json # Authorization header for remote RBAC config (optional) # Use with remote URI to authenticate config requests # MIMIR_RBAC_AUTH_HEADER=Bearer your-token-here # Multiple dev users for RBAC testing (recommended): # Format: MIMIR_DEV_USER_<NAME>=username:password:role1,role2,role3 # Examples: # MIMIR_DEV_USER_ADMIN=admin:admin:admin,developer,analyst # MIMIR_DEV_USER_DEVELOPER=dev:dev:developer # MIMIR_DEV_USER_ANALYST=analyst:analyst:analyst # MIMIR_DEV_USER_VIEWER=viewer:viewer:viewer # JWT Secret for signing authentication tokens (REQUIRED when MIMIR_ENABLE_SECURITY=true) # IMPORTANT: Changing this will invalidate all existing tokens MIMIR_JWT_SECRET=change-me-in-production # JWT Token Expiration (optional, default: never expire) # Set token lifetime in seconds, or 0 for never-expiring tokens # Default: 0 (never expire - stateless tokens, logout via client-side cookie deletion) # Examples: # Never: MIMIR_MAX_TOKEN_AGE_SECONDS=0 (default - tokens never expire) # 7 days: MIMIR_MAX_TOKEN_AGE_SECONDS=604800 # 30 days: MIMIR_MAX_TOKEN_AGE_SECONDS=2592000 # 90 days: MIMIR_MAX_TOKEN_AGE_SECONDS=7776000 # 1 year: MIMIR_MAX_TOKEN_AGE_SECONDS=31536000 # MIMIR_MAX_TOKEN_AGE_SECONDS=0 # ============================================================================ # PHASE 2: AUDIT LOGGING & DATA RETENTION # ============================================================================ # Audit Logging (disabled by default) # Generic audit trail for compliance (HIPAA, FISMA, GDPR) MIMIR_ENABLE_AUDIT_LOGGING=false # Audit log destination: stdout, file, webhook, or all MIMIR_AUDIT_LOG_DESTINATION=stdout # Audit log format: json or text MIMIR_AUDIT_LOG_FORMAT=json # Audit log level: info, debug, warn, error MIMIR_AUDIT_LOG_LEVEL=info # Audit log file path (if destination=file or all) # MIMIR_AUDIT_LOG_FILE=/var/log/mimir/audit.log # Webhook URL for audit events (if destination=webhook or all) # MIMIR_AUDIT_WEBHOOK_URL=https://siem.example.com/ingest # MIMIR_AUDIT_WEBHOOK_AUTH_HEADER=Bearer your-token-here # Webhook batching (optional) # MIMIR_AUDIT_WEBHOOK_BATCH_SIZE=100 # MIMIR_AUDIT_WEBHOOK_BATCH_INTERVAL_MS=5000 # Data Retention (disabled by default - data kept forever) # Enable automatic deletion of old data MIMIR_DATA_RETENTION_ENABLED=false # Default retention in days (0 = forever, default) # Only applies when MIMIR_DATA_RETENTION_ENABLED=true MIMIR_DATA_RETENTION_DEFAULT_DAYS=0 # Node-specific retention policies (JSON format) # Example: {"todo":30,"memory":365,"audit":2555} # MIMIR_DATA_RETENTION_POLICIES={"todo":30,"memory":90} # Audit log retention in days (0 = forever, default) # HIPAA requires 7 years (2555 days) for audit logs MIMIR_DATA_RETENTION_AUDIT_DAYS=0 # How often to run cleanup (milliseconds, default: 24 hours) # MIMIR_DATA_RETENTION_INTERVAL_MS=86400000 # OAuth Configuration (for production) # IMPORTANT: Each OAuth provider has DIFFERENT endpoint paths - configure explicitly! # MIMIR_AUTH_PROVIDER=okta # or auth0, azure, google, etc. # # REQUIRED: Full OAuth endpoint URLs (provider-specific) # Okta example: # MIMIR_OAUTH_AUTHORIZATION_URL=https://your-domain.okta.com/oauth2/v1/authorize # MIMIR_OAUTH_TOKEN_URL=https://your-domain.okta.com/oauth2/v1/token # MIMIR_OAUTH_USERINFO_URL=https://your-domain.okta.com/oauth2/v1/userinfo # # Auth0 example: # MIMIR_OAUTH_AUTHORIZATION_URL=https://your-domain.auth0.com/authorize # MIMIR_OAUTH_TOKEN_URL=https://your-domain.auth0.com/oauth/token # MIMIR_OAUTH_USERINFO_URL=https://your-domain.auth0.com/userinfo # # Azure AD example: # MIMIR_OAUTH_AUTHORIZATION_URL=https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize # MIMIR_OAUTH_TOKEN_URL=https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token # MIMIR_OAUTH_USERINFO_URL=https://graph.microsoft.com/oidc/userinfo # # Google example: # MIMIR_OAUTH_AUTHORIZATION_URL=https://accounts.google.com/o/oauth2/v2/auth # MIMIR_OAUTH_TOKEN_URL=https://oauth2.googleapis.com/token # MIMIR_OAUTH_USERINFO_URL=https://openidconnect.googleapis.com/v1/userinfo # # MIMIR_OAUTH_CLIENT_ID=your-client-id # MIMIR_OAUTH_CLIENT_SECRET=your-client-secret # MIMIR_OAUTH_CALLBACK_URL=http://localhost:9042/auth/oauth/callback # MIMIR_OAUTH_TIMEOUT_MS=10000 # Optional, timeout for OAuth userinfo requests in milliseconds (default: 10000ms = 10s) # MIMIR_OAUTH_ALLOW_HTTP=true # Optional, allow HTTP URLs for local OAuth testing (default: false, HTTPS required in production) # ============================================================================ # EMBEDDINGS CONFIGURATION (For Semantic Search & RAG) # ============================================================================ # Enable/disable embeddings MIMIR_EMBEDDINGS_ENABLED=true # Embedding Model Configuration MIMIR_EMBEDDINGS_MODEL=mxbai-embed-large # Default: mxbai-embed-large (1024 dims) MIMIR_EMBEDDINGS_API=http://llama-server:8080 MIMIR_EMBEDDINGS_API_PATH=/v1/embeddings MIMIR_EMBEDDINGS_DIMENSIONS=1024 # Default: 1024 for mxbai-embed-large MIMIR_EMBEDDINGS_CHUNK_SIZE=768 # Default: 768 MIMIR_EMBEDDINGS_CHUNK_OVERLAP=50 # Default: 50 MIMIR_EMBEDDINGS_MAX_RETRIES=3 # Default: 3 (retries for 503/model loading errors) MIMIR_EMBEDDINGS_DELAY_MS=500 # Default: 500ms (delay between files to prevent overwhelming Ollama) # Image/Vision-Language Embeddings Configuration # Image Embeddings Control (disabled by default for safety) MIMIR_EMBEDDINGS_IMAGES=false # Default: false (enable to index images) MIMIR_EMBEDDINGS_IMAGES_DESCRIBE_MODE=true # Default: true (VL description mode) # Qwen2.5-VL Configuration (llama.cpp server with qwen2.5-vl-7b or qwen2.5-vl-2b) MIMIR_EMBEDDINGS_VL_PROVIDER=llama.cpp # Provider: llama.cpp (for llama.cpp server) MIMIR_EMBEDDINGS_VL_API=http://llama-vl-server:8080 # VL API endpoint MIMIR_EMBEDDINGS_VL_API_PATH=/v1/chat/completions # OpenAI-compatible chat endpoint MIMIR_EMBEDDINGS_VL_API_KEY=dummy-key # API key (not required for local llama.cpp) MIMIR_EMBEDDINGS_VL_MODEL=qwen2.5-vl # Model name (qwen2.5-vl-2b or qwen2.5-vl-7b) MIMIR_EMBEDDINGS_VL_CONTEXT_SIZE=131072 # 128K tokens (7b/72b), 32K for 2b MIMIR_EMBEDDINGS_VL_MAX_TOKENS=2048 # Max description length (tokens) MIMIR_EMBEDDINGS_VL_TEMPERATURE=0.7 # Temperature for description generation MIMIR_EMBEDDINGS_VL_DIMENSIONS=768 # Falls back to text embedding dimensions # Image Description Mode (Recommended when VL GGUF embeddings unavailable) # Uses VL model (qwen3-vl:8b) to generate text descriptions of images, # then embeds those descriptions with the text embedding model. # This provides semantic image search without needing multimodal GGUF models. MIMIR_EMBEDDINGS_IMAGES_DESCRIBE_MODE=true # Default: true (use description-based image embeddings) # Indexing Configuration MIMIR_INDEXING_THREADS=1 # Default: 1 (concurrent folders to index, limited due to single Ollama instance) # ============================================================================ # OPTIONAL: ADVANCED FEATURES # ============================================================================ # Auto-index Mimir documentation on startup (default: true) # This allows users to immediately query Mimir's docs via semantic search MIMIR_AUTO_INDEX_DOCS=true # Per-agent model overrides (optional - defaults to MIMIR_DEFAULT_MODEL) # MIMIR_PM_MODEL=gpt-4.1 # PM agent model # MIMIR_WORKER_MODEL=gpt-4o-mini # Worker agent model # MIMIR_QC_MODEL=gpt-4.1 # QC agent model # Enable Ecko prompt optimization agent MIMIR_ENABLE_ECKO=false # Enable PM model suggestions MIMIR_FEATURE_PM_MODEL_SUGGESTIONS=false # Agent Execution Limits # Maximum number of steps an agent can take before stopping (default: 100) # Increase this for complex tasks that require many tool calls # Recommended: 100 for GPT-4.1, 150-200 for complex multi-step tasks # Note: Higher values consume more tokens and may increase costs MIMIR_AGENT_RECURSION_LIMIT=100 # ============================================================================ # OPTIONAL: CORPORATE NETWORK SETTINGS # ============================================================================ # Only needed if you're behind a corporate proxy or use custom certificates # Proxy settings (uncomment if needed) # HTTP_PROXY=http://proxy.company.com:8080 # HTTPS_PROXY=http://proxy.company.com:8080 # NO_PROXY=localhost,127.0.0.1 # HTTP server port PORT=3000 # File watching configuration FILE_WATCH_POLLING=true FILE_WATCH_INTERVAL=1000 WORKSPACE_ROOT=/workspace # Custom CA certificates (uncomment if needed) # SSL_CERT_FILE=/path/to/corporate-ca.crt # CURL_CA_BUNDLE=/path/to/corporate-ca.crt