Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| PORT | No | Server port | 3100 |
| API_KEYS | No | Comma-separated valid API keys | |
| REDIS_URL | No | Optional Redis backend for shared/distributed rate-limits | |
| STRIPE_SK | No | Stripe API key for Pro subscriptions | |
| VT_API_KEY | No | VirusTotal API key (free: 4/min, 500/day) | |
| TRUST_PROXY | No | Express trust proxy setting (false, true, hop count like 1, or subnet names/CIDRs like loopback/10.0.0.0/8) | false |
| ADMIN_SECRET | No | Secret for admin endpoints | |
| MAX_BROWSERS | No | Max concurrent browser instances | 3 |
| CHROMIUM_PATH | No | Path to Chromium | /usr/bin/chromium-browser |
| X402_RECEIVER | No | x402 payment receiver address | |
| FREE_WINDOW_MS | No | Free-tier rate-limit window in ms | 86400000 |
| MAX_SSE_PER_IP | No | Max concurrent SSE sessions per client IP | 5 |
| MEMORY_DB_PATH | No | SQLite memory database path | ./data/memory.db |
| X402_PRICE_USD | No | x402 price per call | 0.005 |
| X402_TEST_MODE | No | Set to 1 only for local/offline testing; ignored in production | 0 |
| FREE_DAILY_LIMIT | No | Free tier request limit | 10 |
| MAX_SSE_SESSIONS | No | Max MCP SSE sessions | 50 |
| ABUSEIPDB_API_KEY | No | AbuseIPDB API key (free: 1000/day) | |
| ETHERSCAN_API_KEY | No | Etherscan API key (free: 5/sec) | |
| SSE_ALLOWED_HOSTS | No | Comma-separated allowlist for Host header on /mcp/sse + /mcp/messages (e.g. mcp.example.com,localhost) | |
| ALLOW_APIKEY_QUERY | No | Allow deprecated ?apikey= auth during migration. Default is true in non-production, false in production | true |
| X402_TX_CACHE_FILE | No | Persistent replay-protection cache for used x402 tx hashes | ./data/x402-tx-cache.json |
| SSE_ALLOWED_ORIGINS | No | Optional comma-separated allowlist for Origin header (full origins like https://app.example.com) | |
| SSE_CONNECT_WINDOW_MS | No | SSE connect rate-limit window in ms | 60000 |
| STRIPE_WEBHOOK_SECRET | No | Stripe webhook signing secret | |
| CHECKOUT_LIMIT_PER_HOUR | No | Per-IP Stripe checkout creation limit | 5 |
| X402_MAX_TX_AGE_SECONDS | No | Maximum accepted payment tx age in seconds (stale txs are rejected) | 86400 |
| SSE_CONNECT_MAX_PER_WINDOW | No | Max SSE connection attempts per IP per window | 30 |
| STRIPE_WEBHOOK_IP_ALLOWLIST | No | Optional CSV allowlist for webhook source IPs |
Capabilities
Server capabilities have not been inspected yet.
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
No tools | |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |