-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.env.example
More file actions
183 lines (159 loc) · 4.82 KB
/
.env.example
File metadata and controls
183 lines (159 loc) · 4.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
# Multi-Agent Docker Environment Configuration
# Copy this file to .env and update the values for your environment
# External directory for mounted files
EXTERNAL_DIR=./.agent-mount/ext
# Host user and group IDs for file permissions
HOST_UID=1000
HOST_GID=1000
# Resource limits (leave empty for auto-detection)
DOCKER_CPUS=
DOCKER_MEMORY=
# External application ports
BLENDER_PORT=9876
QGIS_PORT=9877
# MCP Configuration
MCP_LOG_LEVEL=info
MCP_TCP_PORT=9500
MCP_BRIDGE_PORT=3002
MCP_WS_URL=ws://localhost:3002
MCP_TCP_HOST=localhost
# Security Configuration
# WARNING: Change all default tokens and secrets before deployment!
# Authentication
# Enable/disable WebSocket authentication
WS_AUTH_ENABLED=true
# Secure token for WebSocket connections - CHANGE THIS!
WS_AUTH_TOKEN=your-secure-websocket-token-change-me
# Secure token for TCP connections - CHANGE THIS!
TCP_AUTH_TOKEN=your-secure-tcp-token-change-me
# JWT secret for token generation - MINIMUM 32 characters!
JWT_SECRET=your-super-secret-jwt-key-minimum-32-chars
# API key for external services
API_KEY=your-api-key-for-external-services
# Connection Limits
# Maximum concurrent WebSocket connections
WS_MAX_CONNECTIONS=100
# Maximum concurrent TCP connections
TCP_MAX_CONNECTIONS=50
# Connection timeout in milliseconds (5 minutes)
WS_CONNECTION_TIMEOUT=300000
# Rate Limiting
# Enable rate limiting protection
RATE_LIMIT_ENABLED=true
# Rate limit window in milliseconds (1 minute)
RATE_LIMIT_WINDOW_MS=60000
# Maximum requests per window
RATE_LIMIT_MAX_REQUESTS=100
# Maximum burst requests
RATE_LIMIT_BURST_REQUESTS=20
# Request Size Limits
# Maximum request size in bytes (10MB)
MAX_REQUEST_SIZE=10485760
# Maximum message size in bytes (1MB)
MAX_MESSAGE_SIZE=1048576
# Maximum buffer size in bytes (16MB)
MAX_BUFFER_SIZE=16777216
# CORS Security
# Enable CORS protection
CORS_ENABLED=true
# Allowed origins (comma-separated)
CORS_ALLOWED_ORIGINS=http://localhost:3000,https://localhost:3000
# Allowed HTTP methods
CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,OPTIONS
# Allowed headers
CORS_ALLOWED_HEADERS=Content-Type,Authorization,X-Requested-With
# SSL/TLS Configuration (for production)
# Enable SSL/TLS encryption
SSL_ENABLED=false
# Path to SSL certificate
SSL_CERT_PATH=/app/certs/server.crt
# Path to SSL private key
SSL_KEY_PATH=/app/certs/server.key
# Path to SSL CA certificate
SSL_CA_PATH=/app/certs/ca.crt
# Monitoring and Logging
# Enable security audit logging
SECURITY_AUDIT_LOG=true
# Enable performance monitoring
PERFORMANCE_MONITORING=true
# Enable health check endpoints
HEALTH_CHECK_ENABLED=true
# Health check interval in milliseconds (30 seconds)
HEALTH_CHECK_INTERVAL=30000
# Circuit Breaker Settings
# Enable circuit breaker pattern
CIRCUITBREAKER_ENABLED=true
# Number of failures before opening circuit
CIRCUITBREAKER_FAILURE_THRESHOLD=5
# Circuit breaker timeout in milliseconds
CIRCUITBREAKER_TIMEOUT=30000
# Time before attempting to close circuit
CIRCUITBREAKER_RESET_TIMEOUT=60000
# Encryption Settings
# Enable end-to-end encryption
ENCRYPTION_ENABLED=false
# Encryption algorithm to use
ENCRYPTION_ALGORITHM=aes-256-gcm
# Encryption key - CHANGE THIS!
ENCRYPTION_KEY=your-encryption-key-change-me
# Session Management
# Session timeout in milliseconds (30 minutes)
SESSION_TIMEOUT=1800000
# Session cleanup interval in milliseconds (5 minutes)
SESSION_CLEANUP_INTERVAL=300000
# Maximum concurrent sessions per client
MAX_CONCURRENT_SESSIONS=10
# IP Blocking
# Enable automatic IP blocking
AUTO_BLOCK_ENABLED=true
# Duration to block IPs in milliseconds (1 hour)
BLOCK_DURATION=3600000
# Maximum failed attempts before blocking
MAX_FAILED_ATTEMPTS=3
# Database Security
# Enable database encryption
DB_ENCRYPTION_ENABLED=false
# Enable database backups
DB_BACKUP_ENABLED=true
# Backup interval in milliseconds (24 hours)
DB_BACKUP_INTERVAL=86400000
# Development vs Production
# Set to 'production' for production deployments
NODE_ENV=development
# Enable debug mode (disable in production)
DEBUG_MODE=true
# Enable verbose logging (disable in production)
VERBOSE_LOGGING=true
# Additional Security Headers
# Enable security headers
SECURITY_HEADERS_ENABLED=true
# Content Security Policy
CSP_ENABLED=true
# X-Frame-Options
X_FRAME_OPTIONS=DENY
# X-Content-Type-Options
X_CONTENT_TYPE_OPTIONS=nosniff
# Strict-Transport-Security (HTTPS only)
HSTS_ENABLED=false
HSTS_MAX_AGE=31536000
# API Security
# API version for compatibility
API_VERSION=v1
# Enable API key validation
API_KEY_VALIDATION=true
# API request timeout in milliseconds
API_TIMEOUT=30000
# Prometheus Metrics (optional)
METRICS_ENABLED=false
METRICS_PORT=9090
METRICS_PATH=/metrics
# Redis Configuration (for session storage, optional)
REDIS_ENABLED=false
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_PASSWORD=your-redis-password
REDIS_DB=0
# Backup and Recovery
BACKUP_ENABLED=true
BACKUP_SCHEDULE="0 2 * * *" # Daily at 2 AM
BACKUP_RETENTION_DAYS=30