{ "$schema": "http://json-schema.org/draft-07/schema#", "title": "MXCP Config", "type": "object", "required": ["mxcp", "projects"], "properties": { "mxcp": { "type": "integer", "description": "Schema version. Must be 1.", "enum": [1], "default": 1 }, "vault": { "type": "object", "description": "Configuration for Vault integration.", "required": ["enabled"], "properties": { "enabled": { "type": "boolean" }, "address": { "type": "string", "format": "uri" }, "token_env": { "type": "string", "description": "The environment variable name containing the Vault token." } }, "additionalProperties": false }, "onepassword": { "type": "object", "description": "Configuration for 1Password integration using service account.", "required": ["enabled"], "properties": { "enabled": { "type": "boolean" }, "token_env": { "type": "string", "description": "The environment variable name containing the 1Password service account token.", "default": "OP_SERVICE_ACCOUNT_TOKEN" } }, "additionalProperties": false }, "transport": { "type": "object", "description": "Default transport configuration for serving endpoints.", "properties": { "provider": { "type": "string", "enum": ["streamable-http", "sse", "stdio"], "default": "streamable-http", "description": "Default transport protocol to use." }, "http": { "type": "object", "description": "HTTP transport specific configuration.", "properties": { "port": { "type": "integer", "minimum": 1, "maximum": 65535, "default": 8000, "description": "Default port number for HTTP transport." }, "host": { "type": "string", "default": "localhost", "description": "Default host to bind the HTTP server to." }, "scheme": { "type": "string", "enum": ["http", "https"], "default": "http", "description": "URL scheme to use for generating callback URLs and OAuth endpoints. Use 'https' when behind SSL-terminating reverse proxy." }, "base_url": { "type": "string", "format": "uri", "description": "Complete base URL for the server (e.g., 'https://api.example.com'). When provided, overrides scheme, host, and port for URL generation." }, "trust_proxy": { "type": "boolean", "default": false, "description": "Whether to trust X-Forwarded-* headers from reverse proxies for scheme detection." }, "stateless": { "type": "boolean", "default": false, "description": "Enable stateless HTTP mode for serverless deployments. In stateless mode, no session state is maintained between requests." } }, "additionalProperties": false } }, "additionalProperties": false }, "models": { "type": "object", "description": "Configuration for LLM models used in evals.", "properties": { "default": { "type": "string", "description": "Default model to use when not specified in eval suite.", "enum": ["claude-4-sonnet", "claude-4-opus", "gpt-4o", "gpt-4.1"] }, "models": { "type": "object", "description": "Model-specific configurations.", "patternProperties": { "^(claude-4-sonnet|claude-4-opus|gpt-4o|gpt-4\\.1)$": { "type": "object", "required": ["type"], "properties": { "type": { "type": "string", "enum": ["claude", "openai"], "description": "Provider type for this model." }, "api_key": { "type": "string", "description": "API key for this model." }, "base_url": { "type": "string", "format": "uri", "description": "Custom API endpoint URL." }, "timeout": { "type": "integer", "minimum": 1, "default": 30, "description": "Request timeout in seconds." }, "max_retries": { "type": "integer", "minimum": 0, "default": 3, "description": "Maximum number of retries for failed requests." } }, "additionalProperties": false } }, "additionalProperties": false } }, "additionalProperties": false }, "projects": { "type": "object", "description": "All configured RAW projects.", "patternProperties": { "^[a-zA-Z0-9_-]+$": { "type": "object", "required": ["profiles"], "properties": { "profiles": { "type": "object", "description": "Profiles under this project.", "patternProperties": { "^[a-zA-Z0-9_-]+$": { "type": "object", "properties": { "secrets": { "type": "array", "items": { "type": "object", "required": ["name", "type", "parameters"], "properties": { "name": { "type": "string", "description": "The secret name." }, "type": { "type": "string", "description": "The secret type." }, "parameters": { "type": "object", "description": "The secret definition.", "additionalProperties": { "oneOf": [ { "type": "string" }, { "type": "object", "additionalProperties": { "type": "string" } } ] } } }, "additionalProperties": false } }, "telemetry": { "type": "object", "description": "Unified telemetry configuration for traces, metrics, and logs.", "properties": { "enabled": { "type": "boolean", "description": "Global telemetry enable/disable.", "default": false }, "endpoint": { "type": "string", "description": "OTLP endpoint URL (e.g., http://localhost:4318).", "format": "uri" }, "headers": { "type": "object", "description": "Additional headers for the OTLP exporter.", "additionalProperties": { "type": "string" } }, "service_name": { "type": "string", "description": "Override the default service name (mxcp)." }, "service_version": { "type": "string", "description": "Service version string." }, "environment": { "type": "string", "description": "Deployment environment (e.g., production, staging)." }, "resource_attributes": { "type": "object", "description": "Additional resource attributes for all telemetry.", "additionalProperties": { "type": "string" } }, "tracing": { "type": "object", "description": "Distributed tracing configuration.", "properties": { "enabled": { "type": "boolean", "description": "Whether tracing is enabled.", "default": true }, "console_export": { "type": "boolean", "description": "Export spans to console for debugging.", "default": false } }, "additionalProperties": false }, "metrics": { "type": "object", "description": "Metrics collection configuration.", "properties": { "enabled": { "type": "boolean", "description": "Whether metrics collection is enabled.", "default": true }, "export_interval": { "type": "integer", "description": "Export interval in seconds.", "default": 60, "minimum": 1 }, "prometheus_port": { "type": "integer", "description": "Optional port for Prometheus scraping endpoint.", "minimum": 1024, "maximum": 65535 } }, "additionalProperties": false } }, "additionalProperties": false }, "plugin": { "type": "object", "description": "Plugin configuration for this profile.", "properties": { "config": { "type": "object", "description": "Plugin-specific configurations.", "patternProperties": { "^[a-zA-Z0-9_-]+$": { "type": "object", "description": "Configuration for a specific plugin.", "additionalProperties": { "type": "string" } } }, "additionalProperties": false } }, "additionalProperties": false }, "auth": { "type": "object", "description": "Authentication configuration for this profile", "properties": { "provider": { "type": "string", "enum": ["none", "github", "atlassian", "salesforce", "keycloak", "google"], "default": "none", "description": "OAuth provider to use for authentication" }, "authorization": { "type": "object", "description": "Authorization settings for controlling access to MCP functionality", "properties": { "required_scopes": { "type": "array", "items": {"type": "string"}, "default": [], "description": "List of scopes required to access any MCP endpoint. Empty list means no scopes required (authentication only)." } } }, "clients": { "type": "array", "description": "Pre-registered OAuth clients for development and testing.", "items": { "type": "object", "required": ["client_id", "name"], "properties": { "client_id": { "type": "string", "description": "OAuth client ID." }, "client_secret": { "type": "string", "description": "OAuth client secret (optional for public clients)." }, "name": { "type": "string", "description": "Human-readable name for this client." }, "redirect_uris": { "type": "array", "items": { "type": "string", "format": "uri" }, "description": "Allowed redirect URIs for this client.", "default": ["http://127.0.0.1:49153/oauth/callback"] }, "grant_types": { "type": "array", "items": { "type": "string", "enum": ["authorization_code", "refresh_token"] }, "description": "Allowed OAuth grant types.", "default": ["authorization_code"] }, "scopes": { "type": "array", "items": { "type": "string" }, "description": "Allowed OAuth scopes.", "default": ["mxcp:access"] } }, "additionalProperties": false } }, "github": { "type": "object", "description": "GitHub OAuth configuration (required when provider is 'github').", "required": ["client_id", "client_secret", "callback_path", "auth_url", "token_url"], "properties": { "client_id": { "type": "string", "description": "GitHub OAuth client ID." }, "client_secret": { "type": "string", "description": "GitHub OAuth client secret." }, "scope": { "type": "string", "description": "OAuth scope to request (optional).", "default": "user:email" }, "callback_path": { "type": "string", "description": "Callback path for OAuth flow.", "default": "/github/callback" }, "auth_url": { "type": "string", "format": "uri", "description": "GitHub authorization URL." }, "token_url": { "type": "string", "format": "uri", "description": "GitHub token exchange URL." } }, "additionalProperties": false }, "atlassian": { "type": "object", "description": "Atlassian OAuth configuration (required when provider is 'atlassian').", "required": ["client_id", "client_secret", "callback_path", "auth_url", "token_url"], "properties": { "client_id": { "type": "string", "description": "Atlassian OAuth client ID." }, "client_secret": { "type": "string", "description": "Atlassian OAuth client secret." }, "scope": { "type": "string", "description": "OAuth scopes to request (space-separated).", "default": "read:jira-work read:jira-user read:confluence-content.all read:confluence-user offline_access" }, "callback_path": { "type": "string", "description": "Callback path for OAuth flow.", "default": "/atlassian/callback" }, "auth_url": { "type": "string", "format": "uri", "description": "Atlassian authorization URL.", "default": "https://auth.atlassian.com/authorize" }, "token_url": { "type": "string", "format": "uri", "description": "Atlassian token exchange URL.", "default": "https://auth.atlassian.com/oauth/token" } }, "additionalProperties": false }, "salesforce": { "type": "object", "description": "Salesforce OAuth configuration (required when provider is 'salesforce').", "required": ["client_id", "client_secret", "callback_path", "auth_url", "token_url"], "properties": { "client_id": { "type": "string", "description": "Salesforce OAuth client ID." }, "client_secret": { "type": "string", "description": "Salesforce OAuth client secret." }, "scope": { "type": "string", "description": "OAuth scopes to request (space-separated).", "default": "api refresh_token openid profile email" }, "callback_path": { "type": "string", "description": "Callback path for OAuth flow.", "default": "/salesforce/callback" }, "auth_url": { "type": "string", "format": "uri", "description": "Salesforce authorization URL.", "default": "https://login.salesforce.com/services/oauth2/authorize" }, "token_url": { "type": "string", "format": "uri", "description": "Salesforce token exchange URL.", "default": "https://login.salesforce.com/services/oauth2/token" } }, "additionalProperties": false }, "keycloak": { "type": "object", "description": "Keycloak OAuth configuration (required when provider is 'keycloak').", "required": ["client_id", "client_secret", "realm", "server_url"], "properties": { "client_id": { "type": "string", "description": "Keycloak OAuth client ID." }, "client_secret": { "type": "string", "description": "Keycloak OAuth client secret." }, "realm": { "type": "string", "description": "Keycloak realm name." }, "server_url": { "type": "string", "format": "uri", "description": "Keycloak server base URL (e.g., 'http://localhost:8080')." }, "scope": { "type": "string", "description": "OAuth scopes to request (space-separated).", "default": "openid profile email" }, "callback_path": { "type": "string", "description": "Callback path for OAuth flow.", "default": "/keycloak/callback" } }, "additionalProperties": false }, "google": { "type": "object", "description": "Google OAuth configuration (required when provider is 'google').", "required": ["client_id", "client_secret", "callback_path", "auth_url", "token_url"], "properties": { "client_id": { "type": "string", "description": "Google OAuth client ID." }, "client_secret": { "type": "string", "description": "Google OAuth client secret." }, "scope": { "type": "string", "description": "OAuth scopes to request (space-separated).", "default": "https://www.googleapis.com/auth/calendar.readonly openid profile email" }, "callback_path": { "type": "string", "description": "Callback path for OAuth flow.", "default": "/google/callback" }, "auth_url": { "type": "string", "format": "uri", "description": "Google authorization URL.", "default": "https://accounts.google.com/o/oauth2/v2/auth" }, "token_url": { "type": "string", "format": "uri", "description": "Google token exchange URL.", "default": "https://oauth2.googleapis.com/token" } }, "additionalProperties": false }, "persistence": { "type": "object", "description": "OAuth state persistence configuration for maintaining authentication state across server restarts.", "properties": { "type": { "type": "string", "enum": ["sqlite"], "default": "sqlite", "description": "Type of persistence backend to use." }, "path": { "type": "string", "description": "Path to the SQLite database file for storing OAuth state.", "default": "~/.mxcp/oauth.db" } }, "additionalProperties": false } }, "additionalProperties": false } }, "additionalProperties": false } }, "additionalProperties": false } }, "additionalProperties": false } }, "additionalProperties": false } }, "additionalProperties": false }