|
| 1 | +# ─── Auth mode ───────────────────────────────────────────────────────────── |
| 2 | +# env — single tenant: ESET_USER/ESET_PASSWORD below are used for every |
| 3 | +# request. Default. Works on both stdio and http transports. |
| 4 | +# basic — multi tenant: clients send `Authorization: Basic <base64(user:pw)>` |
| 5 | +# (and optionally `X-ESET-Region`) on every request. Only valid with |
| 6 | +# ESET_MCP_TRANSPORT=http. ESET_USER/ESET_PASSWORD below become optional. |
| 7 | +ESET_AUTH_MODE=env |
| 8 | + |
| 9 | +# ─── ESET API credentials (required when ESET_AUTH_MODE=env) ─────────────── |
| 10 | +# Use a dedicated API user (NOT your regular console login). Create one in |
| 11 | +# ESET PROTECT Hub / ESET Business Account → API users. |
| 12 | +ESET_USER=api-user@yourdomain.tld |
| 13 | +ESET_PASSWORD=replace-me |
| 14 | + |
| 15 | +# ─── Server behaviour ─────────────────────────────────────────────────────── |
| 16 | +# RO — RW tools are visible but blocked before any HTTP request goes out. |
| 17 | +# RW — full access; destructive tools carry destructiveHint=true in MCP annotations. |
| 18 | +ESET_MODE=RO |
| 19 | + |
| 20 | +# Default region for the API (eu/de/us/ca/jpn). |
| 21 | +# In basic-auth mode, clients can override this per-request with X-ESET-Region. |
| 22 | +ESET_REGION=eu |
| 23 | + |
| 24 | +# ─── MCP transport ───────────────────────────────────────────────────────── |
| 25 | +# stdio — for Claude Desktop / Claude Code (local stdin/stdout JSON-RPC). |
| 26 | +# http — Streamable HTTP per MCP spec 2025-11-25; exposes an HTTP endpoint. |
| 27 | +ESET_MCP_TRANSPORT=stdio |
| 28 | + |
| 29 | +# Used only when ESET_MCP_TRANSPORT=http: |
| 30 | +ESET_MCP_HTTP_HOST=127.0.0.1 |
| 31 | +ESET_MCP_HTTP_PORT=8765 |
| 32 | + |
| 33 | +# ─── Optional logging level ──────────────────────────────────────────────── |
| 34 | +ESET_LOG_LEVEL=INFO |
| 35 | + |
| 36 | +# ─── Production deployment (docker compose --profile prod) ───────────────── |
| 37 | +# Public domain Caddy will request a Let's Encrypt cert for. Must point at |
| 38 | +# the host running docker-compose. Only used by the `prod` profile. |
| 39 | +ESET_PUBLIC_DOMAIN=eset-mcp.example.com |
| 40 | +# Email Let's Encrypt uses for cert expiry notifications. |
| 41 | +ESET_ACME_EMAIL=ops@example.com |
0 commit comments