# This is an example Itential MCP server configuration file. It shows the # availble configuration options. Configuration options are grouped into # sections. For each configuration option, there is a description of the option # along with the application default setting and name of the environment # varilable that can be used to override the value. # The server section handles configuration options for running the MCP server. # All configuration options in this section are optional and can be overridden # using environment variables prefixed with ITENTIAL_MCP_SERVER [server] # Configures the transport to use when starting the MCP server. This # configuration option accepts one of three valid values: `sse`, `stdio` # or `http` # # Default value: stdio # Environment variable: ITENTIAL_MCP_SERVER_TRANSPORT # # transport = sse # Sets the IP address to listen for connections on. This value must be a valid # IP address used by MCP clients to connect to this server. This value is only # valid when transport is set to `sse` or `http`. # # Default value: 127.0.0.1 # Environment variable: ITENTIAL_MCP_SERVER_HOST # # host = 127.0.0.1 # Sets the port to use when listening for connections. Setting this value will # configure the port the MCP server will listen for connections on. This value # is only valid when the transport is set to `sse` or `http`, otherwise it is ignored. # # Default value: 8000 # Environment variable: ITENTIAL_MCP_SERVER_PORT # # port = 8000 # Configures the path to the certificate file to use for TLS connections. This # value must be the full path to a valid certificate file that the MCP server # can use to establish secure TLS connections with clients. # # Default value: (empty string) # Environment variable: ITENTIAL_MCP_SERVER_CERTIFICATE_FILE # # certificate_file = /path/to/certificate.pem # Configures the path to the private key file to use for TLS connections. This # value must be the full path to a valid private key file that corresponds to # the certificate file specified above. # # Default value: (empty string) # Environment variable: ITENTIAL_MCP_SERVER_PRIVATE_KEY_FILE # # private_key_file = /path/to/private_key.pem # Configure the URL path for the server to listen for client requests on. This # value is appended to the host to create the full URL path for sending requests # to. This value is only valid when the transport is set to `sse` or `http`. # # Default value: /mcp # Environment variable: ITENTIAL_MCP_SERVER_PATH # # path = /mcp # Configures the logging level for output of log messages when running the # server. This configuration option accepts one of the following values: # `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`, `NONE`. # # Default value: NONE # Environment variable: ITENTIAL_MCP_SERVER_LOG_LEVEL # # log_level = NONE # Configures the list of tags to including when starting the server. This # value will control which tools are available when the server is started. # Every tool registed with this MCP server has a default tag that includes the # tools name. To explicitly include a set of tools, set this value to a comma # delimited list of tool names. # # Default value: null # Environment variable: ITENTIAL_MCP_SERVER_INCLUDE_TAGS # # include_tags = # Configures the list of tags to exclude when starting the server. This # configuration option will instruct the MCP server to exclude specific tools # from being exposed by the server. To explicitly exclude a set of tools, set # this value to a comma delimited list of tool names. # # Default value: experimental, beta # Environment variable: ITENTIAL_MCP_SERVER_EXCLUDE_TAGS # # exclude_tags = experimental, beta # Configures the path to load additional tools from. This configuration # option allows you to specify a custom directory where additional tool # modules can be loaded from at server startup. Tools in this directory # will be automatically discovered and registered with the MCP server. # # Default value: null # Environment variable: ITENTIAL_MCP_SERVER_TOOLS_PATH # # tools_path = /path/to/custom/tools # Configures the keepalive interval in seconds to prevent session timeout. # The server will periodically make authenticated requests to the platform # to keep the session active. Set to 0 to disable keepalive functionality. # # Default value: 300 # Environment variable: ITENTIAL_MCP_SERVER_KEEPALIVE_INTERVAL # # keepalive_interval = 300 # Configures the response serialization format used when returning data from # tool calls. This configuration option accepts one of two valid values: # `json` or `toon`. When set to `json`, responses are returned in standard # JSON format. When set to `toon`, responses are serialized using the TOON # (Text Object Oriented Notation) format for improved readability. # # Default value: json # Environment variable: ITENTIAL_MCP_SERVER_RESPONSE_FORMAT # # response_format = json # Configures the authentication provider type used to secure the MCP server. # This setting controls which authentication method the server will use to # validate client requests. Valid values are: none, jwt, oauth, oauth_proxy. # # Default value: none # Environment variable: ITENTIAL_MCP_SERVER_AUTH_TYPE # # auth_type = none # Configures the JWKS URI used to dynamically fetch signing keys for JWT # validation. This is used when auth_type is set to "jwt" and you want to # fetch keys dynamically from a well-known endpoint. # # Default value: null # Environment variable: ITENTIAL_MCP_SERVER_AUTH_JWKS_URI # # auth_jwks_uri = https://example.com/.well-known/jwks.json # Configures a static PEM encoded public key or shared secret for JWT # validation. This is used when auth_type is set to "jwt" and you want to # use a static key instead of fetching from a JWKS URI. # # Default value: null # Environment variable: ITENTIAL_MCP_SERVER_AUTH_PUBLIC_KEY # # auth_public_key = -----BEGIN PUBLIC KEY-----...-----END PUBLIC KEY----- # Configures the expected JWT issuer claim (iss). When validating JWTs, the # server will verify that the issuer claim matches this value exactly. # # Default value: null # Environment variable: ITENTIAL_MCP_SERVER_AUTH_ISSUER # # auth_issuer = https://auth.example.com # Configures the expected JWT audience claims (aud). You can specify multiple # audiences by separating them with commas. The JWT must contain at least one # of these audience values. # # Default value: null # Environment variable: ITENTIAL_MCP_SERVER_AUTH_AUDIENCE # # auth_audience = mcp-server,api-gateway # Configures the expected JWT signing algorithm. Common values include RS256 # for RSA signatures and HS256 for HMAC signatures. # # Default value: null # Environment variable: ITENTIAL_MCP_SERVER_AUTH_ALGORITHM # # auth_algorithm = RS256 # Configures comma separated list of scopes required on every JWT. All # specified scopes must be present in the JWT for it to be considered valid. # # Default value: null # Environment variable: ITENTIAL_MCP_SERVER_AUTH_REQUIRED_SCOPES # # auth_required_scopes = read,write,admin # Configures the OAuth client ID for authentication. This is used when # auth_type is set to "oauth" or "oauth_proxy". # # Default value: null # Environment variable: ITENTIAL_MCP_SERVER_AUTH_OAUTH_CLIENT_ID # # auth_oauth_client_id = your-client-id # Configures the OAuth client secret for authentication. This is used when # auth_type is set to "oauth" or "oauth_proxy". # # Default value: null # Environment variable: ITENTIAL_MCP_SERVER_AUTH_OAUTH_CLIENT_SECRET # # auth_oauth_client_secret = your-client-secret # Configures the OAuth authorization endpoint URL. This is where users will # be redirected to authenticate when using OAuth flow. # # Default value: null # Environment variable: ITENTIAL_MCP_SERVER_AUTH_OAUTH_AUTHORIZATION_URL # # auth_oauth_authorization_url = https://auth.example.com/oauth/authorize # Configures the OAuth token endpoint URL. This endpoint is used to exchange # authorization codes for access tokens. # # Default value: null # Environment variable: ITENTIAL_MCP_SERVER_AUTH_OAUTH_TOKEN_URL # # auth_oauth_token_url = https://auth.example.com/oauth/token # Configures the OAuth userinfo endpoint URL. This endpoint is used to fetch # user information after successful authentication. # # Default value: null # Environment variable: ITENTIAL_MCP_SERVER_AUTH_OAUTH_USERINFO_URL # # auth_oauth_userinfo_url = https://auth.example.com/oauth/userinfo # Configures OAuth scopes to request during the authentication flow. Scopes # can be separated by spaces or commas. # # Default value: null # Environment variable: ITENTIAL_MCP_SERVER_AUTH_OAUTH_SCOPES # # auth_oauth_scopes = openid profile email # Configures the OAuth redirect URI for callback after authentication. This # must match the redirect URI configured in your OAuth provider. # # Default value: null # Environment variable: ITENTIAL_MCP_SERVER_AUTH_OAUTH_REDIRECT_URI # # auth_oauth_redirect_uri = http://localhost:8000/auth/callback # Configures the OAuth provider type for predefined configurations. This # allows using predefined settings for common OAuth providers. Valid values # are: generic, google, azure, auth0, github, okta. # # Default value: null # Environment variable: ITENTIAL_MCP_SERVER_AUTH_OAUTH_PROVIDER_TYPE # # auth_oauth_provider_type = google # The platform section handles configuration options for connecting to an # instance of Itential Platform. All configuration options in this section are # optional and can be override using environment variables prefixed with # ITENTIAL_MCP_PLATFORM. [platform] # The host configuration option configures the hostname or IP address of the # Itnetial Platform server to connect to for making API calls. # # Default value: localhost # Environment variable: ITENTIAL_MCP_PLATFORM_HOST # # host = localhost # Configures the port to use when connecting to the Itential Platform server # API. If this value is set to 0, the port value will use standard port values # based on the `disable_tls` configuration setting. When `disable_tls` is # False, the port value is set to 443 and when `disable_tls` is True, the port # value is 80. # # Default value: 0 # Environment variable: ITENTIAL_MCP_PLATFORM_PORT # # port = 0 # Enable or disable the use of TLS when connecting to the Itential Platform # server API. When this value is set to True, the MCP server will not attempt # to connect using TLS. When this value is set to False, the MCP server will # attempt to use TLS when connecting to the server. # # Default value: false # Environment variable: ITENTIAL_MCP_PLATFORM_DISABLE_TLS # # disable_tls = False # Enable or disable certificate verification when connecting to the Itential # Platform server API using TLS. This value is only valid when `disable_tls` # is set to False. Setting this value to True will disable the certificate # validation and setting this value to False will enable the certificate # validation. # # Default value: false # Environment variable: ITENTIAL_MCP_PLATFORM_DISABLE_VERIFY # # disable_verify = False # Configures the username to use when connecting to the Itential Platform # server API using standard (basic) authorization. The username is along with # the password to authenticate the connection. If both `client_id` and # `client_secret` are configured, this option is ignored. # # Default value: admin # Environment variable: ITENTIAL_MCP_PLATFORM_USER # # user = admin # Configures the password to use when connecting to the Itential Platform # server API using standard (basic) authorization. # # Default value: admin # Environment variable: ITENTIAL_MCP_PLATFORM_PASSWORD # # password = admin # Sets the client ID to use when connecting to the Itential Platform server API # using OAuth. The client id is provided when creating a new service account # in Itential Platform. # # Default value: null # Environment variable: ITENTIAL_MCP_PLATFORM_CLIENT_ID # client_id = # Sets the client secret to use when connecting to the Itential Platform server # API using OAuth authentication. The client secret is provied when creating a # new service account in Itential Platform # # Default value: null # Environment variable: ITENTIAL_MCP_PLATFORM_CLIENT_SECRET # # client_secret = # Configures the connection and request timeout value in seconds. This value # will cause connection attempts and requests to error if a response is not # recieved within the timeout value. # # Default value: 30 # Environment variable: ITENTIAL_MCP_PLATFORM_TIMEOUT # # timeout = 30 # Dynamic Tool Configuration # =========================== # # The following sections define dynamic tools that expose Itential Platform # workflow triggers as MCP tools. Each tool section must start with "tool:" # followed by a unique identifier. These tools are automatically registered # with the MCP server at startup. # The value for tool_name must be unique in the configuration [tool:] # The tool type - currently only "endpoint" is supported for workflow triggers # This is a required value # type = endpoint # The name of the trigger in Itential Platform (must match exactly). This is a # required value # # name = Provision Network Device # The name of the automation containing the trigger (must match exactly). # This is a required value when the type is set to `endpoint` # # automation = Device Management # Optional description of what this tool does # # description = null # Optional comma-separated list of tags for tool filtering # Tools automatically get "dynamic" and the trigger name as tags # # tags = null