###############################
# MockServer & Proxy Settings #
###############################

# ports
# the HTTP, HTTPS, SOCKS and HTTP CONNECT port(s) for both mocking and proxying requests
mockserver.serverPort=1080
# when specified all requests received will be forwarded to the specified port, unless they match an expectation
mockserver.proxyRemotePort=1090
# specified the host to forward all proxy requests to when port forwarding mode has been enabled using the proxyRemotePort option, defaults to "localhost"
mockserver.proxyRemoteHost=localhost

# logging

# minimum level of logs to record in the event log and to output to system out
mockserver.logLevel=INFO
# disable logging to the system output
mockserver.disableSystemOut=false
# disable all logging and processing of log events
mockserver.disableLogging=false
# if true (the default) the log event recording that a request matcher did not match will include a detailed reason why each non matching field did not match
mockserver.detailedMatchFailures=false
# if true (the default) the ClientAndServer constructor or static factor methods will open the UI in the default browser when the log level is set to DEBUG
mockserver.launchUIForLogLevelDebug=false
# when enabled, log messages written to stdout/SLF4J use a compact single-line format instead of full JSON
mockserver.compactLogFormat=false
# enable the recording of metrics for different activities within MockServer, these are exposed via /mockserver/metrics in prometheus format
mockserver.metricsEnabled=false
# breakpoints: use the matcher-based breakpoint registry (REST /mockserver/breakpoint/matcher) to
# specify which forwarded exchanges break and at which phase (REQUEST, RESPONSE, RESPONSE_STREAM, INBOUND_STREAM).
# maximum time in milliseconds a request/response/frame may be held at a breakpoint before auto-continue (default 30000)
mockserver.breakpointTimeoutMillis=30000
# maximum number of requests/responses simultaneously held at breakpoints (DoS rail, default 50)
mockserver.breakpointMaxHeld=50

# chaos auto-halt circuit-breaker: automatically disable all service-scoped chaos profiles when
# the number of chaos-injected errors in a sliding window exceeds the threshold
mockserver.chaosAutoHaltEnabled=false
# number of chaos-injected errors in the window to trigger auto-halt (default 50)
mockserver.chaosAutoHaltErrorThreshold=50
# sliding window duration in milliseconds for counting chaos errors (default 60000 = 60s)
mockserver.chaosAutoHaltWindowMillis=60000

# LLM token/cost metrics: parse forwarded LLM responses to extract token usage and estimated
# cost, incrementing Prometheus counters labeled by provider and model. Requires metricsEnabled.
# Default is false (off) to avoid parsing forwarded response bodies unless asked.
mockserver.llmMetricsEnabled=false
# LLM cost budget: cumulative USD budget for all LLM completions (mocked + forwarded).
# When exceeded, LLM forwards return 429. Negative or unset = disabled (default).
#mockserver.llmCostBudgetUsd=10.0

# dev mode - when true, applies developer-friendly defaults for laptop/test-suite workloads:
# maxLogEntries=1000, maxExpectations=1000. Explicit settings override dev-mode defaults.
# Also available as --dev CLI flag or MOCKSERVER_DEV_MODE env var.
mockserver.devMode=false

# memory usage

# maximum number of expectations held in the in-memory ring buffer
mockserver.maxExpectations=15000
# maximum number of log entries to hold in memory, this include recorded requests, expectation match failures and other log entries
mockserver.maxLogEntries=100000
# maximum number of remote (not the same JVM) method callbacks (i.e. web sockets) registered for expectations.  The web socket client registry entries are stored in a circular queue so once this limit is reach the oldest are overwritten
mockserver.maxWebSocketExpectations=1500
# output JVM memory usage metrics to CSV file periodically called memoryUsage_<yyyy-MM-dd>.csv
mockserver.outputMemoryUsageCsv=false
# directory to output JVM memory usage metrics CSV files to when outputMemoryUsageCsv enabled
mockserver.memoryUsageCsvDirectory=.

# scalability

# number of threads for main event loop
mockserver.nioEventLoopThreadCount=5
# number of threads for the action handler thread pool
mockserver.actionHandlerThreadCount=5
# number of threads for client event loop when calling downstream
mockserver.clientNioEventLoopThreadCount=5
# number of threads for each expectation with a method / closure callback (i.e. web socket client) in MockServerClient
mockserver.webSocketClientEventLoopThreadCount=5
# maximum time allowed in milliseconds for any future to wait, for example when waiting for a response over a web socket callback
mockserver.maxFutureTimeoutInMillis=60000
# If true (the default) request matchers will fail on the first non-matching field, if false request matchers will compare all fields
mockserver.matchersFailFast=false
# If false (the default) request matching for the method, path and string body is case-insensitive; if true those three fields are matched case-sensitively (exact case). Header names and values, cookie names and values, and query string parameters are always matched case-insensitively regardless of this setting
mockserver.matchExactCase=false
# If false (the default) every forwarded or proxied request opens a fresh upstream connection that is closed once the response is received; if true idle keep-alive HTTP/1.1 upstream connections are pooled (keyed by host, port and scheme) and reused, eliminating repeated connection and TLS handshakes for proxy-heavy workloads. Only plain HTTP/1.1 keep-alive connections are pooled; HTTP/2, HTTP/3, binary forwarding, streaming responses, proxy-tunnelled connections and connections that returned "Connection: close" are never pooled
mockserver.forwardConnectionPoolEnabled=false
# maximum number of idle keep-alive upstream connections retained per upstream (host, port, scheme) when forwardConnectionPoolEnabled is true; surplus connections are closed rather than pooled (default 8)
mockserver.forwardConnectionPoolMaxIdlePerKey=8
# how long in milliseconds an idle pooled upstream connection is retained before it is closed and evicted when forwardConnectionPoolEnabled is true (default 30000, 0 disables idle eviction)
mockserver.forwardConnectionPoolIdleTimeoutMillis=30000
# If false (the default) OpenAPI response validation of mock responses is advisory only (failures are logged but the response is still returned); if true a mock response that fails OpenAPI response validation is replaced with a 502 error describing the violations. Only has an effect when mockserver.openAPIResponseValidation is also enabled
mockserver.enforceResponseValidationForMocks=false

# socket

# maximum time in milliseconds allowed for a response from a socket
mockserver.maxSocketTimeoutInMillis=10000
# maximum time in milliseconds allowed to connect to a socket
mockserver.socketConnectionTimeoutInMillis=10000
# if true socket connections will always be closed after a response is returned, if false connection is only closed if request header indicate connection should be closed
mockserver.alwaysCloseSocketConnections=true
# the local IP address to bind to for accepting new socket connections
mockserver.localBoundIP=0.0.0.0

# http request parsing

# maximum size the first line of an HTTP request
mockserver.maxInitialLineLength=8192
# maximum size HTTP request headers
mockserver.maxHeaderSize=16384
# maximum size of HTTP chunks in request or responses
mockserver.maxChunkSize=16384
# if true semicolons are treated as a separator for a query parameter string, if false the semicolon is treated as a normal character that is part of a query parameter value
mockserver.useSemicolonAsQueryParameterSeparator=true

# CORS

# enable CORS for MockServer REST API so that the API can be used for javascript running in browsers, such as selenium
mockserver.enableCORSForAPI=false
# enable CORS for all responses from MockServer, including the REST API and expectation responses
mockserver.enableCORSForAllResponses=false
# the value used for CORS in the access-control-allow-headers and access-control-expose-headers headers
mockserver.corsAllowHeaders="Allow, Content-Encoding, Content-Length, Content-Type, ETag, Expires, Last-Modified, Location, Server, Vary, Authorization"
# the value used for CORS in the access-control-allow-methods header
mockserver.corsAllowMethods="CONNECT, DELETE, GET, HEAD, OPTIONS, POST, PUT, PATCH, TRACE"
# the value used for CORS in the access-control-allow-credentials header
mockserver.corsAllowCredentials=false
# the value used for CORS in the access-control-max-age header
mockserver.corsMaxAgeInSeconds=100

# default response headers

# headers stamped onto every response MockServer returns (mock, control-plane / dashboard, and forwarded / proxied responses) using add-if-absent semantics so an explicit response header always wins; pipe (|) separated list of name=value pairs, a value may itself contain commas
#mockserver.defaultResponseHeaders="Server=MockServer|X-Trace-Id=abc123"

# mock initialization

# the class (and package) used to initialize expectations in MockServer at startup, if set MockServer will load and call this class to initialise expectations when is starts
#mockserver.initializationClass=org.mockserver.server.initialize.ExpectationInitializerExample
# the path to the json file used to initialize expectations in MockServer at startup, if set MockServer will load this file and initialise expectations for each item in the file when is starts
#mockserver.initializationJsonPath=org/mockserver/server/initialize/initializerJson.json
# if enabled the initialization json file will be watched for changes, any changes found will result in expectations being created, remove or updated by matching against their key
mockserver.watchInitializationJson=false
# if enabled a failure to load any expectation initializer (a malformed initialization JSON / OpenAPI file or a broken initialization class) fails server startup with an exception instead of logging a warning and continuing with zero expectations from that source
mockserver.failOnInitializationError=false
# if enabled, OpenAPI example generation uses realistic schema/format-aware values (via Datafaker) instead of static placeholders
mockserver.generateRealisticExampleValues=false

# validation proxy - when set to an OpenAPI spec URL/path/payload, validates every forwarded/proxied request and upstream response against the spec; violations are logged but traffic flows unmodified (report-only)
#mockserver.validateProxyOpenAPISpec=https://petstore.swagger.io/v2/swagger.json
# when true (and validateProxyOpenAPISpec is set), non-conformant requests are rejected with 400 and non-conformant upstream responses are replaced with 502
mockserver.validateProxyEnforce=false

# mock persistence

# enable the persisting of expectations as json, which is updated whenever the expectation state is updated (i.e. add, clear, expires, etc)
mockserver.persistExpectations=false
# the file path used to save persisted expectations as json, which is updated whenever the expectation state is updated (i.e. add, clear, expires, etc)
#mockserver.persistedExpectationsPath=org/mockserver/server/initialize/initializerJson.json

# verification

# the maximum number of requests to return in verification failure result, if more expectations are found the failure result does not list them separately
mockserver.maximumNumberOfRequestToReturnInVerificationFailure=10
# if true, when no expectation matches a request the 404 response includes a diagnostic header and JSON body showing the closest match and field differences, defaults to false
mockserver.attachMismatchDiagnosticToResponse=false

# proxy

# If true (the default) when no matching expectation is found, and the host header of the request does not match MockServer's host, then MockServer attempts to proxy the request if that fails then a 404 is returned
mockserver.attemptToProxyIfNoMatchingExpectation=true
# Use HTTP proxy (i.e. via Host header) for all outbound / forwarded requests
#mockserver.forwardHttpProxy=127.0.0.1:1090
# Use HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests, supports TLS tunnelling of HTTPS requests
#mockserver.forwardHttpsProxy=127.0.0.1:1090
# use SOCKS proxy for all outbound / forwarded requests, support TLS tunnelling of TCP connections
#mockserver.forwardSocksProxy=127.0.0.1:1090
# Username for proxy authentication when using HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests
#mockserver.forwardProxyAuthenticationUsername=john.doe
# Password for proxy authentication when using HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests
#mockserver.forwardProxyAuthenticationPassword=p@ssw0rd
# The authentication realm for proxy authentication to MockServer
#mockserver.proxyAuthenticationRealm="MockServer HTTP Proxy"
# The required username for proxy authentication to MockServer
#mockserver.proxyAuthenticationUsername=john.doe
# The required password for proxy authentication to MockServer
#mockserver.proxyAuthenticationPassword=p@ssw0rd

# liveness

# Path to support HTTP GET requests for status response (also available on PUT /mockserver/status)
mockserver.livenessHttpGetPath=/liveness/probe

# control plane authentication

# require mTLS (also called client authentication and two-way TLS) for all control plane requests
mockserver.controlPlaneTLSMutualAuthenticationRequired=false
# file system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for control plane mTLS authentication
#mockserver.controlPlaneTLSMutualAuthenticationCAChain="/some/existing/path"
# file system path or classpath location of a fixed custom private key for control plane connections using mTLS for authentication
#mockserver.controlPlanePrivateKeyPath="/some/existing/path"
# file system path or classpath location of a fixed custom X.509 Certificate for control plane connections using mTLS for authentication
#mockserver.controlPlaneX509CertificatePath="/some/existing/path"
# require JWT authentication for all control plane requests
mockserver.controlPlaneJWTAuthenticationRequired=false
# JWK source, as a file system path, classpath location or a URL, used when JWK authentication is enabled for control plane requests
#mockserver.controlPlaneJWTAuthenticationJWKSource="/some/existing/path"
# audience claim (i.e. aud) required when JWT authentication is enabled for control plane requests
#mockserver.controlPlaneJWTAuthenticationExpectedAudience=https://mock-server.com
# matching claims expected when JWT authentication is enabled for control plane requests, value should be string with comma separated key=value items, for example: scope=internal public,sub=some_subject
#mockserver.controlPlaneJWTAuthenticationMatchingClaims=name=John Doe,admin=true
# required claims that should exist (i.e. with any value) when JWT authentication is enabled for control plane requests, value should be string with comma separated values, for example: scope,sub
#mockserver.controlPlaneJWTAuthenticationRequiredClaims=name,admin,scope

# TLS inbound - dynamic CA

# enable dynamic creation of Certificate Authority X.509 Certificate and Private Key
mockserver.dynamicallyCreateCertificateAuthorityCertificate=true
# directory used to save the dynamically generated Certificate Authority X.509 Certificate and Private Key
#mockserver.directoryToSaveDynamicSSLCertificate="/some/existing/path"
# proactively initialise TLS during start to ensure that if dynamicallyCreateCertificateAuthorityCertificate is enabled the Certificate Authority X.509 Certificate and Private Key will be created during start up and not when the first TLS connection is received
mockserver.proactivelyInitialiseTLS=false

# TLS inbound - dynamic private key & x509

# MockServer dynamically updates the Subject Alternative Name (SAN) values for its TLS certificate to add domain names and IP addresses from request Host headers and Host headers in expectations, this configuration setting disables this automatic update and only uses SAN value provided in TLS Subject Alternative Name Domains and TLS Subject Alternative Name IPs configuration properties
mockserver.preventCertificateDynamicUpdate=false
# the domain name for auto-generate TLS certificates
mockserver.sslCertificateDomainName=localhost
# the Subject Alternative Name (SAN) domain names for auto-generate TLS certificates as a comma separated list
mockserver.sslSubjectAlternativeNameDomains="localhost,www.foo.bar"
# the Subject Alternative Name (SAN) IP addresses for auto-generate TLS certificates as a comma separated list
mockserver.sslSubjectAlternativeNameIps="127.0.0.1,0.0.0.0"

# TLS inbound - fixed CA

# location of custom file for Certificate Authority for TLS, the private key must be a PKCS#8 or PKCS#1 PEM file and must match the TLS Certificate Authority X.509 Certificate
#mockserver.certificateAuthorityPrivateKey="/some/existing/path"
# location of custom file for Certificate Authority for TLS, the certificate must be a X.509 PEM file and must match the TLS Certificate Authority Private Key
#mockserver.certificateAuthorityCertificate="/some/existing/path"

# TLS inbound - fixed private key & x509

# File system path or classpath location of a fixed custom private key for TLS connections into MockServer
#mockserver.privateKeyPath="/some/existing/path"
# File system path or classpath location of a fixed custom X.509 Certificate for TLS connections into MockServer
#mockserver.x509CertificatePath="/some/existing/path"

# TLS inbound - mTLS

# require mTLS (also called client authentication and two-way TLS) for all TLS connections / HTTPS requests to MockServer
mockserver.tlsMutualAuthenticationRequired=false
# File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for Trusting (i.e. signature verification of) Client X.509 Certificates, the certificate chain must be a X.509 PEM file
#mockserver.tlsMutualAuthenticationCertificateChain="/some/existing/path"

# TLS outbound - CA

# configure trusted set of certificates for forwarded or proxied requests (i.e. TLS connections out of MockServer)
#mockserver.forwardProxyTLSX509CertificatesTrustManagerType=CUSTOM

# TLS outbound - fixed CA

# File system path or classpath location of custom file for trusted X.509 Certificate Authority roots for forwarded or proxied requests (i.e. TLS connections out of MockServer), the certificate chain must be a X.509 PEM file
#mockserver.forwardProxyTLSCustomTrustX509Certificates="/some/existing/path"

# TLS outbound - fixed private key & x509

# File system path or classpath location of custom Private Key for forwarded or proxied requests (i.e. TLS connections out of MockServer), the private key must be a PKCS#8 or PKCS#1 PEM file
#mockserver.forwardProxyPrivateKey="/some/existing/path"
# File system path or classpath location of custom X.509 Certificate Chain for forwarded or proxied requests (i.e. TLS connections out of MockServer), the certificates must be a X.509 PEM file
#mockserver.forwardProxyCertificateChain="/some/existing/path"