Configuration¶
MCC uses Dynaconf for configuration. Settings are loaded in this order, with later sources taking precedence:
mcc/settings.yaml— built-in defaults (do not edit)settings.local.yaml— your local overrides (not committed)- Environment variables with the
MCC_prefix
Local overrides¶
Create settings.local.yaml in your project root to override any setting:
Environment variables¶
Any setting can be set via environment variable using the MCC_ prefix. Nested keys use double underscores:
Environment variables always override file-based settings.
MCC_SETTINGS_FILES¶
A semicolon-separated list of additional settings files to load, appended after settings.local.yaml. Use this to layer in toolset configs without modifying your local overrides file:
Each file is merged with dynaconf_merge: true, so tools lists are additive.
MCC_TOOL_FILES¶
A semicolon-separated list of tool YAML files, directories, or glob patterns to load in addition to those declared in settings.tools. Use this to inject extra tools at load time without modifying settings files:
Paths are resolved exactly like entries in the tools setting — directories load all *.yaml files (flat), and glob patterns expand recursively. These tools are loaded after the settings-declared tools and participate in hot-reload.
Environments¶
Dynaconf supports named environments. MCC ships with development (debug logging) and production (verbose log format, INFO level) profiles. Set the active environment with:
Defaults to development unless overridden.
Settings reference¶
auth¶
Authentication backend. Default: dev-admin (no auth, dev only).
| Value | Description |
|---|---|
dev-admin |
No auth — all requests get admin access (dev only) |
dev-public |
No auth — all requests get public access |
github |
GitHub OAuth |
google |
Google OAuth |
azure |
Microsoft Entra ID (Azure AD) |
auth0 |
Auth0 |
clerk |
Clerk |
discord |
Discord OAuth |
workos |
WorkOS AuthKit |
aws |
AWS Cognito |
oci |
Oracle Cloud Infrastructure Identity |
supabase |
Supabase Auth |
scalekit |
ScaleKit |
propelauth |
PropelAuth |
descope |
Descope |
in-memory |
FastMCP in-process OAuth (testing only) |
jwt |
Generic OIDC / JWKS token verification |
See Auth Backends for backend-specific configuration.
tools¶
List of YAML tool files or directories to load at startup. Default: [].
tools:
- mytools.yaml # single file
- path/to/tools_dir # all *.yaml files in directory (flat)
- path/to/tools/**/*.yaml # glob pattern (recursive supported)
embedding_model¶
The fastembed model used for semantic search. Default: BAAI/bge-small-en-v1.5.
The model is downloaded on first use and cached locally by fastembed. Changing this requires a server restart to re-index tools.
Elasticsearch¶
The connection is configured with a single elasticsearch_url (env var MCC_ELASTICSEARCH_URL). Scheme, host, port, and basic-auth credentials all come from the URL:
Append ?verify_certs=false to allow self-signed/untrusted certificates over https (dev only).
| Key | Default | Description |
|---|---|---|
elasticsearch_url |
http://localhost:9200 |
Full connection URL, including any user:password@ and optional ?verify_certs=false |
user_index |
mcc-users |
Index name for user records |
tool_index |
mcc-tools |
Index name for tool embeddings |
key_index |
mcc-keys |
Index name for API key records |
oauth¶
Required for all OAuth proxy backends (github, google, azure, etc.).
| Key | Description |
|---|---|
base_url |
Public base URL of the MCC server (used for the OAuth callback) |
client_id |
OAuth app client ID |
client_secret |
OAuth app client secret |
Some backends require additional keys — see Auth Backends for per-provider details. All keys are settable via env vars: MCC_OAUTH__BASE_URL, MCC_OAUTH__CLIENT_ID, MCC_OAUTH__CLIENT_SECRET.
jwt¶
Required when auth: jwt (generic OIDC / JWKS verification).
| Key | Description |
|---|---|
jwks_uri |
URL of the IdP's JWKS endpoint |
issuer |
Expected token issuer |
audience |
Expected token audience |
authorization_server |
Authorization server URL |
base_url |
Public base URL of the MCC server |
required_scopes |
List of scopes that must be present in the token |
server¶
HTTP server settings.
| Key | Default | Description |
|---|---|---|
transport |
sse |
MCP transport (sse or stdio) |
host |
0.0.0.0 |
Bind address |
port |
8000 |
Listen port |
response_max_size |
5000000 |
Maximum tool response size in bytes before truncation |
When a tool response exceeds response_max_size, MCC truncates the text content and appends [Response truncated due to size limit] rather than returning an error. Override via environment variable:
logging¶
Standard Python logging.config.dictConfig dict. The built-in config writes to stderr. Override the log level per environment or set it directly: