# config.yaml

# Common configuration for all transport modes
listen_port: 8080
base_url: "http://localhost:8000" # Base URL for the MCP server
port: 8000 # Port for the MCP server
timeout_seconds: 10


# Transport mode configuration
transport_mode: "stdio" # Options: "sse" or "stdio"

# stdio-specific configuration (used only when transport_mode is "stdio")
stdio:
  enabled: true
  user_command: uvx mcp-server-time --local-timezone=Europe/Zurich
  #user_command: "npx -y @modelcontextprotocol/server-github"
  work_dir: "" # Working directory (optional)
  # env:                           # Environment variables (optional)
  #   - "NODE_ENV=development"

# CORS settings
cors:
  allowed_origins:
    - "http://localhost:6274"  # Origin of your frontend/client app
  allowed_methods:
    - "GET"
    - "POST"
    - "PUT"
    - "DELETE"
  allowed_headers:
    - "Authorization"
    - "Content-Type"
    - "mcp-protocol-version"
  allow_credentials: true

# Keycloak endpoint path mappings
path_mapping:
  sse: "/sse" # SSE endpoint path
  messages: "/messages/" # Messages endpoint path
  /token: /realms/master/protocol/openid-connect/token
  /register: /realms/master/clients-registrations/openid-connect

# Keycloak configuration block
default:
  base_url: "https://iam.phoenix-systems.ch"
  jwks_url: "https://iam.phoenix-systems.ch/realms/kvant/protocol/openid-connect/certs"  
  path:
    /.well-known/oauth-authorization-server:
      response:
        issuer: "https://iam.phoenix-systems.ch/realms/kvant"
        jwks_uri: "https://iam.phoenix-systems.ch/realms/kvant/protocol/openid-connect/certs"
        authorization_endpoint: "https://iam.phoenix-systems.ch/realms/kvant/protocol/openid-connect/auth"
        response_types_supported: 
          - "code"
        grant_types_supported:
          - "authorization_code"
          - "refresh_token"
        code_challenge_methods_supported:
          - "S256"
          - "plain"
    /token:
      addBodyParams:
        - name: "audience"
          value: "mcp_proxy"