-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig.sample.yaml
More file actions
130 lines (115 loc) · 5.92 KB
/
config.sample.yaml
File metadata and controls
130 lines (115 loc) · 5.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# ShellWatch SSH endpoint configuration
# Copy this file to config.yaml and update with your settings.
#
# SSH keys are auto-discovered from the keyDirectory.
# Generate a key: ssh-keygen -t ed25519 -f ./keys/my-server.pem -C "shellwatch"
# Add public key: ssh-copy-id -i ./keys/my-server.pem.pub user@host
#
# Keys are assigned to endpoints via the web UI after discovery.
# Server settings
server:
# port: 3000 # HTTP port (default: 3000)
externalUrl: http://localhost:3000 # External URL for deep links (required)
# Trust reverse-proxy headers (X-Forwarded-For, X-Forwarded-Proto). Default: false.
# When ShellWatch sits behind nginx / Caddy / a load balancer, set this to the
# CIDR(s) of the proxy you control so request.ip resolves to the real client.
# WARNING: setting `true` lets any client spoof their source IP via
# X-Forwarded-For. Always prefer the CIDR form for production.
# trustProxy: ["10.0.0.0/8", "172.16.0.0/12"]
# trustProxy: "127.0.0.1"
# trustProxy: 1 # number of hops to trust
# trustProxy: true # trust all hops (only if network is trusted)
# Directory containing SSH private key files (.pem)
keyDirectory: ./keys
# Optional: seed a static API key for the admin account on first run.
# Useful for local dev so .mcp.json can reference a known key.
# seedAdminApiKey: sw_000000000000000000000000000000000000000000000000
# Optional: seed passkeys for the admin account on first run.
# Export from Admin > General in the web UI, or provide manually.
# seedAdminPasskeys:
# - credentialId: "base64url-encoded-credential-id"
# publicKeyHex: "cose-public-key-as-hex"
# counter: 0
# transports: []
# label: "Admin Passkey"
# Optional: seed endpoints for the admin account on first run (keys are assigned via UI)
# Format: [user@]host[:port] — defaults: user=shellwatch, port=22
# agentForward defaults to true; set to false for hosts that disallow forwarding.
# description is optional free-form context (max 1000 chars) surfaced to MCP
# agents via the shellwatch_manage_endpoints list/read tool.
# seedAdminEndpoints:
# - label: Dev Box
# address: ubuntu@dev.example.com
# description: "Personal dev sandbox. /srv/app holds the staging copy."
#
# - label: Staging
# address: deploy@staging.example.com:2222
# agentForward: false
# Optional: virtual demo endpoints merged into every account's endpoint list.
# Same shape as seedAdminEndpoints (including description). Never copied into
# the database — config is the source of truth. Each account has a "Show demo
# endpoints" toggle on the Endpoints page (default on); set demoEndpoints to
# [] or omit to disable. Pairs with the rado0x54/shellwatch-demo-server
# container — see issue #211.
# demoEndpoints:
# - label: "Demo: Sudoku"
# address: sw-sudoku@ssh.shellwatch.ai
# description: "Terminal sudoku (nudoku). ForceCommand-pinned; no shell."
# - label: "Demo: 2048"
# address: sw-2048@ssh.shellwatch.ai
# description: "Terminal 2048. ForceCommand-pinned; no shell."
# - label: "Demo: Snake"
# address: sw-snake@ssh.shellwatch.ai
# - label: "Demo: Matrix"
# address: sw-matrix@ssh.shellwatch.ai
# Security settings
security:
# WebAuthn Relying Party ID — must match the domain passkeys are registered on.
# Use "localhost" for local development, or your domain for production.
rpId: localhost
# Allowed origins for WebAuthn registration and authentication.
# Only origins listed here will be accepted — no request-derived origins.
# Include protocol, host, and port (if non-standard).
trustedWebauthnOrigins:
- http://localhost:3000
- http://localhost:3001
# Secret used to sign session cookies. 32 random bytes, hex-encoded.
# If unset, a random value is generated at startup and sessions are lost on restart.
# Generate with: openssl rand -hex 32
# cookieSecret: "<64-char hex string>"
# selfRegistrationEnabled: false # Set to true to allow self-service account creation
# # (first-user bootstrap always works regardless of this setting)
# Per-endpoint rate limiting (per IP, in-memory store)
# rateLimit:
# selfRegister: # POST /api/auth/register (unauthenticated self-registration)
# max: 5 # requests per window (default: 5)
# windowMinutes: 15 # window size in minutes (default: 15)
# passkeyRegister: # POST /api/webauthn/register/* (authenticated add-passkey)
# max: 10
# windowMinutes: 15
# loginOptions: # POST /api/auth/login/options
# max: 20
# windowMinutes: 15
# loginVerify: # POST /api/auth/login
# max: 10
# windowMinutes: 15
# IP allowlist for /mcp and /agent-proxy. CIDRs in standard notation.
# Default: loopback only. To disable the allowlist (e.g. behind a trusted
# proxy with `server.trustProxy` set), allow everything:
# allowedNetworks:
# - 0.0.0.0/0
# - "::/0"
allowedNetworks:
- 127.0.0.1/32
- "::1/128"
# Web Push notifications — send push notifications for sign requests
# so users don't need the browser tab open. Requires VAPID keys.
# Generate keys: npx web-push generate-vapid-keys
# vapid:
# subject: "mailto:admin@example.com"
# publicKey: "BEl62i..." # base64url-encoded VAPID public key
# privateKey: "UGo..." # base64url-encoded VAPID private key
# SSH agent proxy — allows system SSH clients to use ShellWatch-managed keys.
# Requires the shellwatch-agent thin client on the user's workstation.
# agentSocket:
# proxyEnabled: true # Enable /agent-proxy WebSocket endpoint (default: false)