Skip to content

Graphorin API reference v0.12.1


Graphorin API reference / @graphorin/server / config / ServerConfigSpec

Interface: ServerConfigSpec

Defined in: packages/server/src/config.ts:46

Stable

Properties

PropertyModifierTypeDescriptionDefined in
auditreadonly{ cipher?: string; enabled: boolean; passphraseRef?: string; path?: string; toolEvents: "all" | "off" | "security"; }-packages/server/src/config.ts:137
audit.cipher?readonlystring-packages/server/src/config.ts:141
audit.enabledreadonlyboolean-packages/server/src/config.ts:138
audit.passphraseRef?readonlystring-packages/server/src/config.ts:140
audit.path?readonlystring-packages/server/src/config.ts:139
audit.toolEventsreadonly"all" | "off" | "security"W-051: which tools/MCP audit-bus events land in the audit chain. 'security' (default) writes the security-significant subset (dataflow flagged/blocked/declassified, sanitization, approvals, collisions, cap-disabled); 'all' adds per-call tool:execute:* chatter; 'off' disables the bridge.packages/server/src/config.ts:149
authreadonly{ kind: "none" | "token"; pepperRef?: string; perIpFailureThreshold?: number; perIpLockoutMs?: number; tokenEnvironments: readonly string[]; tokenPrefix: string; }-packages/server/src/config.ts:155
auth.kindreadonly"none" | "token"-packages/server/src/config.ts:156
auth.pepperRef?readonlystring-packages/server/src/config.ts:157
auth.perIpFailureThreshold?readonlynumber-packages/server/src/config.ts:160
auth.perIpLockoutMs?readonlynumber-packages/server/src/config.ts:161
auth.tokenEnvironmentsreadonlyreadonly string[]-packages/server/src/config.ts:159
auth.tokenPrefixreadonlystring-packages/server/src/config.ts:158
hardeningreadonly{ applyOnStart: boolean; refuseRoot: boolean; umask: number; }-packages/server/src/config.ts:166
hardening.applyOnStartreadonlyboolean-packages/server/src/config.ts:167
hardening.refuseRootreadonlyboolean-packages/server/src/config.ts:168
hardening.umaskreadonlynumber-packages/server/src/config.ts:169
healthreadonly{ walWarnThresholdBytes: number; }-packages/server/src/config.ts:183
health.walWarnThresholdBytesreadonlynumber-packages/server/src/config.ts:184
metricsreadonly{ enabled: boolean; path: string; requireAuth: boolean; }-packages/server/src/config.ts:171
metrics.enabledreadonlyboolean-packages/server/src/config.ts:172
metrics.pathreadonlystring-packages/server/src/config.ts:173
metrics.requireAuthreadonlybooleanRequire a verified token with admin:metrics:read on the exposition endpoint. Default true since 0.12.0: the exposition leaks operational intel (trigger ids in labels, consolidator budgets), so scraping is authenticated unless the operator explicitly opts out for a trusted network.packages/server/src/config.ts:181
observabilityreadonly{ logger: "json" | "pretty" | "silent"; }-packages/server/src/config.ts:163
observability.loggerreadonly"json" | "pretty" | "silent"-packages/server/src/config.ts:164
retentionreadonly{ auditDays?: number; consolidatorRunsDays: number; dlqExhaustedDays: number; enabled: boolean; idempotency: boolean; intervalMs: number; memoryHistoryDays?: number; sessionsClosedOnly: boolean; sessionsDays?: number; spansDays: number; workflowThreadsDays?: number; }-packages/server/src/config.ts:124
retention.auditDays?readonlynumber-packages/server/src/config.ts:135
retention.consolidatorRunsDaysreadonlynumber-packages/server/src/config.ts:128
retention.dlqExhaustedDaysreadonlynumber-packages/server/src/config.ts:129
retention.enabledreadonlyboolean-packages/server/src/config.ts:125
retention.idempotencyreadonlyboolean-packages/server/src/config.ts:130
retention.intervalMsreadonlynumber-packages/server/src/config.ts:126
retention.memoryHistoryDays?readonlynumber-packages/server/src/config.ts:133
retention.sessionsClosedOnlyreadonlyboolean-packages/server/src/config.ts:132
retention.sessionsDays?readonlynumber-packages/server/src/config.ts:131
retention.spansDaysreadonlynumber-packages/server/src/config.ts:127
retention.workflowThreadsDays?readonlynumber-packages/server/src/config.ts:134
secretsreadonly{ source: SecretsSource; strict: boolean; }-packages/server/src/config.ts:151
secrets.sourcereadonlySecretsSource-packages/server/src/config.ts:152
secrets.strictreadonlyboolean-packages/server/src/config.ts:153
serverreadonly{ basePath: string; cors: { allowCredentials: boolean; allowHeaders: readonly string[]; allowMethods: readonly string[]; allowOrigins: readonly string[]; maxAgeSeconds: number; }; csrf: { cookieName: string; enabled: boolean; headerName: string; safeMethods: readonly string[]; }; host: string; idempotency: { checkBodyFingerprint: boolean; enabled: boolean; lruCacheSize: number; requireKey: IdempotencyRequireKeyMode; ttlSeconds: number; }; port: number; rateLimit: { enabled: boolean; perIpRequests: number; windowMs: number; }; shutdown: { drainTimeoutMs: number; }; sse: { enabled: boolean; keepAliveMs: number; path: string; }; stream: { disconnectGracePeriodMs: number; disconnectPolicy: "continue" | "pause-on-disconnect" | "abort-on-disconnect"; perConnectionQueueLimit: number; replayBuffer: { maxEvents: number; pruneIntervalSeconds: number; ttlSeconds: number; }; }; tlsTerminatedUpstream: boolean; trustProxy: boolean; ws: { commentarySanitization: { applyToEvents: readonly string[]; policy: DeliveryCommentaryPolicyConfig; }; enabled: boolean; path: string; ticketTtlMs: number; }; }-packages/server/src/config.ts:47
server.basePathreadonlystring-packages/server/src/config.ts:50
server.corsreadonly{ allowCredentials: boolean; allowHeaders: readonly string[]; allowMethods: readonly string[]; allowOrigins: readonly string[]; maxAgeSeconds: number; }-packages/server/src/config.ts:51
server.cors.allowCredentialsreadonlyboolean-packages/server/src/config.ts:53
server.cors.allowHeadersreadonlyreadonly string[]-packages/server/src/config.ts:55
server.cors.allowMethodsreadonlyreadonly string[]-packages/server/src/config.ts:54
server.cors.allowOriginsreadonlyreadonly string[]-packages/server/src/config.ts:52
server.cors.maxAgeSecondsreadonlynumber-packages/server/src/config.ts:56
server.csrfreadonly{ cookieName: string; enabled: boolean; headerName: string; safeMethods: readonly string[]; }-packages/server/src/config.ts:58
server.csrf.cookieNamereadonlystring-packages/server/src/config.ts:60
server.csrf.enabledreadonlyboolean-packages/server/src/config.ts:59
server.csrf.headerNamereadonlystring-packages/server/src/config.ts:61
server.csrf.safeMethodsreadonlyreadonly string[]-packages/server/src/config.ts:62
server.hostreadonlystring-packages/server/src/config.ts:48
server.idempotencyreadonly{ checkBodyFingerprint: boolean; enabled: boolean; lruCacheSize: number; requireKey: IdempotencyRequireKeyMode; ttlSeconds: number; }-packages/server/src/config.ts:69
server.idempotency.checkBodyFingerprintreadonlyboolean-packages/server/src/config.ts:73
server.idempotency.enabledreadonlyboolean-packages/server/src/config.ts:70
server.idempotency.lruCacheSizereadonlynumber-packages/server/src/config.ts:74
server.idempotency.requireKeyreadonlyIdempotencyRequireKeyMode-packages/server/src/config.ts:71
server.idempotency.ttlSecondsreadonlynumber-packages/server/src/config.ts:72
server.portreadonlynumber-packages/server/src/config.ts:49
server.rateLimitreadonly{ enabled: boolean; perIpRequests: number; windowMs: number; }-packages/server/src/config.ts:64
server.rateLimit.enabledreadonlyboolean-packages/server/src/config.ts:65
server.rateLimit.perIpRequestsreadonlynumber-packages/server/src/config.ts:67
server.rateLimit.windowMsreadonlynumber-packages/server/src/config.ts:66
server.shutdownreadonly{ drainTimeoutMs: number; }-packages/server/src/config.ts:76
server.shutdown.drainTimeoutMsreadonlynumber-packages/server/src/config.ts:77
server.ssereadonly{ enabled: boolean; keepAliveMs: number; path: string; }-packages/server/src/config.ts:108
server.sse.enabledreadonlyboolean-packages/server/src/config.ts:109
server.sse.keepAliveMsreadonlynumber-packages/server/src/config.ts:111
server.sse.pathreadonlystring-packages/server/src/config.ts:110
server.streamreadonly{ disconnectGracePeriodMs: number; disconnectPolicy: "continue" | "pause-on-disconnect" | "abort-on-disconnect"; perConnectionQueueLimit: number; replayBuffer: { maxEvents: number; pruneIntervalSeconds: number; ttlSeconds: number; }; }-packages/server/src/config.ts:89
server.stream.disconnectGracePeriodMsreadonlynumber-packages/server/src/config.ts:91
server.stream.disconnectPolicyreadonly"continue" | "pause-on-disconnect" | "abort-on-disconnect"-packages/server/src/config.ts:90
server.stream.perConnectionQueueLimitreadonlynumber-packages/server/src/config.ts:97
server.stream.replayBufferreadonly{ maxEvents: number; pruneIntervalSeconds: number; ttlSeconds: number; }-packages/server/src/config.ts:92
server.stream.replayBuffer.maxEventsreadonlynumber-packages/server/src/config.ts:93
server.stream.replayBuffer.pruneIntervalSecondsreadonlynumber-packages/server/src/config.ts:95
server.stream.replayBuffer.ttlSecondsreadonlynumber-packages/server/src/config.ts:94
server.tlsTerminatedUpstreamreadonlybooleanOperator acknowledgement that a TLS-terminating reverse proxy fronts this server. Graphorin itself serves PLAINTEXT HTTP only - there is deliberately no in-process TLS - so a non-loopback bind without this acknowledgement logs a startup WARN (bearer tokens would otherwise cross the network unencrypted). Setting it true silences the warning; it changes no runtime behaviour.packages/server/src/config.ts:88
server.trustProxyreadonlyboolean-packages/server/src/config.ts:79
server.wsreadonly{ commentarySanitization: { applyToEvents: readonly string[]; policy: DeliveryCommentaryPolicyConfig; }; enabled: boolean; path: string; ticketTtlMs: number; }-packages/server/src/config.ts:99
server.ws.commentarySanitizationreadonly{ applyToEvents: readonly string[]; policy: DeliveryCommentaryPolicyConfig; }-packages/server/src/config.ts:103
server.ws.commentarySanitization.applyToEventsreadonlyreadonly string[]-packages/server/src/config.ts:105
server.ws.commentarySanitization.policyreadonlyDeliveryCommentaryPolicyConfig-packages/server/src/config.ts:104
server.ws.enabledreadonlyboolean-packages/server/src/config.ts:100
server.ws.pathreadonlystring-packages/server/src/config.ts:101
server.ws.ticketTtlMsreadonlynumber-packages/server/src/config.ts:102
storagereadonly{ encryption: { cipher?: string; enabled: boolean; passphraseRef?: string; }; mode: "server" | "lib"; path: string; walCheckpointIntervalMs?: number; }-packages/server/src/config.ts:114
storage.encryptionreadonly{ cipher?: string; enabled: boolean; passphraseRef?: string; }-packages/server/src/config.ts:118
storage.encryption.cipher?readonlystring-packages/server/src/config.ts:120
storage.encryption.enabledreadonlyboolean-packages/server/src/config.ts:119
storage.encryption.passphraseRef?readonlystring-packages/server/src/config.ts:121
storage.modereadonly"server" | "lib"-packages/server/src/config.ts:116
storage.pathreadonlystring-packages/server/src/config.ts:115
storage.walCheckpointIntervalMs?readonlynumber-packages/server/src/config.ts:117