Configuration

Configuration file reference and environment variables

  3 min read  

The smcp CLI is configured through a YAML file, environment variables, and command-line flags. For most users, the defaults work out of the box with no configuration needed.

Config File Location

The default configuration file location is:

~/.mcp/config.yaml

You can override this with the --config flag or the MCP_CONFIG environment variable:

# Using a flag
smcp run --config /etc/mcp/config.yaml cr0hn/mcp-schrodinger@latest

# Using an environment variable
export MCP_CONFIG=/etc/mcp/config.yaml
smcp run cr0hn/mcp-schrodinger@latest

Full Configuration Schema

# Registry settings
registry:
  url: "https://registry.mcp-hub.info"
  timeout: 30s

# Local cache
cache:
  directory: "~/.mcp/cache"
  max_size: "5GB"
  ttl: "168h"  # 7 days

# Execution defaults
executor:
  timeout: "30m"

# Resource limits (always enforced, these are defaults)
resources:
  max_memory: "512MB"
  max_cpu: 2
  max_pids: 100
  max_fds: 256

# Security policy
policy:
  min_cert_level: 0        # Minimum certification level (0-3)
  min_score: 0             # Minimum security score (0-100)
  allowed_origins:         # Allowed origin types
    - official
    - verified
    - community
  cert_mode: "warn"        # strict | warn | disabled
  warning_threshold: 80    # LLM security warning score threshold

# Audit logging
audit:
  enabled: true
  file: "~/.mcp/audit.log"
  format: "json"

Registry Settings

KeyTypeDefaultDescription
registry.urlstringhttps://registry.mcp-hub.infoRegistry endpoint URL
registry.timeoutduration30sHTTP timeout for registry requests

Cache Settings

KeyTypeDefaultDescription
cache.directorypath~/.mcp/cacheLocal cache directory
cache.max_sizestring5GBMaximum cache size on disk
cache.ttlduration168hTime-to-live for cached entries (7 days)

Executor Settings

KeyTypeDefaultDescription
executor.timeoutduration30mDefault execution timeout

Resource Limits

Resource limits are always enforced to prevent runaway processes. These values set the defaults:

KeyTypeDefaultDescription
resources.max_memorystring512MBMaximum memory per MCP process
resources.max_cpuinteger2Maximum CPU cores
resources.max_pidsinteger100Maximum number of child processes
resources.max_fdsinteger256Maximum open file descriptors

Security Policy

KeyTypeDefaultDescription
policy.min_cert_levelinteger0Minimum certification level (0-3)
policy.min_scoreinteger0Minimum security score (0-100)
policy.allowed_originslist[official, verified, community]Allowed origin types
policy.cert_modestringwarnEnforcement mode: strict, warn, or disabled
policy.warning_thresholdinteger80Security score below which LLM security warnings are injected into the MCP protocol when using --trust. See LLM Security Warnings.

See Security Policies for detailed policy configuration.

Audit Logging

KeyTypeDefaultDescription
audit.enabledbooleantrueEnable audit logging
audit.filepath~/.mcp/audit.logAudit log file path
audit.formatstringjsonLog format: json or text

Environment Variable Overrides

All configuration values can be overridden with environment variables using the MCP_ prefix:

VariableConfig PathDescription
MCP_CONFIGConfig file path
MCP_REGISTRY_URLregistry.urlRegistry endpoint
MCP_REGISTRY_TOKENAuth token (alternative to smcp login)
MCP_CACHE_DIRcache.directoryCache directory
MCP_LOG_LEVELLog level (debug, info, warn, error)
MCP_TIMEOUTexecutor.timeoutDefault execution timeout

Priority Order

Configuration values are resolved in the following order, from highest to lowest priority:

  1. CLI flags – Always take precedence
  2. Environment variables – Override config file values
  3. Config file~/.mcp/config.yaml or path from --config / MCP_CONFIG
  4. Defaults – Built-in default values

Auth Token Storage

Authentication tokens are stored in:

~/.mcp/auth.json

This file is created by smcp login with 0600 permissions (owner read/write only). It contains registry tokens used to authenticate API requests.

You can also provide a token via the MCP_REGISTRY_TOKEN environment variable, which is useful for CI/CD environments where you do not want to run smcp login interactively.

Minimal Configuration

For most users, no configuration file is needed. The defaults connect to the public registry at registry.mcp-hub.info and apply sensible resource limits. Simply run:

smcp login
smcp run cr0hn/mcp-schrodinger@latest

Create a configuration file only when you need to customize policies, resource limits, or point to a private registry.