Overview

YAML config file format, resolution order, top-level structure, variable expansion, and server settings for Argus MCP.

File Format

Argus uses YAML config files. The loader auto-detects the extension.

ExtensionFormat
.yaml, .ymlYAML

Config File Resolution

Argus searches for config files in this order:

  1. --config CLI flag (explicit path)
  2. ARGUS_CONFIG environment variable
  3. Auto-detect in project directory: config.yaml then config.yml

Config Structure

version: "1"                    # Config format version (required)

server: { ... }                 # Server settings
client: { ... }                 # TUI / client settings
backends: { ... }               # Backend MCP server definitions
conflict_resolution: { ... }    # Capability conflict strategy
audit: { ... }                  # Audit logging
optimizer: { ... }              # Tool optimizer (meta-tools)
telemetry: { ... }              # OpenTelemetry integration
secrets: { ... }                # Encrypted secret management
registries: [ ... ]             # External MCP server catalogs
incoming_auth: { ... }          # Incoming client authentication
authorization: { ... }          # RBAC policies
feature_flags: { ... }          # Feature toggles

Variable Expansion

Config values support two types of dynamic references.

Environment Variables

Use ${VAR_NAME} to inject environment variable values:

backends:
  my-server:
    type: sse
    url: "http://localhost:${MY_SERVER_PORT}/sse"
    headers:
      Authorization: "Bearer ${MY_API_KEY}"

Secret References

Use secret:<name> to resolve values from the encrypted secret store:

backends:
  my-server:
    type: sse
    url: "http://localhost:8080/sse"
    headers:
      Authorization: "Bearer secret:my-api-key"

See Secrets Management for setting up the secret store.

Server Settings

Server listen address and transport settings.

server:
  host: "127.0.0.1"
  port: 9000
  transport: sse                # "sse" or "streamable-http"
  management:
    enabled: true
    token: "${ARGUS_MGMT_TOKEN}"
FieldTypeDefaultDescription
hoststring"127.0.0.1"Bind address
portinteger9000Listen port (1--65535)
transportstring"sse"Primary transport: "sse" or "streamable-http"
management.enabledbooleantrueEnable the /manage/v1/ REST API
management.tokenstringnullBearer token for management endpoints. Also ARGUS_MGMT_TOKEN env var. If unset, management API has no auth.

Note:

Both transports are always available regardless of the transport setting. The setting controls which is advertised as primary.

Conflict Resolution

Strategy for handling duplicate capability names across backends.

conflict_resolution:
  strategy: prefix        # first-wins | prefix | priority | error
  separator: "_"
  order: []
FieldTypeDefaultDescription
strategystring"first-wins"Resolution strategy (see below)
separatorstring"_"Separator for prefix strategy
orderlist[]Backend priority for priority strategy
StrategyBehavior
first-winsFirst backend to register a name wins; duplicates are dropped
prefixPrefix capability with backend name: backend_toolname
priorityUse order list to determine winner; others are dropped
errorRaise CapabilityConflictError at startup

Audit

Structured audit logging (NIST SP 800-53 AU-3 aligned).

audit:
  enabled: true
  file: "logs/audit.jsonl"
  max_size_mb: 100
  backup_count: 5
FieldTypeDefaultDescription
enabledbooleantrueEnable audit event logging
filestring"logs/audit.jsonl"Path to JSONL audit log
max_size_mbinteger100Max file size before rotation
backup_countinteger5Number of rotated backups

Optimizer

Replaces the full tool catalog with two meta-tools (find_tool and call_tool) for LLMs that struggle with large tool lists.

optimizer:
  enabled: false
  keep_tools:
    - important_tool
    - another_tool
FieldTypeDefaultDescription
enabledbooleanfalseEnable the tool optimizer
keep_toolslist[]Tools to always expose alongside meta-tools

When enabled, clients see only find_tool, call_tool, and any keep_tools. The LLM uses find_tool to search the tool index, then call_tool to invoke the selected tool.

Telemetry

OpenTelemetry integration for distributed tracing and metrics.

telemetry:
  enabled: false
  otlp_endpoint: "http://localhost:4317"
  service_name: "argus-mcp"
FieldTypeDefaultDescription
enabledbooleanfalseEnable OpenTelemetry tracing and metrics
otlp_endpointstring"http://localhost:4317"OTLP collector endpoint (gRPC or HTTP)
service_namestring"argus-mcp"Service name reported to the collector

Registries

External registry endpoints for server discovery.

registries:
  - name: "official"
    url: "https://registry.mcp.example.com"
    priority: 100
    auth: "api-key"
    api_key_env: "MCP_REGISTRY_KEY"
  - name: "internal"
    url: "https://internal-registry.corp.local"
    priority: 200
    auth: "bearer"
    token_env: "INTERNAL_REGISTRY_TOKEN"
FieldTypeRequiredDefaultDescription
namestringyes--Unique display name for this registry
urlstringyes--Registry endpoint URL
priorityintegerno100Resolution priority (lower = checked first)
authstringno"none"Authentication type: "none", "api-key", or "bearer"
api_key_envstringno--Environment variable holding the API key
token_envstringno--Environment variable holding the bearer token

Client

TUI client configuration.

client:
  server_url: "http://127.0.0.1:9000"
  token: "${ARGUS_CLIENT_TOKEN}"
  theme: "textual-dark"
  poll_interval: 2.0
  servers_config: "~/.config/argus-mcp/servers.json"
FieldTypeDefaultDescription
server_urlstring"http://127.0.0.1:9000"URL of the Argus server to connect to
tokenstring--Authentication token (supports ${ENV_VAR})
themestring"textual-dark"Textual theme name for the TUI
poll_intervalfloat2.0Polling interval in seconds (0.5--60.0)
servers_configstring--Path to servers.json for multi-server mode

Feature Flags

Boolean feature toggles.

feature_flags:
  hot_reload: true
  optimizer: false
FlagDefaultDescription
optimizerfalseEnable the tool optimizer (find_tool / call_tool meta-tools)
hot_reloadtrueEnable config hot-reload via management API
outgoing_authtrueEnable outgoing authentication for backends
session_managementtrueEnable session management
yaml_configtrueEnable YAML config file support
container_isolationtrueEnable automatic container isolation for stdio backends
build_on_startuptrueBuild container images on server startup

Unknown flag names are accepted for future-proofing and default to false.