https://docs.nocfoundry.dev/dev/configuration/Recent content in Configuration on NOCFoundry DocsHugoenhttps://docs.nocfoundry.dev/dev/configuration/tool-catalogs/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nocfoundry.dev/dev/configuration/tool-catalogs/<h1 id="tool-catalogs">Tool Catalogs</h1> <p>Tool catalogs define the operational resources NOCFoundry loads at startup.</p> <h2 id="supported-catalog-flags">Supported catalog flags</h2> <ul> <li><code>--tools-file</code></li> <li><code>--tools-files</code></li> <li><code>--tools-folder</code></li> <li><code>--prebuilt</code></li> </ul> <p>These are mutually exclusive where appropriate:</p> <ul> <li><code>--tools-file</code>, <code>--tools-files</code>, and <code>--tools-folder</code> cannot be combined</li> <li><code>--prebuilt</code> can be combined with custom tool catalogs when you want bundled capabilities plus your own configs</li> </ul> <h2 id="what-a-catalog-can-contain">What a catalog can contain</h2> <p>Tool catalogs can define:</p> <ul> <li>sources</li> <li>device groups</li> <li>auth services</li> <li>tools</li> <li>toolsets</li> <li>prompts</li> <li>promptsets</li> <li>embedding models</li> </ul> <h2 id="prebuilt-catalogs">Prebuilt catalogs</h2> <p><code>--prebuilt</code> takes a bundled catalog name, not an individual tool name.</p>https://docs.nocfoundry.dev/dev/configuration/server-config/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nocfoundry.dev/dev/configuration/server-config/<h1 id="server-config">Server Config</h1> <p><code>--server-config</code> carries server-wide runtime policy that should not be owned by individual tool catalog files.</p> <h2 id="current-focus">Current focus</h2> <p>Today, the most important server config capabilities are:</p> <ul> <li>endpoint auth for <code>/api</code></li> <li>endpoint auth for <code>/mcp</code></li> <li>browser UI auth configuration for PKCE login</li> </ul> <h2 id="example">Example</h2> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">auth</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">endpointAuth</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">api</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">authServices</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">&#34;noc-keycloak&#34;</span><span class="p">]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">audience</span><span class="p">:</span><span class="w"> </span><span class="l">${NOCFOUNDRY_BASE_URL:http://127.0.0.1:5000}/api</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">mcp</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">authServices</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">&#34;noc-keycloak&#34;</span><span class="p">]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">audience</span><span class="p">:</span><span class="w"> </span><span class="l">${NOCFOUNDRY_BASE_URL:http://127.0.0.1:5000}/mcp</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ui</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">enabled</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">authService</span><span class="p">:</span><span class="w"> </span><span class="l">noc-keycloak</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">clientId</span><span class="p">:</span><span class="w"> </span><span class="l">${KEYCLOAK_UI_CLIENT_ID:noc-foundry-ui}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">scopes</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">&#34;openid&#34;</span><span class="p">,</span><span class="w"> </span><span class="s2">&#34;profile&#34;</span><span class="p">,</span><span class="w"> </span><span class="s2">&#34;email&#34;</span><span class="p">]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">redirectPath</span><span class="p">:</span><span class="w"> </span><span class="l">/ui/auth/callback</span><span class="w"> </span></span></span></code></pre></div><h2 id="rules-to-remember">Rules to remember</h2> <ul> <li>endpoint auth policy is global to the server, not per tool catalog</li> <li>auth services are still defined in tool catalogs and referenced here by name</li> <li>UI login depends on API endpoint auth being enabled</li> </ul> <h2 id="start-command">Start command</h2> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">./nocfoundry <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> --tools-file examples/tools-configs/keycloak-protected-validation.yaml <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> --server-config examples/server-configs/protected-api-mcp-ui.yaml <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> --validation-config examples/validation-runtime-configs/durable-validation-sqlite.yaml <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> --ui </span></span></code></pre></div>https://docs.nocfoundry.dev/dev/configuration/validation-runtime/Mon, 01 Jan 0001 00:00:00 +0000https://docs.nocfoundry.dev/dev/configuration/validation-runtime/<h1 id="validation-runtime">Validation Runtime</h1> <p><code>--validation-config</code> controls how validation runs are executed and stored.</p> <h2 id="key-runtime-settings">Key runtime settings</h2> <ul> <li><code>executionBackend</code></li> <li><code>storeBackend</code></li> <li><code>sqlitePath</code></li> <li><code>durableTaskSQLitePath</code></li> <li><code>maxConcurrentRuns</code></li> <li><code>maxConcurrentSteps</code></li> <li><code>resultRetention</code></li> <li><code>eventRetention</code></li> </ul> <h2 id="example">Example</h2> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">executionBackend</span><span class="p">:</span><span class="w"> </span><span class="l">durabletask</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">storeBackend</span><span class="p">:</span><span class="w"> </span><span class="l">sqlite</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">sqlitePath</span><span class="p">:</span><span class="w"> </span><span class="l">/var/lib/nocfoundry/noc-foundry-validation-runs.sqlite</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">durableTaskSQLitePath</span><span class="p">:</span><span class="w"> </span><span class="l">/var/lib/nocfoundry/noc-foundry-validation-taskhub.sqlite</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">maxConcurrentRuns</span><span class="p">:</span><span class="w"> </span><span class="m">4</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">maxConcurrentSteps</span><span class="p">:</span><span class="w"> </span><span class="m">4</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">resultRetention</span><span class="p">:</span><span class="w"> </span><span class="l">24h</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">eventRetention</span><span class="p">:</span><span class="w"> </span><span class="l">24h</span><span class="w"> </span></span></span></code></pre></div><h2 id="backend-choices">Backend choices</h2> <ul> <li><code>local</code> is simpler and good for lightweight execution</li> <li><code>durabletask</code> is better for long-running validations that should survive interruption</li> </ul> <h2 id="store-choices">Store choices</h2> <ul> <li><code>memory</code> is ephemeral</li> <li><code>sqlite</code> provides persistence for status, results, and events</li> </ul> <h2 id="recommended-local-lab-setup">Recommended local lab setup</h2> <p>For the protected validation example, use:</p>