Files
CyberStrikeAI/docs/en-US/configuration-profiles.md
T
2026-07-07 14:04:18 +08:00

160 lines
2.9 KiB
Markdown

# Configuration Profiles
[中文](../zh-CN/configuration-profiles.md)
These profiles are not full `config.yaml` files. They show the key sections that most affect safety and operability.
## Local Development
Goal: easy debugging with local capabilities.
Common startup:
```bash
chmod +x run.sh && ./run.sh
```
```yaml
server:
host: 127.0.0.1
port: 8080
tls_enabled: true
tls_auto_self_sign: true
auth:
password: "dev-only-change-me"
audit:
enabled: true
retention_days: 7
c2:
enabled: false
multi_agent:
enabled: true
eino_skills:
filesystem_tools: true
```
Not for shared or public use.
## Internal Team
Goal: shared team instance with audit and limited high-risk surface.
```yaml
server:
host: 127.0.0.1
port: 8080
tls_enabled: false
auth:
password: "<long-random-password>"
audit:
enabled: true
retention_days: 30
monitor:
retention_days: 90
c2:
enabled: false
mcp:
enabled: false
hitl:
default_reviewer: human
tool_whitelist: [read_file, glob, grep, tool_search]
```
Pair with reverse-proxy HTTPS, IP allowlist, and backups.
## Knowledge-Only Assistant
Goal: use CyberStrikeAI as a knowledge-augmented assistant with minimal attack surface.
```yaml
c2:
enabled: false
mcp:
enabled: false
knowledge:
enabled: true
base_path: knowledge_base
retrieval:
top_k: 5
similarity_threshold: 0.4
multi_agent:
eino_skills:
filesystem_tools: false
```
Use read-only roles and avoid storing sensitive customer data.
## High-Audit Production
Goal: long-running production red-team or security platform.
```yaml
auth:
password: "<managed-secret>"
session_duration_hours: 8
audit:
enabled: true
retention_days: 90
monitor:
retention_days: 180
hitl:
default_reviewer: human
retention_days: 180
tool_whitelist: [read_file, glob, grep, tool_search]
c2:
enabled: false
multi_agent:
eino_callbacks:
enabled: true
mode: log_only
sse_trace_to_client: false
```
Pair with proxy auth, dedicated OS user, log collection, encrypted backups, and project closeout cleanup.
## C2 Exercise Window
Goal: temporarily enable C2 only during authorized exercise.
```yaml
c2:
enabled: true
hitl:
default_reviewer: human
tool_whitelist: [read_file, glob, grep, tool_search]
audit:
enabled: true
monitor:
retention_days: 180
```
Requirements:
- confirm scope before exercise;
- separate listener ports from admin UI;
- run C2 cleanup afterward;
- restore `c2.enabled: false`.
## External MCP Automation
Goal: connect trusted internal tool services.
```yaml
external_mcp:
servers: {}
multi_agent:
eino_middleware:
tool_search_enable: true
tool_search_min_tools: 20
hitl:
default_reviewer: audit_agent
tool_whitelist: [read_file, glob, grep, tool_search]
```
Guidance:
- every MCP tool needs clear schema;
- high-risk MCP tools stay out of allowlist;
- stdio MCP gets its own working directory;
- HTTP MCP must authenticate.