Files
CyberStrikeAI/docs/en-US/configuration-profiles.md
T
2026-07-07 14:04:18 +08:00

2.9 KiB

Configuration Profiles

中文

These profiles are not full config.yaml files. They show the key sections that most affect safety and operability.

Local Development

Goal: easy debugging with local capabilities.

Common startup:

chmod +x run.sh && ./run.sh
server:
  host: 127.0.0.1
  port: 8080
  tls_enabled: true
  tls_auto_self_sign: true
auth:
  password: "dev-only-change-me"
audit:
  enabled: true
  retention_days: 7
c2:
  enabled: false
multi_agent:
  enabled: true
  eino_skills:
    filesystem_tools: true

Not for shared or public use.

Internal Team

Goal: shared team instance with audit and limited high-risk surface.

server:
  host: 127.0.0.1
  port: 8080
  tls_enabled: false
auth:
  password: "<long-random-password>"
audit:
  enabled: true
  retention_days: 30
monitor:
  retention_days: 90
c2:
  enabled: false
mcp:
  enabled: false
hitl:
  default_reviewer: human
  tool_whitelist: [read_file, glob, grep, tool_search]

Pair with reverse-proxy HTTPS, IP allowlist, and backups.

Knowledge-Only Assistant

Goal: use CyberStrikeAI as a knowledge-augmented assistant with minimal attack surface.

c2:
  enabled: false
mcp:
  enabled: false
knowledge:
  enabled: true
  base_path: knowledge_base
  retrieval:
    top_k: 5
    similarity_threshold: 0.4
multi_agent:
  eino_skills:
    filesystem_tools: false

Use read-only roles and avoid storing sensitive customer data.

High-Audit Production

Goal: long-running production red-team or security platform.

auth:
  password: "<managed-secret>"
  session_duration_hours: 8
audit:
  enabled: true
  retention_days: 90
monitor:
  retention_days: 180
hitl:
  default_reviewer: human
  retention_days: 180
  tool_whitelist: [read_file, glob, grep, tool_search]
c2:
  enabled: false
multi_agent:
  eino_callbacks:
    enabled: true
    mode: log_only
    sse_trace_to_client: false

Pair with proxy auth, dedicated OS user, log collection, encrypted backups, and project closeout cleanup.

C2 Exercise Window

Goal: temporarily enable C2 only during authorized exercise.

c2:
  enabled: true
hitl:
  default_reviewer: human
  tool_whitelist: [read_file, glob, grep, tool_search]
audit:
  enabled: true
monitor:
  retention_days: 180

Requirements:

  • confirm scope before exercise;
  • separate listener ports from admin UI;
  • run C2 cleanup afterward;
  • restore c2.enabled: false.

External MCP Automation

Goal: connect trusted internal tool services.

external_mcp:
  servers: {}
multi_agent:
  eino_middleware:
    tool_search_enable: true
    tool_search_min_tools: 20
hitl:
  default_reviewer: audit_agent
  tool_whitelist: [read_file, glob, grep, tool_search]

Guidance:

  • every MCP tool needs clear schema;
  • high-risk MCP tools stay out of allowlist;
  • stdio MCP gets its own working directory;
  • HTTP MCP must authenticate.