-
Notifications
You must be signed in to change notification settings - Fork 9
Expand file tree
/
Copy path.env.example
More file actions
113 lines (98 loc) · 4.84 KB
/
Copy path.env.example
File metadata and controls
113 lines (98 loc) · 4.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# GravityKit MCP Configuration
# ============================================================
# REQUIRED: WordPress credentials
#
# Recommended: a WordPress application password (Users > Profile >
# Application Passwords). KEY = your username, SECRET = the generated
# password. Access follows your WordPress capabilities, and on sites
# running GravityKit Foundation the same credential powers the
# GravityKit product tools too.
#
# Alternative (scoped access, e.g. read-only): a Gravity Forms API
# key from Forms > Settings > REST API (ck_... / cs_...).
#
# Either way, check "Enable access to the API" on Forms > Settings >
# REST API once — Gravity Forms doesn't register its REST routes
# without it.
# ============================================================
GRAVITY_FORMS_CONSUMER_KEY=your_wp_username
GRAVITY_FORMS_CONSUMER_SECRET="xxxx xxxx xxxx xxxx xxxx xxxx"
# GRAVITY_FORMS_CONSUMER_KEY=ck_your_consumer_key_here
# GRAVITY_FORMS_CONSUMER_SECRET=cs_your_consumer_secret_here
# Required: Your WordPress site URL (no trailing slash)
GRAVITY_FORMS_BASE_URL=https://yoursite.com
# Shorthand aliases also supported (used internally by test-config):
# GF_CONSUMER_KEY=ck_...
# GF_CONSUMER_SECRET=cs_...
# GF_URL=https://yoursite.com
# ============================================================
# AUTHENTICATION
# ============================================================
# The client auto-selects the transport from your credentials:
# app-password creds use Basic (HTTPS or local URLs); ck_/cs_ key
# pairs use Basic on HTTPS and OAuth 1.0a on plain HTTP (Gravity
# Forms only accepts key-pair Basic auth over HTTPS). Set this ONLY
# to override — an explicit value is always honored, everywhere.
# GRAVITY_FORMS_AUTH_METHOD=basic
# ============================================================
# SECURITY
# ============================================================
# Set to 'true' to enable DELETE operations (forms, entries, feeds)
# WARNING: This allows permanent deletion of data
GRAVITY_FORMS_ALLOW_DELETE=false
# SSL Certificate Validation (for local development only)
# Set to 'true' to allow self-signed SSL certificates (Laravel Valet, MAMP, Local WP, etc.)
# SECURITY WARNING: Only enable for local development, never in production!
# GRAVITY_FORMS_ALLOW_SELF_SIGNED_CERTS=true
# ============================================================
# CONNECTION
# ============================================================
GRAVITY_FORMS_MAX_RETRIES=3
GRAVITY_FORMS_TIMEOUT=30000
# ============================================================
# DEBUG
# ============================================================
# SECURITY WARNING: Debug logs may contain sensitive data (API keys, user info).
# Only enable in secure development environments.
GRAVITY_FORMS_DEBUG=false
# ============================================================
# TEST ENVIRONMENT
# Use a separate test/staging site to avoid affecting production data.
# ============================================================
# Primary test env var names:
GRAVITY_FORMS_TEST_BASE_URL=https://test.yoursite.com
GRAVITY_FORMS_TEST_CONSUMER_KEY=ck_test_key_here
GRAVITY_FORMS_TEST_CONSUMER_SECRET=cs_test_secret_here
# Additional test overrides (remapped to primary vars in test mode):
# GRAVITY_FORMS_TEST_URL=https://test.yoursite.com (alias for TEST_BASE_URL)
# GRAVITY_FORMS_TEST_AUTH_METHOD=basic
# GRAVITY_FORMS_TEST_TIMEOUT=30000
# Shorthand aliases also supported:
# TEST_GF_URL=https://test.yoursite.com
# TEST_GF_CONSUMER_KEY=ck_test_key_here
# TEST_GF_CONSUMER_SECRET=cs_test_secret_here
# WordPress credentials (used by test scripts, not the MCP server itself):
# TEST_WP_USER=admin
# TEST_WP_PASSWORD=password
# Enable test mode — when true, GRAVITY_FORMS_TEST_* vars are remapped
# to their primary equivalents so the client connects to the test site.
# GRAVITYKIT_MCP_TEST_MODE=true
# Legacy name also supported: GRAVITYMCP_TEST_MODE=true
# Also activated when NODE_ENV=test
# =============================================
# GravityKit Abilities (gv_* and other product tools)
# =============================================
# WordPress credentials for the abilities transport (Foundation catalog
# at /wp-json/gravitykit/v1 + WP core /wp-json/wp-abilities/v1).
# Optional — falls back to GRAVITY_FORMS_BASE_URL and the
# GRAVITY_FORMS_CONSUMER_KEY/SECRET pair when unset.
# GRAVITYKIT_WP_URL=https://your-site.com
# GRAVITYKIT_WP_USERNAME=admin
# GRAVITYKIT_WP_APP_PASSWORD="xxxx xxxx xxxx xxxx xxxx xxxx"
# GRAVITYKIT_TIMEOUT=30000
# Security-coverage fixtures for the integration suite (all optional —
# the deny tests skip cleanly when unset):
# GRAVITY_FORMS_TEST_LOWPRIV_USER=subscriber_login
# GRAVITY_FORMS_TEST_LOWPRIV_APP_PASSWORD="app password for a user WITHOUT GF capabilities"
# GRAVITY_FORMS_TEST_READONLY_CONSUMER_KEY=ck_key_with_read_permissions
# GRAVITY_FORMS_TEST_READONLY_CONSUMER_SECRET=cs_matching_secret