refactor: Remove app_config.yaml file and update env vars

Author: alecron

README.md

@@ -17,7 +17,6 @@
   - [Requirements](#requirements)
     - [UV Setup](#uv-setup)
   - [Configuration](#configuration)
-    - [`app_config.yaml`](#app_configyaml)
     - [Environment Variables](#environment-variables)
   - [Running the Server](#running-the-server)
     - [Docker](#docker)
@@ -85,21 +84,6 @@ Get up and running with the Sysdig MCP Server quickly using our pre-built Docker
 
 ## Available Tools
 
-You can select what group of tools to add when running the server by adding/removing them from the `mcp.allowed_tools` list in the app_config.yaml file
-
-```yaml
-...
-mcp:
-  transport: stdio
-  ...
-  allowed_tools:
-    - "events-feed"
-    - "inventory"
-    - "vulnerability-management"
-    - "sysdig-sage"
-    - "sysdig-cli-scanner" # Only available in stdio local transport mode
-```
-
 <details>
 <summary><strong>Events Feed</strong></summary>
 
@@ -168,13 +152,9 @@ mcp:
 
 You can use [uv](https://github.com/astral-sh/uv) as a drop-in replacement for pip to create the virtual environment and install dependencies.
 
-If you don't have `uv` installed, you can install it via (Linux and MacOS users):
+If you don't have `uv` installed, you can install it following the instructions that you can find on the `README` of the project.
 
-```bash
-curl -Ls https://astral.sh/uv/install.sh | sh
-```
-
-To set up the environment:
+If you want to develop, set up the environment using:
 
 ```bash
 uv venv
@@ -185,36 +165,26 @@ This will create a virtual environment using `uv` and install the required depen
 
 ## Configuration
 
-The application can be configured via the `app_config.yaml` file and environment variables.
-
-### `app_config.yaml`
-
-This file contains the main configuration for the application, including:
-
-- **app**: Host, port, and log level for the MCP server.
-- **sysdig**: The Sysdig Secure host to connect to.
-- **mcp**: Transport protocol (stdio, sse, streamable-http), URL, host, and port for the MCP server.
-
-> You can set the path for the app_config.yaml using the `APP_CONFIG_FILE=/path/to/app_config.yaml` env var. By default the app will search the file in the root of the app.
-
-### Environment Variables
-
-The following environment variables are required for configuring the Sysdig SDK:
+The following environment variables are **required** for configuring the Sysdig SDK:
 
 - `SYSDIG_HOST`: The URL of your Sysdig Secure instance (e.g., `https://us2.app.sysdig.com`).
 - `SYSDIG_SECURE_TOKEN`: Your Sysdig Secure API token.
 
+You can also set the following variables to override the default configuration:
+
+- `SYSDIG_MCP_TRANSPORT`: The transport protocol for the MCP Server (`stdio`, `streamable-http`, `sse`). Defaults to: `stdio`.
+- `SYSDIG_MCP_MOUNT_PATH`:  The URL prefix for the Streamable-http/sse deployment. Defaults to: `/sysdig-mcp-server`
+- `LOGLEVEL`: Log Level of the application (`DEBUG`, `INFO`, `WARNING`, `ERROR`). Defaults to: `INFO`
+- `SYSDIG_MCP_LISTENING_PORT`: The port for the server when it is deployed using remote protocols (`steamable-http`, `sse`). Defaults to: `8080`
+- `SYSDIG_MCP_LISTENING_HOST`: The host for the server when it is deployed using remote protocols (`steamable-http`, `sse`). Defaults to: `localhost`
+
 You can find your API token in the Sysdig Secure UI under **Settings > Sysdig Secure API**. Make sure to copy the token as it will not be shown again.
 
 ![API_TOKEN_CONFIG](./docs/assets/settings-config-token.png)
 ![API_TOKEN_SETTINGS](./docs/assets/api-token-copy.png)
 
 You can set these variables in your shell or in a `.env` file.
 
-You can also use `MCP_TRANSPORT` to override the transport protocol set in `app_config.yaml`.
-
-> All of this env variables have precedence over the fields configured in the app_config.yaml.
-
 ## Running the Server
 
 You can run the MCP server using either Docker, `uv` or install it in your K8s cluster with helm.
@@ -255,7 +225,6 @@ sysdig:
     secureAPIToken: "<your_sysdig_secure_api_token>"
   mcp:
     transport: "streamable-http"
-  # You can set the Sysdig Tenant URL at this level or below in the app_config configmap
   host: "https://us2.app.sysdig.com" # <your_sysdig_host> "https://eu1.app.sysdig.com"
 
 configMap:
@@ -312,7 +281,7 @@ To use the MCP server with a client like Claude or Cursor, you need to provide t
 
 When using the `sse` or `streamable-http` transport, the server requires a Bearer token for authentication. The token is passed in the `Authorization` header of the HTTP request.
 
-Additionally, you can specify the Sysdig Secure host by providing the `X-Sysdig-Host` header. If this header is not present, the server will use the value from `app_config.yaml`.
+Additionally, you can specify the Sysdig Secure host by providing the `X-Sysdig-Host` header. If this header is not present, the server will use the value from the env variable.
 
 Example headers:
 
@@ -323,7 +292,7 @@ X-Sysdig-Host: <your_sysdig_host>
 
 ### URL
 
-If you are running the server with the `sse` or `streamable-http` transport, the URL will be `http://<host>:<port>/sysdig-mcp-server/mcp`, where `<host>` and `<port>` are the values configured in `app_config.yaml` or the Docker run command.
+If you are running the server with the `sse` or `streamable-http` transport, the URL will be `http://<host>:<port>/sysdig-mcp-server/mcp`.
 
 For example, if you are running the server locally on port 8080, the URL will be `http://localhost:8080/sysdig-mcp-server/mcp`.
 

app_config.yaml

@@ -42,7 +42,7 @@ def signal_handler(sig, frame):
 def main():
     # Choose transport: "stdio" or "sse" (HTTP/SSE)
     handle_signals()
-    transport = os.environ.get("MCP_TRANSPORT", app_config.transport())
+    transport = app_config.transport()
     log.info("""
     ▄▖     ▌▘    ▖  ▖▄▖▄▖  ▄▖
     ▚ ▌▌▛▘▛▌▌▛▌  ▛▖▞▌▌ ▙▌  ▚ █▌▛▘▌▌█▌▛▘

main.py

@@ -11,9 +11,6 @@
 
 from utils.app_config import AppConfig
 
-
-
-
 class CLIScannerTool:
     """
     A class to encapsulate the tools for interacting with the Sysdig CLI Scanner.
@@ -62,8 +59,8 @@ def check_env_credentials(self) -> None:
         Raises:
             EnvironmentError: If the SYSDIG_SECURE_TOKEN or SYSDIG_HOST environment variables are not set.
         """
-        sysdig_secure_token = os.environ.get("SYSDIG_SECURE_TOKEN")
-        sysdig_host = os.environ.get("SYSDIG_HOST", self.app_config.sysdig_endpoint())
+        sysdig_secure_token = self.app_config.sysdig_secure_token()
+        sysdig_host = self.app_config.sysdig_endpoint()
         if not sysdig_secure_token:
             self.log.error("SYSDIG_SECURE_TOKEN environment variable is not set.")
             raise EnvironmentError("SYSDIG_SECURE_TOKEN environment variable is not set.")
@@ -158,7 +155,7 @@ def run_sysdig_cli_scanner(
                     "output": output_result + result.stderr.strip(),
                     "exit_codes_explained": self.exit_code_explained,
                 }
-        # Handle non-zero exit codes speically exit code 1
+        # Handle non-zero exit codes specially exit code 1
         except subprocess.CalledProcessError as e:
             self.log.warning(f"Sysdig CLI Scanner returned non-zero exit code: {e.returncode}")
             if e.returncode in [2, 3]:

tools/cli_scanner/tool.py

@@ -138,9 +138,6 @@ def tool_list_runtime_events(
         Args:
             cursor (Optional[str]): Cursor for pagination.
             scope_hours (int): Number of hours back from now to include events. Defaults to 1.
-            severity_level (Optional[str]): One of "info", "low", "medium", "high". If provided, filters by that severity.
-                If None, includes all severities.
-            cluster_name (Optional[str]): Name of the Kubernetes cluster to filter events. If None, includes all clusters.
             limit (int): Maximum number of events to return. Defaults to 50.
             filter_expr (Optional[str]): An optional filter expression to further narrow down events.
 

tools/events_feed/tool.py

@@ -3,110 +3,107 @@
 It will load a singleton configuration object that can be accessed throughout the application.
 """
 
-import yaml
-import logging
 import os
 from typing import Optional
 
-# Set up logging
-logging.basicConfig(format="%(asctime)s-%(process)d-%(levelname)s- %(message)s", level=os.environ.get("LOGLEVEL", "ERROR"))
-log = logging.getLogger(__name__)
-
 # app_config singleton
 _app_config: Optional[dict] = None
-APP_CONFIG_FILE: str = os.getenv("APP_CONFIG_FILE", "./app_config.yaml")
-
 
 class AppConfig:
     """
     A class to encapsulate the application configuration.
     """
 
-    def __init__(self, config: dict):
-        self.app_config = config
-
     def sysdig_endpoint(self) -> str:
         """
-        Get the Sysdig endpoint from the app config
+        Get the Sysdig endpoint.
 
+        Raises:
+            RuntimeError: If no SYSDIG_HOST environment variable is set.
         Returns:
             str: The Sysdig API host (e.g., "https://us2.app.sysdig.com").
         """
-        return os.environ.get("SYSDIG_HOST", self.app_config["sysdig"]["host"])
+        if "SYSDIG_HOST" not in os.environ:
+            raise RuntimeError("Variable `SYSDIG_HOST` must be defined.")
+
+        return os.environ.get("SYSDIG_HOST")
+
+    def sysdig_secure_token(self) -> str:
+        """
+        Get the Sysdig secure token.
+
+        Raises:
+             RuntimeError: If no SYSDIG_SECURE_TOKEN environment variable is set.
+        Returns:
+            str: The Sysdig secure token.
+        """
+        if "SYSDIG_SECURE_TOKEN" not in os.environ:
+            raise RuntimeError("Variable `SYSDIG_SECURE_TOKEN` must be defined.")
 
+        return os.environ.get("SYSDIG_SECURE_TOKEN")
+
+    # MCP Config Vars
     def transport(self) -> str:
         """
-        Get the transport protocol (lower case) from the app config
+        Get the transport protocol (lower case).
+        Valid values are: "stdio", "streamable-http", or "sse".
+        Defaults to "stdio".
 
+        Raises:
+            ValueError: If no transport protocol environment variable is set.
         Returns:
             str: The transport protocol (e.g., "stdio", "streamable-http", or "sse").
         """
-        return os.environ.get("MCP_TRANSPORT", self.app_config["mcp"]["transport"]).lower()
+        transport = os.environ.get("SYSDIG_TRANSPORT", "stdio").lower()
+
+        if transport not in ("stdio", "streamable-http", "sse"):
+            raise ValueError("Invalid transport protocol. Valid values are: stdio, streamable-http, sse.")
+
+        return transport
 
     def log_level(self) -> str:
         """
-        Get the log level from the environment or defaults.
+        Get the log level from the environment or defaults to INFO.
 
         Returns:
             str: The log level string (e.g., "DEBUG", "INFO", "WARNING", "ERROR").
         """
-        return os.environ.get("LOGLEVEL", "ERROR")
+        return os.environ.get("LOGLEVEL", "INFO")
 
     def port(self) -> int:
         """
-        Get the port from the app config
+        Get the port for the remote MCP Server Deployment ("streamable-http", or "sse" transports).
+        Defaults to `8080`.
 
         Returns:
             int: The MCP server port.
         """
-        return os.environ.get("SYSDIG_MCP_PORT", self.app_config["mcp"]["port"])
-
-
-def env_constructor(loader, node):
-    return os.environ[node.value[0:]]
+        return os.environ.get("SYSDIG_MCP_LISTENING_PORT", "8080")
 
+    #
+    def host(self) -> str:
+        """
+        Get the host for the remote MCP Server deployment ("streamable-http", or "sse" transports).
+        Defaults to "localhost".
 
-def check_config_file_exists() -> bool:
-    """
-    Check if the config file exists
-
-    Returns:
-        bool: True if the config file exists, False otherwise
-    """
-    if os.path.exists(APP_CONFIG_FILE):
-        log.debug("Config file exists")
-        return True
-    else:
-        log.error("Config file does not exist")
-        return False
-
+        Returns:
+            str: The host string (e.g., "localhost").
+        """
+        return os.environ.get("SYSDIG_MCP_LISTENING_HOST", "localhost")
 
-def load_app_config() -> AppConfig:
-    """
-    Load the app config from the YAML file
+    def mcp_mount_path(self) -> str:
+        """
+        Get the string value for the remote MCP Mount Path.
 
-    Returns:
-        AppConfig: The loaded application configuration wrapper.
-    """
-    if not check_config_file_exists():
-        log.error("Config file does not exist")
-        return {}
-    # Load the config file
-    app_config: dict = {}
-    log.debug(f"Loading app config from YAML file: {APP_CONFIG_FILE}")
-    with open(APP_CONFIG_FILE, "r", encoding="utf8") as file:
-        try:
-            yaml.add_constructor("!env", env_constructor, Loader=yaml.SafeLoader)
-            app_config: dict = yaml.safe_load(file)
-        except Exception as exc:
-            logging.error(exc)
-
-    return AppConfig(app_config)
+        Returns:
+            str: The MCP mount path.
+        """
+        return os.environ.get("MCP_MOUNT_PATH", "/sysdig-mcp-server")
 
 
 def get_app_config() -> AppConfig:
     """
-    Get the the overall app config
+    Get the overall app config
     This function uses a singleton pattern to ensure the config is loaded only once.
     If the config is already loaded, it returns the existing config.
 
@@ -115,5 +112,5 @@ def get_app_config() -> AppConfig:
     """
     global _app_config
     if _app_config is None:
-        _app_config = load_app_config()
+        _app_config = AppConfig()
     return _app_config