Environment Variables
These variables are used internally by the gateway and shim. You generally do not need to set them manually. They are documented here for debugging and advanced configuration.
Shim variables
Section titled “Shim variables”Set by the gateway when spawning shim processes, or read by the shim at startup:
| Variable | Description |
|---|---|
MCPFW_GATEWAY_URL | Gateway base URL (used by shim to locate the gateway) |
MCPFW_SERVER_ID | Server UUID for this shim instance |
MCPFW_SOCKET_PATH | Unix socket path for gateway communication |
MCPFW_BYPASS | Set to true to enable bypass mode when the gateway is unreachable. The shim connects directly to the upstream server with read-only enforcement. |
MCPFW_TOKEN | Bearer token for team gateway authentication (Team tier — coming soon) |
MCPFW_ORIG_COMMAND | Original MCP server command (before rewrite to shim) |
MCPFW_ORIG_ARGS | Original MCP server arguments (JSON array) |
MCPFW_ORIG_ENV | Original MCP server environment variables (JSON object) |
Legacy variables
Section titled “Legacy variables”These are accepted for backward compatibility:
| Variable | Replaced by |
|---|---|
SLUICE_GATEWAY_URL | MCPFW_GATEWAY_URL |
SLUICE_SERVER_ID | MCPFW_SERVER_ID |
SLUICE_BYPASS | MCPFW_BYPASS |
SLUICE_TOKEN | MCPFW_TOKEN |
SLUICE_ORIG_COMMAND | MCPFW_ORIG_COMMAND |
SLUICE_ORIG_ARGS | MCPFW_ORIG_ARGS |
SLUICE_ORIG_ENV | MCPFW_ORIG_ENV |
Secret references
Section titled “Secret references”Server configurations can reference vault secrets using:
$MCPFW_SECRET:secret_nameThe gateway resolves these at runtime, injecting the decrypted value. The legacy prefix $SLUICE_SECRET: is also accepted.