Elemm
HomeGuardianDocsBlogFAQ
Star on GitHub
HomeGuardianDocsBlogFAQ
Star on GitHub
Docs
Getting StartedWhat is Elemm?Core InstallationMCP Client SetupDocker Deployment
DashboardDashboard OverviewConfiguration ReferenceObservability ConsoleManifest DebuggerToken AnalyzerMCP Server ConfigurationSecurity PanelVault ManagerDashboard Settings
ProtocolThe Discovery ProtocolThe 9 Core ToolsSequence Engine & Data PipingResponse Hygiene
GatewayMulti-Protocol SupportSecurity (Guardian)Vault — AuthenticationProduction & VPS SecurityCLI Reference
DeveloperBuilding Landmark ServersExposing Landmark ServersSmartRepair & Error CodesPydantic & Smart UnboxingDeclarative YAML Configuration

Configuration Reference

Complete schema for config.json, vault.json, and mcp_servers.yaml.

config.json

The gateway is configured via ~/.elemm/config.json. The file is automatically created with sensible defaults on the first start. Missing keys are auto-migrated.

Complete Schema

json
{
  "security": {
    "enforce_whitelist": false,
    "allowed_landmarks": [],
    "allowed_actions": [],
    "disallowed_patterns": ["delete", "remove", "purge", "destroy"],
    "disallowed_landmarks": ["admin", "billing", "internal"],
    "disallowed_actions": ["users_delete_account"],
    "allowed_methods": ["GET", "POST", "PUT", "PATCH", "DELETE"],
    "prevent_key_leakage": true,
    "custom_remedies": {},
    "simulate_security_policy": false
  },
  "limit_standard": 30000,
  "limit_inspect": 20000,
  "limit_search_items": 10,
  "timeout_seconds": 30,
  "retry_attempts": 3,
  "retry_delay_ms": 1000,
  "max_tools_per_landmark": 5,
  "max_landmarks_per_view": 20,
  "user_agent": "ElemmGateway/1.0 (Autonomous Agent)",
  "ui": {
    "display_mode": "tokens",
    "char_to_token_ratio": 4.0,
    "simulate_security_policy": false
  }
}

Key Reference

Security

KeyTypeDefaultDescription
enforce_whitelistbooleanfalseEnable Zero-Trust mode
allowed_landmarksstring[][]Whitelisted landmarks (only in Zero-Trust)
allowed_actionsstring[][]Whitelisted actions (only in Zero-Trust)
disallowed_patternsstring[]["delete","remove","purge","destroy"]Blocked patterns. Prefix re: for regex
disallowed_landmarksstring[][]Completely hidden/blocked namespaces
disallowed_actionsstring[][]Explicitly blocked Action IDs
allowed_methodsstring[]["GET","POST","PUT","PATCH","DELETE"]Allowed HTTP methods
prevent_key_leakagebooleantrueScrub API keys from responses
custom_remediesobject{}Pattern/Action -> Custom error message

Limits & Execution

KeyTypeDefaultDescription
limit_standardinteger30000Max chars for standard responses
limit_inspectinteger20000Max chars for inspection responses
limit_search_itemsinteger10Max results for search_landmarks
timeout_secondsinteger30HTTP request timeout
retry_attemptsinteger3Default retry count
retry_delay_msinteger1000Delay between retries in ms
max_tools_per_landmarkinteger5Max tools shown per landmark on connect
max_landmarks_per_viewinteger20Max landmarks in get_landmarks
user_agentstring"ElemmGateway/1.0"User-Agent header for outgoing HTTP requests

UI Settings

KeyTypeDefaultDescription
display_modestring"tokens"Display mode: "tokens", "chars", or "both"
char_to_token_ratiofloat4.0Conversion factor characters to tokens
simulate_security_policybooleanfalseApply Security Policy to Dashboard UI

File Paths

FilePath
Gateway Configuration~/.elemm/config.json
Authentication Vault~/.elemm/vault.json
MCP Server Configuration~/.elemm/mcp_servers.yaml
Gateway Sourcesrc/elemm_gateway/
Protocol Coresrc/elemm/

MCP Server Configuration (mcp_servers.yaml)

Local MCP servers are configured in ~/.elemm/mcp_servers.yaml:

yaml
servers:
  sqlite:
    command: uvx
    args: ["mcp-server-sqlite", "--db-path", "/path/to/db.sqlite"]
    env:
      API_KEY: "vault:api.example.com"
  
  github:
    command: npx
    args: ["-y", "@modelcontextprotocol/server-github"]
    env:
      GITHUB_TOKEN: "env:GITHUB_TOKEN"

Variable Interpolation

  • env:VAR_NAME — Reads an environment variable at runtime
  • vault:domain — Reads the API key for the specified domain from the vault

Hot-Reloading

Configuration changes are automatically detected and applied at runtime — without restarting the gateway.

Elemm Logo

The Landmark Manifest. Exposing system interfaces natively to AI agents.

Framework

HomeAboutGuardianDocumentation

Community

GitHubDiscordPyPI Package

Legal

Imprint (Legal Notice)Privacy Policy© 2026 Marc Stöcker
elemm.dev — Infrastructure for the Agentic Web.