Configuration
Configure AIVory Guard to match your environment, from quick local setup to enterprise-grade deployments with custom compliance rules.
- Environment variables control all settings - no config files required
- Three deployment modes - Production (default), local development, or enterprise
- 18+ compliance standards checked automatically with customization options
- Timeout tuning optimizes performance for different scan sizes
- Security best practices keep your API keys safe
Environment Variables
AIVory Guard uses environment variables for all configuration. No config files needed.
| Variable | Description | Default | Required |
|---|---|---|---|
AIVORY_API_KEY |
Your API authentication token (optional for free tier) | - | No |
AIVORY_SERVER_URL |
Backend API URL | https://app.aivory.net |
No |
AIVORY_TIMEOUT |
Request timeout in milliseconds | 30000 |
No |
Deployment Modes
Choose the configuration that matches your environment.
Production Configuration (Default)
By default, AIVory Guard connects to the production backend. No AIVORY_SERVER_URL needed.
{
"mcpServers": {
"aivory": {
"command": "npx",
"args": ["@aivorynet/guard"],
"env": {
"AIVORY_API_KEY": "your_production_key"
}
}
}
}
Get Your API Token
- Visit app.aivory.net/tokens
- Log in or create a free account
- Click Generate New Token
- Copy your API token
aiv_. Keep them secret and never commit them to version control.
Local Development Configuration
For backend development, point to your local instance.
{
"mcpServers": {
"aivory": {
"command": "npx",
"args": ["@aivorynet/guard"],
"env": {
"AIVORY_SERVER_URL": "http://localhost:19999",
"AIVORY_API_KEY": "your_local_dev_key"
}
}
}
}
Alternative: Using .env Files
You can also use a .env file for local configuration:
# .env
AIVORY_SERVER_URL=http://localhost:19999
AIVORY_API_KEY=your_local_dev_key
Then reference variables in your MCP config:
{
"mcpServers": {
"aivory": {
"command": "npx",
"args": ["@aivorynet/guard"],
"env": {
"AIVORY_SERVER_URL": "${AIVORY_SERVER_URL}",
"AIVORY_API_KEY": "${AIVORY_API_KEY}"
}
}
}
}
Enterprise Configuration
For custom or enterprise deployments with your own domain.
{
"mcpServers": {
"aivory": {
"command": "npx",
"args": ["@aivorynet/guard"],
"env": {
"AIVORY_SERVER_URL": "https://aivory.yourcompany.com",
"AIVORY_API_KEY": "your_enterprise_key"
}
}
}
}
Timeout Configuration
Adjust request timeouts based on your scan sizes and network conditions.
| Scan Size | Recommended Timeout | Use Case |
|---|---|---|
| Small (< 500 lines) | 30000 (default) |
Single file quick checks |
| Large (500-2000 lines) | 60000 |
Complex files with many patterns |
| Batch (multiple files) | 120000 |
Scanning entire directories |
{
"mcpServers": {
"aivory": {
"command": "npx",
"args": ["@aivorynet/guard"],
"env": {
"AIVORY_API_KEY": "your_key",
"AIVORY_TIMEOUT": "60000"
}
}
}
}
Compliance Standards
AIVory Guard checks code against 18+ compliance standards automatically.
Check Enabled Standards
Ask your AI assistant to show current configuration:
You: "What compliance standards are currently enabled?"
AI: [Uses get_config tool]
AI: "Currently checking against:
OWASP Top 10, GDPR, HIPAA, PCI-DSS, SOC 2,
ISO 27001, CIS Controls, NIST CSF, CCPA,
FedRAMP, FISMA, COBIT, GLBA, SOX, FERPA"
Customize Standards via API
When using the API directly, specify which standards to check:
// Scan with specific standards
const response = await fetch('https://app.aivory.net/api/scan', {
method: 'POST',
headers: {
'Authorization': `Bearer ${AIVORY_API_KEY}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
code: yourCode,
language: 'python',
standards: ['OWASP', 'GDPR', 'HIPAA'] // Only these 3
})
});
Note: MCP integration currently checks all standards. Standard-specific filtering is available via direct API integration.
API Endpoints
AIVory Guard backend exposes these endpoints for direct integration.
| Endpoint | Method | Purpose | Authentication |
|---|---|---|---|
/api/scan |
POST | Scan single file | Bearer token |
/api/batch-scan |
POST | Scan multiple files | Bearer token |
/api/config |
GET | Get configuration | Bearer token |
/api/rules |
GET | List compliance rules | Bearer token |
/api/health |
GET | Health check | None |
Production Endpoints
https://app.aivory.net/api/scan
https://app.aivory.net/api/batch-scan
https://app.aivory.net/api/config
https://app.aivory.net/api/rules
https://app.aivory.net/api/health
Local Development Endpoints
http://localhost:19999/api/scan
http://localhost:19999/api/batch-scan
http://localhost:19999/api/config
http://localhost:19999/api/rules
http://localhost:19999/api/health
Testing Your Configuration
Verify everything works correctly before using AIVory Guard.
npx @aivorynet/guard test
Expected Output
✓ Configuration loaded
✓ Server: https://app.aivory.net
✓ Backend is healthy
✓ Compliance scan completed
All tests passed! ✅
Troubleshooting Test Failures
“Configuration not found”
- Run
npx @aivorynet/guard initto create config - Ensure
.envfile exists or environment variables are set
“Invalid API key”
- Verify API key starts with
aiv_ - Generate new token at app.aivory.net/tokens
- Check for spaces or hidden characters
“Connection timeout”
- Check internet connectivity
- Verify server URL is correct
- Try increasing timeout with
AIVORY_TIMEOUT=60000 - Check firewall/proxy settings
“Backend unhealthy”
- Verify backend is running (for local dev)
- Check status.aivory.net (for production)
- Try again in a few minutes
Multiple Environments
Manage different configurations for development, staging, and production.
Environment-Specific Config Files
# .env.development
AIVORY_SERVER_URL=http://localhost:19999
AIVORY_API_KEY=dev_key
# .env.staging
AIVORY_SERVER_URL=https://staging.aivory.net
AIVORY_API_KEY=staging_key
# .env.production
AIVORY_SERVER_URL=https://app.aivory.net
AIVORY_API_KEY=prod_key
Load the appropriate file based on your environment.
Shell Script Approach
#!/bin/bash
# start-dev.sh
export AIVORY_SERVER_URL=http://localhost:19999
export AIVORY_API_KEY=dev_key
claude-code .
#!/bin/bash
# start-prod.sh
export AIVORY_SERVER_URL=https://app.aivory.net
export AIVORY_API_KEY=prod_key
claude-code .
Security Best Practices
Keep your API keys and configuration secure.
Advanced Configuration
Custom HTTP Headers (Enterprise)
Enterprise customers can add custom headers for internal routing or identification:
{
"mcpServers": {
"aivory": {
"command": "npx",
"args": ["@aivorynet/guard"],
"env": {
"AIVORY_API_KEY": "enterprise_key",
"AIVORY_CUSTOM_HEADERS": "{\"X-Company-ID\":\"12345\"}"
}
}
}
}
Proxy Configuration
For networks requiring proxies:
# Set via environment variables
export HTTP_PROXY=http://proxy.company.com:8080
export HTTPS_PROXY=http://proxy.company.com:8080
export NO_PROXY=localhost,127.0.0.1
# Then start your AI tool
claude-code .
SSL/TLS Certificate Verification
Disable SSL verification for self-signed certificates (development only):
{
"mcpServers": {
"aivory": {
"command": "npx",
"args": ["@aivorynet/guard"],
"env": {
"AIVORY_API_KEY": "your_key",
"NODE_TLS_REJECT_UNAUTHORIZED": "0"
}
}
}
}
Migration Between Environments
From Local to Production:
- Generate production token at app.aivory.net/tokens
- Update environment variables:
AIVORY_SERVER_URL=https://app.aivory.net AIVORY_API_KEY=prod_key - Test connection:
npx @aivorynet/guard test - Restart your AI tool
From Production to Local:
- Start local backend on port 19999
- Generate local API token
- Update environment variables:
AIVORY_SERVER_URL=http://localhost:19999 AIVORY_API_KEY=local_key - Test connection:
npx @aivorynet/guard test - Restart your AI tool