docs: Update configuration documentation to use environment variables

- Migrate from YAML configuration to environment-based configuration
- Add detailed explanations for new environment variable settings
- Include best practices for configuration management
- Enhance logging and security configuration documentation
- Add examples for log rotation and rate limiting

docs/configuration.md

@@ -4,103 +4,126 @@ This document provides detailed information about configuring the Home Assistant
 
 ## Configuration File Structure
 
-The MCP Server uses a hierarchical configuration structure:
+The MCP Server uses environment variables for configuration, with support for different environments (development, test, production):
 
-```yaml
+```bash
-server:
+# .env, .env.development, or .env.test
-  host: 0.0.0.0
+PORT=4000
-  port: 8123
+NODE_ENV=development
-  log_level: INFO
+HASS_HOST=http://192.168.178.63:8123
-
+HASS_TOKEN=your_token_here
-security:
+JWT_SECRET=your_secret_key
-  jwt_secret: YOUR_SECRET_KEY
-  allowed_origins:
-    - http://localhost:3000
-    - https://your-domain.com
-
-devices:
-  scan_interval: 30
-  default_timeout: 10
 ```
 
 ## Server Settings
 
 ### Basic Server Configuration
-- `host`: Server binding address (default: 0.0.0.0)
+- `PORT`: Server port number (default: 4000)
-- `port`: Server port number (default: 8123)
+- `NODE_ENV`: Environment mode (development, production, test)
-- `log_level`: Logging level (INFO, DEBUG, WARNING, ERROR)
+- `HASS_HOST`: Home Assistant instance URL
+- `HASS_TOKEN`: Home Assistant long-lived access token
 
 ### Security Settings
-- `jwt_secret`: Secret key for JWT token generation
+- `JWT_SECRET`: Secret key for JWT token generation
-- `allowed_origins`: CORS allowed origins list
+- `RATE_LIMIT`: Rate limiting configuration
-- `ssl_cert`: Path to SSL certificate (optional)
+  - `windowMs`: Time window in milliseconds (default: 15 minutes)
-- `ssl_key`: Path to SSL private key (optional)
+  - `max`: Maximum requests per window (default: 100)
 
-### Device Management
+### WebSocket Settings
-- `scan_interval`: Device state scan interval in seconds
+- `SSE`: Server-Sent Events configuration
-- `default_timeout`: Default device command timeout
+  - `MAX_CLIENTS`: Maximum concurrent clients (default: 1000)
-- `retry_attempts`: Number of retry attempts for failed commands
+  - `PING_INTERVAL`: Keep-alive ping interval in ms (default: 30000)
 
 ## Environment Variables
 
-Environment variables override configuration file settings:
+All configuration is managed through environment variables:
 
 ```bash
-MCP_HOST=0.0.0.0
+# Server
-MCP_PORT=8123
+PORT=4000
-MCP_LOG_LEVEL=INFO
+NODE_ENV=development
-MCP_JWT_SECRET=your-secret-key
+
+# Home Assistant
+HASS_HOST=http://your-hass-instance:8123
+HASS_TOKEN=your_token_here
+
+# Security
+JWT_SECRET=your-secret-key
+
+# Logging
+LOG_LEVEL=info
+LOG_DIR=logs
+LOG_MAX_SIZE=20m
+LOG_MAX_DAYS=14d
+LOG_COMPRESS=true
+LOG_REQUESTS=true
 ```
 
 ## Advanced Configuration
 
-### Rate Limiting
+### Security Rate Limiting
-```yaml
+Rate limiting is enabled by default to protect against brute force attacks:
-rate_limit:
-  enabled: true
-  requests_per_minute: 100
-  burst: 20
-```
 
-### Caching
+```typescript
-```yaml
+RATE_LIMIT: {
-cache:
+  windowMs: 15 * 60 * 1000,  // 15 minutes
-  enabled: true
+  max: 100  // limit each IP to 100 requests per window
-  ttl: 300  # seconds
+}
-  max_size: 1000  # entries
 ```
 
 ### Logging
-```yaml
+The server uses Bun's built-in logging capabilities with additional configuration:
-logging:
+
-  file: /var/log/mcp-server.log
+```typescript
-  max_size: 10MB
+LOGGING: {
-  backup_count: 5
+  LEVEL: "info",  // debug, info, warn, error
-  format: "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
+  DIR: "logs",
+  MAX_SIZE: "20m",
+  MAX_DAYS: "14d",
+  COMPRESS: true,
+  TIMESTAMP_FORMAT: "YYYY-MM-DD HH:mm:ss:ms",
+  LOG_REQUESTS: true
+}
+```
+
+For production deployments, we recommend using system tools like `logrotate` for log management.
+
+Example logrotate configuration (`/etc/logrotate.d/mcp-server`):
+```
+/var/log/mcp-server.log {
+    daily
+    rotate 7
+    compress
+    delaycompress
+    missingok
+    notifempty
+    create 644 mcp mcp
+}
 ```
 
 ## Best Practices
 
 1. Always use environment variables for sensitive information
-2. Keep configuration files in a secure location
+2. Keep .env files secure and never commit them to version control
-3. Regularly backup your configuration
+3. Use different environment files for development, test, and production
-4. Use SSL in production environments
+4. Enable SSL/TLS in production (preferably via reverse proxy)
 5. Monitor log files for issues
+6. Regularly rotate logs in production
 
 ## Validation
 
-The server validates configuration on startup:
+The server validates configuration on startup using Zod schemas:
-- Required fields are checked
+- Required fields are checked (e.g., HASS_TOKEN)
 - Value types are verified
-- Ranges are validated
+- Enums are validated (e.g., LOG_LEVEL)
-- Security settings are assessed
+- Default values are applied when not specified
 
 ## Troubleshooting
 
 Common configuration issues:
-1. Permission denied accessing files
+1. Missing required environment variables
-2. Invalid YAML syntax
+2. Invalid environment variable values
-3. Missing required fields
+3. Permission issues with log directories
-4. Type mismatches in values
+4. Rate limiting too restrictive
 
 See the [Troubleshooting Guide](troubleshooting.md) for solutions.