The stronghold config subcommands read and write the local Stronghold configuration. Use dot notation to access nested keys.
Usage
# View a specific section
stronghold config get scanning
stronghold config get scanning.content.action_on_block
stronghold config set <key> <value>
Configuration Keys
Proxy
| Key | Type | Default | Description |
|---|
proxy.port | int | 8402 | Port the transparent proxy listens on (1-65535) |
proxy.bind | string | 127.0.0.1 | Address the proxy binds to |
API
| Key | Type | Default | Description |
|---|
api.endpoint | string | https://api.getstronghold.xyz | Stronghold API server URL |
api.timeout | int | 30 | API request timeout in seconds |
Logging
| Key | Type | Default | Description |
|---|
logging.level | string | info | Log verbosity: debug, info, warn, error |
logging.file | string | ~/.stronghold/stronghold.log | Path to the log file |
Scanning
| Key | Type | Default | Description |
|---|
scanning.content.enabled | bool | true | Enable content scanning |
scanning.content.action_on_warn | string | warn | Action on WARN verdict: allow, warn, or block |
scanning.content.action_on_block | string | block | Action on BLOCK verdict: allow, warn, or block |
scanning.output.enabled | bool | true | Reserved for future output policy; currently not enforced by proxy runtime |
scanning.output.action_on_warn | string | warn | Reserved for future output policy; currently not enforced by proxy runtime |
scanning.output.action_on_block | string | block | Reserved for future output policy; currently not enforced by proxy runtime |
scanning.mode | string | smart | Scanning mode |
scanning.block_threshold | float | 0.55 | Score threshold for BLOCK verdict (0.0-1.0) |
scanning.fail_open | bool | true | Allow traffic to pass if scanning fails |
Examples
# View only scanning configuration
stronghold config get scanning
# Check the current block action for content scanning
stronghold config get scanning.content.action_on_block
# Downgrade content block action to allow (let everything through)
stronghold config set scanning.content.action_on_block allow
# Reserved key (currently no runtime effect in the proxy)
stronghold config set scanning.output.enabled false
# Raise the block threshold to reduce false positives
stronghold config set scanning.block_threshold 0.6
stronghold config set proxy.port 8403
# Change the proxy bind address
stronghold config set proxy.bind 0.0.0.0