Review these considerations to avoid common deployment, authentication, and integration issues.
- Port match: the client is hard-coded to
localhost:5001; AIHostAife:Portmust equal5001(Fixed client connection facts (not configurable in XML)/ Aife (wire plane)). - Where API keys come from: with the shipped
Llm:AcceptedCredentialSources = "Runtime", keys must be supplied via the AIView<LLMApiKeys>XML (Configuring the View). Keys in pluginsettings.json/ env vars are ignored, and providers without an injected key fail (rather than silently using a disk/env key). - Access gating: an
<LLMApiKeys>section also restricts which users/groups can see the view — adding keys narrows visibility. - Sessions are RAM-only:
Persistence:Provider = "InMemory"— chat history is lost on AIHost restart. Recovering persisted sessions from the AIExtension is not yet supported; leaveProvideronInMemory. - MCP is two gates:
Mcp:Enabledwires servers;Chat:Tools: AllowMCPDiscoveredToolsdecides whether their tools reach the agent. - Local providers need the hardening opt-outs:
http://BaseUrlrequiresAllowPlaintextHttp=true(plugin settings) and, for MCPStreamableHttp,Mcp:StreamableHttp:AllowPlaintextHttp=true.