From e39e00a2c0a74263a6912f07564b2cd5043202c4 Mon Sep 17 00:00:00 2001 From: Steve Cliff Date: Sat, 4 Apr 2026 12:04:12 +0100 Subject: [PATCH] Add MCP auth status to kb_status and update server instructions - kb_status now returns authenticated: true/false so clients can verify auth - Server instructions mention Bearer token auth requirement - Add .env, .venv/, test_mcp_client.py to .gitignore Co-Authored-By: Claude Opus 4.6 (1M context) --- .gitignore | 3 +++ mcp/server.py | 14 +++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 4822dcc..fe2cb09 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,6 @@ __pycache__/ engine/data/ TMP/ +.env +.venv/ +test_mcp_client.py diff --git a/mcp/server.py b/mcp/server.py index 2d25bd0..c0307e2 100644 --- a/mcp/server.py +++ b/mcp/server.py @@ -87,7 +87,12 @@ async def _ensure_exclusive_collection(doc_id: int, collection: str) -> None: mcp = FastMCP( "kb", - instructions="Knowledge base MCP server. Provides tools for searching, adding, and managing documents and notes.", + instructions=( + "Knowledge base MCP server. Provides tools for searching, adding, and " + "managing documents and notes. This server requires Bearer token " + "authentication — all requests are authenticated via the Authorization " + "header at the HTTP transport layer." + ), ) @@ -218,6 +223,7 @@ async def kb_status() -> str: database size, and ingestion queue state. """ result = engine.get_status() + result["authenticated"] = bool(config.KB_MCP_API_KEY) return json.dumps(result, indent=2) @@ -323,10 +329,8 @@ class BearerAuthMiddleware(BaseHTTPMiddleware): return await call_next(request) auth_header = request.headers.get("authorization", "") - if auth_header.startswith("Bearer "): - token = auth_header[7:] - if token == config.KB_MCP_API_KEY: - return await call_next(request) + if auth_header.startswith("Bearer ") and auth_header[7:] == config.KB_MCP_API_KEY: + return await call_next(request) return JSONResponse( status_code=401,