cabbage/local-mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
31 Commits 1 Branch 0 Tags
master
Commit Graph

6 Commits

Author SHA1 Message Date
Brandon Zhang
c690d0c483 Hardcode agent stale timeout 2026-03-27 18:32:25 +08:00
Brandon Zhang
18352a99d5 Show server type in the web UI 2026-03-27 18:19:26 +08:00
Brandon Zhang
7a8dd14bd3 Show server version in logs and UI 2026-03-27 18:16:30 +08:00
cabbage
009fd039a2 feat: optional Bearer-token authentication via API_TOKEN env var 
Disabled by default (empty API_TOKEN). When set:
- All /api/* and /mcp requests require: Authorization: Bearer <token>
- Public exemptions: /, /healthz, /static/*, /auth-check
- Web UI: pre-flight /auth-check on load; shows token modal if required
- Token stored in sessionStorage, sent on every API request
- Mid-session 401s re-trigger the token modal
- MCP clients must pass the header: Authorization: Bearer <token>
Files changed:
- app/config.py: api_token field + API_TOKEN env var
- app/api/auth.py: Starlette BaseHTTPMiddleware for token enforcement
- main.py: register middleware + /auth-check public endpoint
- static/js/api.js: token storage, auth header, 401 handler hook
- static/js/app.js: auth pre-flight, showTokenModal(), bootstrap()
- static/css/components.css: .auth-overlay / .auth-card styles
- README.md: API_TOKEN env var docs + MCP client header example
 2026-03-27 04:28:12 +08:00
cabbage
256a445e2f feat: add Clear History button to delete all consumed instructions 
- Backend: instruction_service.clear_consumed() bulk-deletes consumed rows
- Backend: DELETE /api/instructions/consumed route (preserves pending)
- Frontend: Clear button in consumed panel header (hidden when empty)
- Frontend: SSE handler for history.cleared event - instant UI update
- Frontend: api.clearConsumed() fetch wrapper
 2026-03-27 04:16:24 +08:00
cabbage
86eba27a24 init 2026-03-27 03:58:57 +08:00