Scoped search key + MCP auth posture#26
Merged
Merged
Conversation
- ContentConfig registers a ScopedKeySpec bean (gated on meilisearch.enabled) scoping the runtime key to the content index with the minimal actions the service uses (search + documents/settings/indexes writes + tasks.get). The library MeilisearchScopedKeyInitializer exchanges the master key at startup and degrades to it on failure (verified: full context boots when Meilisearch is unreachable). - MCP api-key auth on /mcp now defaults to enabled (MCP_API_KEY_AUTH_ENABLED, default true); application-dev.yaml (dev profile) disables it for local use. - Tests: ContentScopedKeyTest (index scope + actions + disabled case). - Drift: spec 001 set api-key.enabled=false in application.yaml; now secure-by-default. Logged in 001-project-skeleton/design.md. - Docs: steps.md, CLAUDE.md, README (auth + dev profile + env var). 133 tests green. Refs #25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Restricts runtime Meilisearch access to a key scoped to the content index (via a
ScopedKeySpecbean the library exchanges at startup) instead of the master key over all indexes, and tightens the MCP auth posture:/mcprequiresX-API-Keyby default, with adevprofile that disables it locally. Because this process both indexes and serves reads, the key is scoped to the single content index with the minimal action set the service uses.Spec
docs/specs/013-scoped-search-key/{design,behaviors,steps}.mdChanges
ContentConfig:ScopedKeySpecbean (content index +search/documents/settings/indexes/tasks actions), gated onmeilisearch.enabledapplication.yaml: api-key auth defaults to enabled (MCP_API_KEY_AUTH_ENABLED);application-dev.yamldisables it for thedevprofileapi-key.enabled=falseinapplication.yaml; now secure-by-default — logged in001-project-skeleton/design.mdTest coverage
ContentScopedKeyTest(bean scope + actions + disabled case). The full app-context build confirms the scoped-key initializer degrades gracefully when Meilisearch is unreachable. Live key exchange/enforcement is the library's responsibility (needs a running Meilisearch). 133 tests total; spec-review and quality-review clean.Closes #25
🤖 Generated with Claude Code