Skip to content

Scoped search key + MCP auth posture#26

Merged
hendrikebbers merged 3 commits into
mainfrom
feat/013-scoped-search-key
Jul 13, 2026
Merged

Scoped search key + MCP auth posture#26
hendrikebbers merged 3 commits into
mainfrom
feat/013-scoped-search-key

Conversation

@herbie-bot

Copy link
Copy Markdown
Collaborator

Summary

Restricts runtime Meilisearch access to a key scoped to the content index (via a ScopedKeySpec bean the library exchanges at startup) instead of the master key over all indexes, and tightens the MCP auth posture: /mcp requires X-API-Key by default, with a dev profile that disables it locally. Because this process both indexes and serves reads, the key is scoped to the single content index with the minimal action set the service uses.

Spec

  • docs/specs/013-scoped-search-key/{design,behaviors,steps}.md

Changes

  • ContentConfig: ScopedKeySpec bean (content index + search/documents/settings/indexes/tasks actions), gated on meilisearch.enabled
  • application.yaml: api-key auth defaults to enabled (MCP_API_KEY_AUTH_ENABLED); application-dev.yaml disables it for the dev profile
  • Drift: spec 001 set api-key.enabled=false in application.yaml; now secure-by-default — logged in 001-project-skeleton/design.md
  • Docs: README (auth + dev profile + env var), CLAUDE.md

Test coverage

  • ContentScopedKeyTest (bean scope + actions + disabled case). The full app-context build confirms the scoped-key initializer degrades gracefully when Meilisearch is unreachable. Live key exchange/enforcement is the library's responsibility (needs a running Meilisearch). 133 tests total; spec-review and quality-review clean.

Closes #25

🤖 Generated with Claude Code

- ContentConfig registers a ScopedKeySpec bean (gated on meilisearch.enabled)
  scoping the runtime key to the content index with the minimal actions the
  service uses (search + documents/settings/indexes writes + tasks.get). The
  library MeilisearchScopedKeyInitializer exchanges the master key at startup
  and degrades to it on failure (verified: full context boots when Meilisearch
  is unreachable).
- MCP api-key auth on /mcp now defaults to enabled
  (MCP_API_KEY_AUTH_ENABLED, default true); application-dev.yaml (dev profile)
  disables it for local use.
- Tests: ContentScopedKeyTest (index scope + actions + disabled case).
- Drift: spec 001 set api-key.enabled=false in application.yaml; now
  secure-by-default. Logged in 001-project-skeleton/design.md.
- Docs: steps.md, CLAUDE.md, README (auth + dev profile + env var). 133 tests green.

Refs #25
@hendrikebbers hendrikebbers merged commit 358b1d2 into main Jul 13, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Scoped search key — index-scoped Meilisearch key + MCP auth posture

2 participants