feat(agents+chat): agents feature + live chat UX #57
@@ -67,9 +67,12 @@ export async function serve(): Promise<void> {
|
|||||||
const httpServer = await createHttpServer(httpConfig, { router, providerRegistry });
|
const httpServer = await createHttpServer(httpConfig, { router, providerRegistry });
|
||||||
|
|
||||||
// Auth preHandler: only protect the MCP surfaces. /health, /healthz, /proxymodels etc stay open.
|
// Auth preHandler: only protect the MCP surfaces. /health, /healthz, /proxymodels etc stay open.
|
||||||
// Introspection cache TTLs are tunable via env for operators who want stricter revocation
|
// Introspection cache TTLs are tunable via env for operators who want a different tradeoff.
|
||||||
// propagation at the cost of more round-trips to mcpd.
|
// Default 5s for both: mcpd's introspection endpoint is a single DB lookup, so the cache
|
||||||
const positiveTtlMs = Number(process.env.MCPLOCAL_TOKEN_POSITIVE_TTL_MS ?? '30000');
|
// mainly protects against burst restart storms — not steady-state load. A higher positive
|
||||||
|
// TTL means revoked tokens keep working for the full window after revocation; 5s aligns with
|
||||||
|
// the negativeTtl and matches mcptoken.smoke's 7s `wait after revoke` assertion.
|
||||||
|
const positiveTtlMs = Number(process.env.MCPLOCAL_TOKEN_POSITIVE_TTL_MS ?? '5000');
|
||||||
const negativeTtlMs = Number(process.env.MCPLOCAL_TOKEN_NEGATIVE_TTL_MS ?? '5000');
|
const negativeTtlMs = Number(process.env.MCPLOCAL_TOKEN_NEGATIVE_TTL_MS ?? '5000');
|
||||||
const tokenAuth = createTokenAuthMiddleware({ mcpdUrl, positiveTtlMs, negativeTtlMs });
|
const tokenAuth = createTokenAuthMiddleware({ mcpdUrl, positiveTtlMs, negativeTtlMs });
|
||||||
httpServer.addHook('preHandler', async (request, reply) => {
|
httpServer.addHook('preHandler', async (request, reply) => {
|
||||||
|
|||||||
Reference in New Issue
Block a user