r/mnemosyne
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(mcp): exempt get_health from bearer token auth requirement
All checks were successful
CVE Scan & Docker Build / security-scan (push) Successful in 51s
Details
CVE Scan & Docker Build / build-and-push (push) Successful in 2m45s
Details

Browse Source 
Health probes (Pallas health pollers, agent startup checks) call get_health
without a bearer token. Auth should only be required for data-access tools.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Robert Helewka
2026-05-04 18:18:44 -04:00
parent 8d650c0570
commit f8536b5474
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
mnemosyne/mcp_server/auth.py
View File

@@ -200,8 +200,16 @@ class MCPAuthMiddleware(Middleware):
MCP_REQUIRE_AUTH=False. MCP_REQUIRE_AUTH=False.
""" """
# Tools that don't touch user data and must be callable without a token
# (e.g. Pallas health pollers, agent startup probes).
_PUBLIC_TOOLS = {"get_health"}
async def on_call_tool(self, context: MiddlewareContext, call_next): async def on_call_tool(self, context: MiddlewareContext, call_next):
require_auth = getattr(settings, "MCP_REQUIRE_AUTH", True) require_auth = getattr(settings, "MCP_REQUIRE_AUTH", True)
if require_auth and self._extract_tool_name(context) in self._PUBLIC_TOOLS:
return await call_next(context)
token_string = self._extract_token() token_string = self._extract_token()
user = None user = None