MCP connect dialog with Bearer auth
Platform spec ADR
MCP connect dialog with Bearer auth
Spec standingStandard
0 revisions (git unavailable at build; counts may be empty)
No commits recorded for this path.
| Section id | Required | Found |
|---|---|---|
what-this-feature-specifies | yes | yes |
implementation-anchors | yes | yes |
Full tree: run pnpm verify:platform-spec-layout (writes src/generated/platform-spec-layout-report.json).
Context
Section titled “Context”Nexus exposes graph query tools over MCP Streamable HTTP for IDE and agent integrations. Operators deploy a shared NEXUS_MCP_AUTH_TOKEN secret. Users need a discoverable, copy-friendly surface — without embedding secrets in client bundles or public pages.
Decision
Section titled “Decision”- MCP must be mounted at
/api/mcpon the Nexus deployment origin. - All MCP requests must require
Authorization: Bearer $NEXUS_MCP_AUTH_TOKEN. - Header button Connect MCP must appear for signed-in users (any authenticated session).
- ConnectMcpDialog shows:
- Endpoint URL (
{window.location.origin}/api/mcp) - Auth header template with placeholder token guidance
- Copy buttons for URL and header format
- Link to MCP contracts
- Endpoint URL (
- The live Bearer token must not be returned by public or session API routes — operators supply it via deployment env (Coolify, etc.).
Consequences
Section titled “Consequences”gitnexus-webshipsconnect-mcp-dialog.tsxwired intoNexusAppShell.- MCP shares the cached graph data plane with public
/api/graph— no parallel index. - Platform spec documents the contract; Nexus UI links here for operator and integrator reference.
Status
Section titled “Status”Accepted — complements GitNexus MCP engine retention under Beskid Nexus product shell.