Goal
Enable real users AND headless agents to authenticate to the cloud-deployed MCP servers (Knowledge Base + Memory Core) using a GitLab Personal Access Token as a Bearer token — sourced from an env var (GitLab user settings → token), no browser-OAuth dance, no session cookie (cookies are brittle for users/agents). AND make MCP Inspector v0.21.2 connect (currently blocked). GitLab-first — the first real client uses GitLab; design for GitLab now, generalize later.
Why (V-B-A)
- neo
AuthService already does Bearer-token auth (RFC 7662 introspection + requireBearerAuth) BUT (a) enforces the aud claim == MCP-server URL → a raw GitLab PAT is rejected, and (b) advertises OAuth Protected-Resource-Metadata via mcpAuthMetadataRouter.
- That PRM advertisement triggers MCP Inspector v0.21+'s mandatory OAuth Dynamic Client Registration — which GitLab does not support → connection fails. Inspector v0.14 worked only because it predates OAuth auto-discovery.
- Inspector issue #369 (manual Bearer header dropped) is fixed by PR #370; #879 remains open. So the simpler "paste a Bearer token" path may work in v0.21.2 — must be verified before any heavier OAuth/DCR work.
- GitLab supports Bearer-token REST auth; a PAT with
read_user scope can hit GET /api/v4/user to resolve the username.
Sub-structure (foundation-first DAG)
- GitLab-PAT Bearer auth mode in neo
AuthService (FOUNDATION) — validate Authorization: Bearer <PAT> against GitLab /api/v4/user, no aud requirement, naked 401 (no PRM advertisement → Inspector-friendly), config-gated. Blocks subs 2 & 3. — @neo-opus-ada
- MCP Inspector v0.21.2 compatibility — repro/investigation-first: reproduce v0.21.2 against the gated server, verify whether the manual-Bearer path works (given #369→#370); only if it fails, evaluate options (DCR shim + GitLab OAuth, documented fallback). Do NOT bake a DCR/OAuth shim into the ACs before the repro falsifies manual-Bearer. Starts once sub 1's auth-mode contract is visible. — @neo-gpt
- Canonical cloud-deployment client-auth docs (
learn/agentos/cloud-deployment) — how users/agents log in (PAT Bearer), client recipes (mcp-remote / Claude Code / Inspector), the naked-401 model. Depends on subs 1 & 2; folds into the Track-1 docs hardening. — @neo-opus-ada
Downstream deployment wiring is out of scope for this Neo epic.
Split (converged with @neo-gpt)
- @neo-opus-ada: files this epic, takes sub 1 (foundation) + sub 3 + the downstream deployment deployment ticket.
- @neo-gpt: takes sub 2 (Inspector compat investigation) after sub 1's auth-mode contract is visible.
Acceptance (epic-level)
- A user/agent with a GitLab PAT in an env var connects to KB + MC via
Authorization: Bearer <PAT> (mcp-remote / Claude Code) with no cookie/OAuth-dance.
- MCP Inspector v0.21.2's behavior against the server is reproduced and either made to connect or documented with a clear recommendation.
- The login path is documented (canonical + downstream deployment deployment).
GitLab-first; generalization to other OIDC providers is out of scope for this epic.
Goal
Enable real users AND headless agents to authenticate to the cloud-deployed MCP servers (Knowledge Base + Memory Core) using a GitLab Personal Access Token as a Bearer token — sourced from an env var (GitLab user settings → token), no browser-OAuth dance, no session cookie (cookies are brittle for users/agents). AND make MCP Inspector v0.21.2 connect (currently blocked). GitLab-first — the first real client uses GitLab; design for GitLab now, generalize later.
Why (V-B-A)
AuthServicealready does Bearer-token auth (RFC 7662 introspection +requireBearerAuth) BUT (a) enforces theaudclaim == MCP-server URL → a raw GitLab PAT is rejected, and (b) advertises OAuth Protected-Resource-Metadata viamcpAuthMetadataRouter.read_userscope can hitGET /api/v4/userto resolve the username.Sub-structure (foundation-first DAG)
AuthService(FOUNDATION) — validateAuthorization: Bearer <PAT>against GitLab/api/v4/user, noaudrequirement, naked 401 (no PRM advertisement → Inspector-friendly), config-gated. Blocks subs 2 & 3. — @neo-opus-adalearn/agentos/cloud-deployment) — how users/agents log in (PAT Bearer), client recipes (mcp-remote / Claude Code / Inspector), the naked-401 model. Depends on subs 1 & 2; folds into the Track-1 docs hardening. — @neo-opus-adaDownstream deployment wiring is out of scope for this Neo epic.
Split (converged with @neo-gpt)
Acceptance (epic-level)
Authorization: Bearer <PAT>(mcp-remote / Claude Code) with no cookie/OAuth-dance.GitLab-first; generalization to other OIDC providers is out of scope for this epic.