refactor: per-connection auth via Authorization header

Replace startup token authentication with per-SSE-connection auth. Each client now passes Bearer token in Authorization header when connecting. Server validates against config.yaml tokens and creates isolated Server instance per connection. - server.py: accept (auth, agent) instead of (config_path, token) - main.py: extract Bearer token, authenticate, create server per connection - Remove GRIST_MCP_TOKEN from docker-compose environments
2026-01-01 08:49:58 -05:00
parent a2e8d76237
commit 8809095549
8 changed files with 58 additions and 35 deletions
--- a/deploy/test/docker-compose.yml
+++ b/deploy/test/docker-compose.yml
@@ -9,8 +9,6 @@ services:
      - "3000"  # Dynamic port
    environment:
      - CONFIG_PATH=/app/config.yaml
-      - GRIST_MCP_TOKEN=test-token
-      - PORT=3000
    volumes:
      - ../../tests/integration/config.test.yaml:/app/config.yaml:ro
    depends_on: