fed8b2eed7
Backend release / release (push) Waiting to run
Bandit Security Scan / bandit_scan (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / build (linux/amd64, ubuntu-latest, amd64) (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / build (linux/arm64, ubuntu-24.04-arm, arm64) (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / manifest (push) Blocked by required conditions
Build and push DocsGPT FE Docker image for development / build (linux/amd64, ubuntu-latest, amd64) (push) Waiting to run
Build and push DocsGPT FE Docker image for development / build (linux/arm64, ubuntu-24.04-arm, arm64) (push) Waiting to run
Build and push DocsGPT FE Docker image for development / manifest (push) Blocked by required conditions
Python linting / ruff (push) Waiting to run
Run python tests with pytest / Run tests and count coverage (3.12) (push) Waiting to run
React Widget Build / build (push) Waiting to run
62 lines
1.9 KiB
Python
62 lines
1.9 KiB
Python
"""FastMCP server exposing DocsGPT retrieval over streamable HTTP.
|
|
|
|
Mounted at ``/mcp`` by ``application/asgi.py``. Bearer tokens are the
|
|
existing DocsGPT agent API keys — no new credential surface. The
|
|
``search_docs`` tool searches the caller's knowledge base.
|
|
|
|
The tool reads the ``Authorization`` header directly via
|
|
``get_http_headers(include={"authorization"})``. The ``include`` kwarg
|
|
is required: by default ``get_http_headers`` strips ``authorization``
|
|
(and a handful of other hop-by-hop headers) so they aren't forwarded
|
|
to downstream services — since we deliberately want the caller's
|
|
token, we opt it back in.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import asyncio
|
|
import logging
|
|
|
|
from fastmcp import FastMCP
|
|
from fastmcp.server.dependencies import get_http_headers
|
|
|
|
from application.services.search_service import (
|
|
InvalidAPIKey,
|
|
SearchFailed,
|
|
search,
|
|
)
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
def _extract_bearer_token() -> str | None:
|
|
auth = get_http_headers(include={"authorization"}).get("authorization", "")
|
|
parts = auth.split(None, 1)
|
|
if len(parts) != 2 or parts[0].lower() != "bearer" or not parts[1]:
|
|
return None
|
|
return parts[1]
|
|
|
|
|
|
mcp = FastMCP("docsgpt")
|
|
|
|
|
|
@mcp.tool
|
|
async def search_docs(query: str, chunks: int = 5) -> list[dict]:
|
|
"""Search the caller's DocsGPT knowledge base.
|
|
|
|
Authentication is via ``Authorization: Bearer <agent-api-key>`` on
|
|
the MCP request — the same opaque key that ``/api/search`` accepts
|
|
in its JSON body. Returns at most ``chunks`` hits, each a dict with
|
|
``text``, ``title``, ``source`` keys.
|
|
"""
|
|
api_key = _extract_bearer_token()
|
|
if not api_key:
|
|
raise PermissionError("Missing Bearer token")
|
|
try:
|
|
return await asyncio.to_thread(search, api_key, query, chunks)
|
|
except InvalidAPIKey as exc:
|
|
raise PermissionError("Invalid API key") from exc
|
|
except SearchFailed:
|
|
logger.exception("search_docs failed")
|
|
raise
|