Public/openbrain-mcp
1
0
Fork 0
mirror of https://gitea.ingwaz.work/Ingwaz/openbrain-mcp.git synced 2026-03-31 14:49:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Provision auth key sets for VPS-backed e2e

Browse Source
This commit is contained in:
Agent Zero
2026-03-23 03:00:32 +00:00
parent cb6ccd5394
commit b001d627e1
3 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.env.example
View File

@@ -29,7 +29,7 @@ OPENBRAIN__QUERY__TEXT_WEIGHT=0.4
# Authentication (optional) # Authentication (optional)
OPENBRAIN__AUTH__ENABLED=false OPENBRAIN__AUTH__ENABLED=false
# Comma-separated list of API keys # Comma-separated list of API keys
# OPENBRAIN__AUTH__API_KEYS=key1,key2,key3 # OPENBRAIN__AUTH__API_KEYS=prod_live_key,ci_e2e_key,smoke_test_key
# Logging # Logging
RUST_LOG=info,openbrain_mcp=debug RUST_LOG=info,openbrain_mcp=debug

6
.gitea/workflows/ci-cd.yaml
View File

@@ -18,6 +18,7 @@ jobs:
OPENBRAIN__DATABASE__USER: ${{ secrets.OPENBRAIN__DATABASE__USER }} OPENBRAIN__DATABASE__USER: ${{ secrets.OPENBRAIN__DATABASE__USER }}
OPENBRAIN__DATABASE__PASSWORD: ${{ secrets.OPENBRAIN__DATABASE__PASSWORD }} OPENBRAIN__DATABASE__PASSWORD: ${{ secrets.OPENBRAIN__DATABASE__PASSWORD }}
OPENBRAIN__DATABASE__POOL_SIZE: ${{ secrets.OPENBRAIN__DATABASE__POOL_SIZE }} OPENBRAIN__DATABASE__POOL_SIZE: ${{ secrets.OPENBRAIN__DATABASE__POOL_SIZE }}
OPENBRAIN__AUTH__API_KEYS: ${{ secrets.OPENBRAIN__AUTH__API_KEYS }}
DEPLOY_DIR: /opt/openbrain-mcp DEPLOY_DIR: /opt/openbrain-mcp
SERVICE_NAME: openbrain-mcp SERVICE_NAME: openbrain-mcp
steps: steps:
@@ -122,6 +123,7 @@ jobs:
OPENBRAIN__DATABASE__USER='$OPENBRAIN__DATABASE__USER' \ OPENBRAIN__DATABASE__USER='$OPENBRAIN__DATABASE__USER' \
OPENBRAIN__DATABASE__PASSWORD='$OPENBRAIN__DATABASE__PASSWORD' \ OPENBRAIN__DATABASE__PASSWORD='$OPENBRAIN__DATABASE__PASSWORD' \
OPENBRAIN__DATABASE__POOL_SIZE='$OPENBRAIN__DATABASE__POOL_SIZE' \ OPENBRAIN__DATABASE__POOL_SIZE='$OPENBRAIN__DATABASE__POOL_SIZE' \
OPENBRAIN__AUTH__API_KEYS='$OPENBRAIN__AUTH__API_KEYS' \
bash -s" <<'EOS' bash -s" <<'EOS'
set -euo pipefail set -euo pipefail
DEPLOY_DIR="${DEPLOY_DIR:-/opt/openbrain-mcp}" DEPLOY_DIR="${DEPLOY_DIR:-/opt/openbrain-mcp}"
@@ -186,6 +188,10 @@ jobs:
upsert_env "OPENBRAIN__DATABASE__USER" "$OPENBRAIN__DATABASE__USER" upsert_env "OPENBRAIN__DATABASE__USER" "$OPENBRAIN__DATABASE__USER"
upsert_env "OPENBRAIN__DATABASE__PASSWORD" "$OPENBRAIN__DATABASE__PASSWORD" upsert_env "OPENBRAIN__DATABASE__PASSWORD" "$OPENBRAIN__DATABASE__PASSWORD"
upsert_env "OPENBRAIN__DATABASE__POOL_SIZE" "$OPENBRAIN__DATABASE__POOL_SIZE" upsert_env "OPENBRAIN__DATABASE__POOL_SIZE" "$OPENBRAIN__DATABASE__POOL_SIZE"
if [[ -n "${OPENBRAIN__AUTH__API_KEYS:-}" ]]; then
upsert_env "OPENBRAIN__AUTH__ENABLED" "true"
upsert_env "OPENBRAIN__AUTH__API_KEYS" "$OPENBRAIN__AUTH__API_KEYS"
fi
upsert_env "OPENBRAIN__EMBEDDING__MODEL_PATH" "$DEPLOY_DIR/models/all-MiniLM-L6-v2" upsert_env "OPENBRAIN__EMBEDDING__MODEL_PATH" "$DEPLOY_DIR/models/all-MiniLM-L6-v2"
upsert_env "ORT_DYLIB_PATH" "$DEPLOY_DIR/lib/libonnxruntime.so" upsert_env "ORT_DYLIB_PATH" "$DEPLOY_DIR/lib/libonnxruntime.so"
upsert_env "OPENBRAIN__SERVER__HOST" "0.0.0.0" upsert_env "OPENBRAIN__SERVER__HOST" "0.0.0.0"

13
README.md
View File

@@ -83,12 +83,23 @@ Recommended env for VPS-backed runs:
```bash ```bash
OPENBRAIN_E2E_REMOTE=true OPENBRAIN_E2E_REMOTE=true
OPENBRAIN_E2E_BASE_URL=https://ob.ingwaz.work OPENBRAIN_E2E_BASE_URL=https://ob.ingwaz.work
OPENBRAIN_E2E_API_KEY=your_live_api_key OPENBRAIN_E2E_API_KEY=your_ci_e2e_key
OPENBRAIN__AUTH__ENABLED=true OPENBRAIN__AUTH__ENABLED=true
``` ```
The CI workflow uses this remote mode after `main` deploys so e2e coverage validates the VPS deployment rather than the local runner host. The CI workflow uses this remote mode after `main` deploys so e2e coverage validates the VPS deployment rather than the local runner host.
For live deployments, prefer a dedicated key set rather than reusing one API key everywhere. The server already accepts a comma-separated key list via `OPENBRAIN__AUTH__API_KEYS`, so a practical split is:
- `prod_live_key` for normal agent traffic
- `ci_e2e_key` for post-deploy CI verification
- `smoke_test_key` for ad hoc diagnostics
In Gitea Actions, that means:
- repo secret `OPENBRAIN__AUTH__API_KEYS=prod_live_key,ci_e2e_key,smoke_test_key`
- repo secret `OPENBRAIN_E2E_API_KEY=ci_e2e_key`
## Agent Zero Developer Prompt ## Agent Zero Developer Prompt
For Agent Zero / A0, add the following section to the Developer agent role For Agent Zero / A0, add the following section to the Developer agent role