You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+6-3Lines changed: 6 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,6 +27,7 @@ AlexClaw monitors the world (RSS feeds, web sources, GitHub repositories, APIs),
27
27
-**Knowledge Base RAG** — Separate `knowledge_entries` table for documentation and reference material, isolated from news/conversation memory. Scraper skills fetch, chunk, and embed documentation from hexdocs.pm, Erlang/OTP source (GitHub), Elixir stdlib source, Learn You Some Erlang, and existing skill code. Chat integrates both Knowledge and Memory search with a context source selector. ~7200 embeddings across 6 knowledge kinds.
28
28
-**Cron Scheduler** — Quantum-based. Jobs defined in config or DB.
29
29
-**Multi-Node BEAM Clustering** — Multiple AlexClaw instances connected via Erlang distribution. Each node runs its own executor independently; nodes exchange workflow outputs via `send_to_workflow` and `receive_from_workflow` skills. Auto-discovery, node status monitoring, and per-workflow node assignment from the admin UI. `docker-compose_swarm.yml` included for local multi-node testing.
30
+
-**MCP Server** — Model Context Protocol server exposes all skills and workflows as MCP tools, and internal data (knowledge, memory, workflows, runs, config) as MCP resources. External AI clients (Claude Code, Cursor, Claude Desktop) can discover and invoke AlexClaw capabilities via the `/mcp` endpoint. Bearer token auth, policy-based tool restrictions, dynamic tool list refresh via PubSub. Built on `anubis_mcp` with Streamable HTTP transport.
30
31
31
32
### Skills
32
33
@@ -107,8 +108,8 @@ AlexClaw can review pull requests and commits for security issues:
107
108
108
109
### Observability
109
110
110
-
-**Health endpoint** — `GET /health` (unauthenticated) returns `{"status":"ok","version":"...","db":"connected"}` for load balancers and Docker healthchecks. Returns HTTP 503 when the database is unreachable.
111
-
-**Metrics endpoint** — `GET /metrics` (authenticated) returns a JSON payload with system stats (uptime, memory, BEAM processes), LLM provider usage, workflow run counts, skill and circuit breaker states, log severity counts, and knowledge/memory entry counts.
111
+
-**Health endpoint** — `GET /health` (unauthenticated) returns `{"status":"ok","version":"...","db":"connected","mcp":"running"}` for load balancers and Docker healthchecks. Returns HTTP 503 when the database is unreachable.
112
+
-**Metrics endpoint** — `GET /metrics` (authenticated) returns a JSON payload with system stats (uptime, memory, BEAM processes), LLM provider usage, workflow run counts, skill and circuit breaker states, MCP status and tool count, log severity counts, and knowledge/memory entry counts.
112
113
113
114
### Database Backups
114
115
@@ -127,7 +128,8 @@ Automated PostgreSQL backups via the `db_backup` core skill. Backups are gzip-co
Copy file name to clipboardExpand all lines: SECURITY.md
+27Lines changed: 27 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -66,6 +66,33 @@ Set `github.webhook_secret` in Admin > Config (GitHub category).
66
66
67
67
---
68
68
69
+
## MCP Server Authentication
70
+
71
+
The MCP endpoint (`/mcp`) exposes AlexClaw skills, workflows, and data to external AI clients (Claude Code, Cursor, Claude Desktop) via the Model Context Protocol.
72
+
73
+
**Bearer token auth:** Every MCP request must include `Authorization: Bearer <token>`. The token is validated against `mcp.api_key` stored in Admin > Config using `Plug.Crypto.secure_compare/2` (constant-time comparison, no timing attacks). Requests without a valid token receive 401.
74
+
75
+
**Token management:**
76
+
- Store the API key encrypted in PostgreSQL (`sensitive: true` on the config setting)
77
+
- No automatic expiration — treat MCP tokens like long-lived API keys
78
+
- Rotate by updating `mcp.api_key` in Admin > Config — all previous tokens are immediately invalidated
79
+
- If compromised: rotate immediately in Admin > Config
80
+
81
+
**Policy enforcement:** MCP tool calls pass through `PolicyEngine.evaluate/2` with `:mcp` caller type. The `mcp_restriction` policy rule type blocks tools by name pattern — insert a policy with `rule_type: "mcp_restriction"` and `config: {"tool_pattern": "shell", "action": "deny"}` to block any tool matching that pattern.
82
+
83
+
**Resource filtering:** Sensitive config values (API keys, OAuth tokens) are redacted in MCP resource responses — only `[REDACTED]` is returned for settings marked `sensitive: true`.
84
+
85
+
**Audit logging:** All MCP tool invocations are logged to `auth_audit_log` with caller `mcp:<tool_name>`, visible in Admin > Policies > Audit Log.
86
+
87
+
**Hardening recommendations:**
88
+
- The `/mcp` endpoint must be behind TLS — never transmit Bearer tokens over plain HTTP
89
+
- Store the MCP API key in your client's config securely (environment variable or encrypted config)
90
+
- Monitor the Audit Log for unexpected MCP activity
91
+
- Use `mcp_restriction` policies to limit which tools are available to MCP clients
92
+
- If MCP is not needed, do not set `mcp.api_key` — the auth plug rejects all requests when the key is unconfigured
93
+
94
+
---
95
+
69
96
## Inter-Node Authentication (Clustering)
70
97
71
98
Multi-node clusters authenticate via BEAM's distributed Erlang protocol:
0 commit comments