928f23ab1b
Enables exposing the supervisor MCP via Tailscale Funnel for claude.ai custom-connector tests. Auth is opt-in: empty SUPERVISOR_MCP_TOKEN preserves the existing unauthenticated behavior for tailnet-internal callers and local dev. When the token is set, every request must carry "Authorization: Bearer <token>" or it is rejected with HTTP 401 and a JSON-RPC -32001 error. Comparison uses crypto/subtle.ConstantTimeCompare; the token value and the supplied header are never logged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
4.7 KiB
4.7 KiB