diff --git a/backend/app/core/agent_auth.py b/backend/app/core/agent_auth.py index 1bd2b7eb..97d92ad6 100644 --- a/backend/app/core/agent_auth.py +++ b/backend/app/core/agent_auth.py @@ -143,11 +143,19 @@ async def get_agent_auth_context_optional( authorization: str | None = Header(default=None, alias="Authorization"), session: AsyncSession = SESSION_DEP, ) -> AgentAuthContext | None: - """Optionally resolve agent auth context from `X-Agent-Token` only.""" + """Optionally resolve agent auth context from `X-Agent-Token` or `Authorization: Bearer`. + + Both `X-Agent-Token` and `Authorization: Bearer ` are accepted so that + routes depending on this function (e.g. board/task dependency resolvers) behave + consistently with `get_agent_auth_context`, which also accepts both headers. + Previously, `accept_authorization=False` caused 401 on any route that resolved + a board or task via the shared `ACTOR_DEP` chain (e.g. PATCH /tasks/{id}, + POST /tasks/{id}/comments) when the caller used `Authorization: Bearer`. + """ resolved = _resolve_agent_token( agent_token, authorization, - accept_authorization=False, + accept_authorization=True, ) if not resolved: if agent_token: @@ -160,11 +168,12 @@ async def get_agent_auth_context_optional( return None agent = await _find_agent_for_token(session, resolved) if agent is None: - logger.warning( - "agent auth optional invalid token path=%s token_prefix=%s", - request.url.path, - resolved[:6], - ) - raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED) + if agent_token: + logger.warning( + "agent auth optional invalid token path=%s token_prefix=%s", + request.url.path, + resolved[:6], + ) + return None await _touch_agent_presence(request, session, agent) return AgentAuthContext(actor_type="agent", agent=agent) diff --git a/compose.yml b/compose.yml index ddde29eb..e55c1e0d 100644 --- a/compose.yml +++ b/compose.yml @@ -34,7 +34,7 @@ services: context: . dockerfile: backend/Dockerfile env_file: - - ./backend/.env.example + - ./backend/.env environment: # Override localhost defaults for container networking DATABASE_URL: postgresql+psycopg://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@db:5432/${POSTGRES_DB:-mission_control} @@ -77,7 +77,7 @@ services: dockerfile: backend/Dockerfile command: ["rq", "worker", "-u", "redis://redis:6379/0"] env_file: - - ./backend/.env.example + - ./backend/.env depends_on: redis: condition: service_healthy diff --git a/install.sh b/install.sh index 2369055c..5565a974 100755 --- a/install.sh +++ b/install.sh @@ -807,6 +807,8 @@ main() { upsert_env_value "$REPO_ROOT/.env" "CORS_ORIGINS" "http://$public_host:$frontend_port" if [[ "$deployment_mode" == "docker" ]]; then + ensure_file_from_example "$REPO_ROOT/backend/.env" "$REPO_ROOT/backend/.env.example" + upsert_env_value "$REPO_ROOT/.env" "DB_AUTO_MIGRATE" "true" info "Starting production-like Docker stack..." @@ -895,4 +897,4 @@ Stop local background services: SUMMARY } -main "$@" \ No newline at end of file +main "$@"