Skip to content

Access: self-serve per-repo INGEST tokens + token scopes #449

Description

@alexmond

Part of #441. Highest near-term value — the public (closed-mode) deploy needs this so each repo has its own revocable upload token instead of a shared/hand-minted one.

Goal

Let a project owner mint scoped, revocable INGEST tokens from the UI.

Approach

  • Add token scopes (INGEST / QUERY / ADMIN) to api_token (Flyway migration, next Vxx) and an optional project-scoped token.
  • Owner UI to create / list / revoke / rotate tokens with expiry + last-used (reuse the TokenExpiryReminder machinery).
  • Enforce scope in ApiTokenAuthFilter + the ingest path (IngestController): a QUERY token can't ingest; a project-scoped token can only touch its project.

Acceptance

  • An owner mints a project-scoped INGEST token and uploads with it in closed-mode.
  • A QUERY token is rejected (403) on ingest; a revoked token stops working immediately.

Depends on

None (independent of OAuth). Unblocks per-user MCP auth + token UX.

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions