Commit graph

16 commits

Author SHA1 Message Date
Cathie Integra
3f096a592b Links: Use canonical trailing-slash form for website URLs 2026-06-24 17:20:30 +02:00
Michael Mayer
b04233f2f4 Backend: Use strings.SplitSeq for split-and-iterate loops #5599
Replace strings.Split with the lazy strings.SplitSeq iterator (Go 1.23+)
in loops that only range over the tokens, avoiding the intermediate
slice allocation. The yielded substrings are identical to Split, so
behavior is unchanged. Applies the suggestion from #5599 to its three
sites (CIDR parsing, WebDAV hidden-path, overlay path checks) and
extends it to two more split-and-iterate loops in the server compression
negotiator and MCP config-options builder for consistency. The slice
returning splitPath helper is intentionally left on strings.Split.
2026-05-30 09:49:47 +00:00
Michael Mayer
44429bdbbb MCP: Gate stdio on DisableMCP and add scope regression test #5024 2026-05-10 11:54:34 +00:00
Michael Mayer
808961525a Docs: Document MCP stdio auth requirement for write-capable tools #5024 2026-05-10 11:21:00 +00:00
Michael Mayer
60f4779565 Config: Refactor flag default reporting and harden Markdown rendering
- Rework CliFlag.Default() to read the documented default through
  cli.DocGenerationFlag.GetDefaultText() instead of GetValue(); urfave
  snapshots the source-code default in Apply() before reading the
  environment, so reports stay stable across deployments and no longer
  echo operator-supplied env values for runtime-mutated string flags.

- Add a Secret annotation on CliFlag for sensitive options. When set,
  Default() collapses to DocDefault (or "") so secrets like
  admin-password, oidc-secret, database-password, auth-secret,
  node-client-secret, join-token, download-token, preview-token, and
  vision-key never appear in `photoprism show config-options` or
  downstream consumers of the same report data.

- Convert index-workers from IntFlag to StringFlag with the new
  IndexWorkersAuto = "auto" sentinel, matching the convention already
  used by thumb-color, thumb-filter, and database-driver. Options.
  IndexWorkers becomes a string; Config.IndexWorkers() parses it once
  and keeps the existing CPU/SQLite caps. yaml.v2 silently coerces the
  legacy `IndexWorkers: 4` form into the string field, so existing
  operator config files load unchanged. Drops the dynamic
  cpuid.CPU.PhysicalCores/2 default and the previous DocDefault hack.
  Regenerated swagger.json picks up the new string type.

- Harden the Markdown report renderer (pkg/txt/report/markdown.go) by
  backslash-escaping `<` and `>` in row and header cells alongside the
  existing `|` and `* * *` escapes. Prevents arbitrary HTML from being
  emitted into downstream HTML pipelines that render the table source.

- Fix two pre-existing lint findings surfaced by the newer
  golangci-lint: misspell `marshalling` -> `marshaling` and replace a
  field-by-field struct literal with a same-shape type conversion
  (staticcheck S1016).

- Add coverage for every new code path: Default() Secret/env-override
  regression, GetDefaultText/strconv.Unquote round-trip, parseIndexWorkers
  branch matrix, ApplyCliContext index-workers string binding, the YAML
  round-trip across `auto`/quoted/bare-int/empty forms, and the Markdown
  angle-bracket escape.
2026-05-09 15:09:54 +00:00
Michael Mayer
3012786d82 Docs: Drop private subrepo references from public files
Sweeps top-level CODEMAP/GLOSSARY, package READMEs under internal/,
and a handful of source-comment references that linked to the private
specs/ subrepo. AGENTS.md hints stay (agent-instruction document) and
the agent-skill linking targets in Makefile are guarded with
directory checks.
2026-05-05 09:40:18 +00:00
Michael Mayer
a61d284134 MCP: Cap /api/v1/mcp body size and shorten session idle timeout #5024
Signed-off-by: Michael Mayer <michael@photoprism.app>
2026-04-20 13:54:07 +02:00
Michael Mayer
4599cc07ce MCP: Expose DisableMCP via ClientConfig for frontend gating #5024 #5536
Signed-off-by: Michael Mayer <michael@photoprism.app>
2026-04-18 11:31:31 +02:00
Michael Mayer
da224d309e MCP: Add "DisableMCP" option to disable /api/v1/mcp #5024 #5536
Signed-off-by: Michael Mayer <michael@photoprism.app>
2026-04-18 11:08:58 +02:00
Michael Mayer
ac9c9cf27b MCP: Remove experimental gate test and update documentation #5024
Signed-off-by: Michael Mayer <michael@photoprism.app>
2026-04-18 08:08:29 +02:00
Michael Mayer
0c226fafcf Header: Add ContentTypeEventStream and reuse in MCP code #5024
Signed-off-by: Michael Mayer <michael@photoprism.app>
2026-04-13 09:18:40 +02:00
Michael Mayer
6704b217d8 MCP: Document constants and vars, export ToolNames/ResourceURIs #5024
Signed-off-by: Michael Mayer <michael@photoprism.app>
2026-04-13 09:09:12 +02:00
Michael Mayer
4f14ed90c0 MCP: Remove "prototype" wording for production-readiness #5024 #5519
- Rewrite package doc, struct comments, log line, and route-registration
  comment so they describe the MCP server as a first-class feature
  rather than a pre-release prototype. The "Usage" strings on
  MCPCommands / MCPServeCommand were updated separately and stay
  unchanged.
- Drop "in this prototype" from the edition-advisory warning emitted by
  list_config_keys; the message now reads "edition filtering is
  advisory; results come from the current <edition> build metadata".
- Rewrite internal/mcp/README.md: new "Scope" section with
  in-scope/out-of-scope invariants, corrected authorization summary
  (admin + API client roles + manager in Pro/Portal, anonymous in
  public mode for the registered read-only tools), and a clearer
  "Current Capabilities" block.

Signed-off-by: Michael Mayer <michael@photoprism.app>
2026-04-13 08:46:07 +02:00
Michael Mayer
16fc758f54 MCP: Allow anonymous access in public mode for demo deployments #5024
- Drop the public-mode 403 short-circuit in internal/api/mcp.go. In
  public mode api.Session() returns the default public session, so
  Auth(c, acl.ResourceMCP, acl.ActionView) + s.Abort(c) authorize
  anonymous callers naturally. This enables the prototype to run on
  demo.photoprism.app and similar showcase installations without
  loosening the auth path or adding another toggle.
- The exemption is only safe because every currently registered tool
  returns static reference metadata derived from config.Flags and
  form.Report(&form.SearchPhotos{}) — no database access, no per-user
  state, no secrets, no mutations. A handler-level comment captures
  that contract so a future tool that does not fit cannot slip in
  unnoticed.
- Flip the public-mode test case (ForbiddenPublicMode ->
  AllowedPublicMode) in internal/api/mcp_test.go to a full anonymous
  initialize + notifications/initialized + tools/call round-trip
  against both registered tools, so any future tightening of the
  policy regresses loudly.
- Update internal/mcp/README.md: the Authorization bullets now
  describe the public-mode path, the Rate Limiting note reflects that
  CE/Plus have no generic throttle in public mode, and a new
  "Extending the Tool Surface" section documents the contract every
  new tool must uphold plus the three supported extension paths
  (two-server factory, per-tool context checks, SDK middleware).

Signed-off-by: Michael Mayer <michael@photoprism.app>
2026-04-13 08:19:29 +02:00
Michael Mayer
df13ea9e02 MCP: Refine auth flow, JWT scope, and find_search_filters #5024 #5519
Signed-off-by: Michael Mayer <michael@photoprism.app>
2026-04-10 13:40:22 +02:00
Ömer Duran
e2f8474309
MCP: Add read-only Model Context Protocol prototype #5024 #5519
* MCP: Add internal read-only prototype #5024

* MCP: Fix edition detection, section assignment, and input validation #5024

* MCP: Add authenticated HTTP endpoint with ACL and experimental gate #5024

* MCP: Document client compatibility and config examples #502

* MCP: Refine ACL grants and finalize prototype polish #5024 #5519

Signed-off-by: Michael Mayer <michael@photoprism.app>

* MCP: Update go.sum #5024 #5519

Signed-off-by: Michael Mayer <michael@photoprism.app>

* MCP: Update license NOTICE files #5024 #5519

Signed-off-by: Michael Mayer <michael@photoprism.app>

---------

Signed-off-by: Michael Mayer <michael@photoprism.app>
Co-authored-by: Michael Mayer <michael@photoprism.app>
2026-04-10 12:51:11 +02:00