SearXNG support
Release / release (push) Failing after 6s

This commit is contained in:
2026-06-14 21:33:22 +02:00
parent a96f2afe6f
commit 59eaf9e47d
24 changed files with 650 additions and 34 deletions
+7 -6
View File
@@ -5,7 +5,7 @@ master session: each MCP authenticates for the service it calls.
## Lifecycle
For a service such as `gitea`, `grafana`, or `gssh`, the MCP asks
For a service such as `gitea`, `grafana`, `gssh`, or `searxng`, the MCP asks
`internal/authn` for a token on first use:
1. Fresh wallet entry: return it.
@@ -15,17 +15,18 @@ For a service such as `gitea`, `grafana`, or `gssh`, the MCP asks
serialized by `$XDG_RUNTIME_DIR/sherlock.login.lock`, persist, return.
Long-running MCPs use `TokenSource` and `TokenHolder` so requests always read
the latest bearer. Refresh never opens a browser; if refresh can no longer
recover, the next invocation performs a fresh login.
the latest bearer. Refresh follows access-token expiry, never opens a browser,
and falls back to a fresh login on the next invocation if refresh can no longer
recover.
## Service identity
The config supplies issuer, client ID/secret, and base URL. Scopes are owned by
each MCP because they follow the tool surface, not the deployment.
Gitea uses Gitea's OAuth2 server. Grafana and Gssh normally reuse the shared
Authentik `sherlock-cli` provider. Tokens are stored and refreshed per service
and are not reused across unrelated services.
Gitea uses Gitea's OAuth2 server. Grafana, Gssh, and SearXNG normally reuse the
shared Authentik `sherlock-cli` provider. Tokens are stored and refreshed per
service and are not reused across unrelated services.
## User controls