mirror of
https://github.com/thedotmack/claude-mem.git
synced 2026-07-03 12:32:32 +08:00
- POST /v1/keys (write scope) mints a READ-ONLY, optionally-expiring API key for the team and returns the paste-ready `claude mcp add ... /v1/mcp` command. Raw key shown once. Write-scope gate means a read key can't escalate into more keys. - GET /v1/connect (read scope) returns the same command with a <YOUR_API_KEY> placeholder. mcpUrl comes from CLAUDE_MEM_PUBLIC_URL or the request host. The minted key lands in the same Postgres api_keys store readAuth checks, so it authenticates immediately — the test asserts a freshly-minted key calls /v1/usage and gets 200. Cold-start (first key via web session) still needs the better-auth org → team mapping; documented in api.md. Tests (postgres-gated): mint → 201 + command shape, minted key authenticates, read key can't mint (403), GET /v1/connect placeholder. Verified live 11/11; tsc clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>