Parent: #12
The v0.7.0 design check-in punt. Today's BearerAuthMiddleware uses one global token. Spec: each channel optionally has its own token; sending or receiving on it requires that token.
The existing BearerAuthMiddleware(token_getter=...) callable was deliberately designed for this — swap lambda: AUTH_TOKEN for a channel-aware lookup against a new channel_tokens SQLite table.
Touch surface: new table, replace token_getter, add an admin CLI (claude-bridge tokens mint|list|revoke), new MCP tool bridge_tokens (or admin-only HTTP endpoint). ~250 LoC.
Tradeoff: significant admin surface. Per the original deferred memo: do not ship unless someone files a concrete request — speculative complexity otherwise.
Effort: L. Likely v0.8.0 if it lands.
Status: deferred-pending-demand. Track here so the design intent isn't lost.
Parent: #12
The v0.7.0 design check-in punt. Today's
BearerAuthMiddlewareuses one global token. Spec: each channel optionally has its own token; sending or receiving on it requires that token.The existing
BearerAuthMiddleware(token_getter=...)callable was deliberately designed for this — swaplambda: AUTH_TOKENfor a channel-aware lookup against a newchannel_tokensSQLite table.Touch surface: new table, replace
token_getter, add an admin CLI (claude-bridge tokens mint|list|revoke), new MCP toolbridge_tokens(or admin-only HTTP endpoint). ~250 LoC.Tradeoff: significant admin surface. Per the original deferred memo: do not ship unless someone files a concrete request — speculative complexity otherwise.
Effort: L. Likely v0.8.0 if it lands.
Status: deferred-pending-demand. Track here so the design intent isn't lost.