infra(deploy): serve MCP on multiple domains + SKIP_BUILD #4

Merged
kianiadee merged 2 commits from infra/deploy-multidomain into main 2026-06-26 13:56:53 +00:00

2 commits

Author SHA1 Message Date
kiania
af6fdbcd3f fix(logging): attribute each query to its analyst caller
The BearerAuth middleware matched a per-analyst token but only stashed it on
request.state, which the FastMCP tools never see — so the query log line logged
rows/sql with no caller, defeating the per-token attribution the auth design
promises. Bridge the caller name through a ContextVar (anyio propagates it into
the worker thread that runs each sync tool) and include it in the query() log.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-26 16:54:07 +03:00
kiania
fae40942a2 infra(deploy): serve MCP on multiple domains + SKIP_BUILD for label-only redeploys
The prod connector domain (fleetmcp.rahamafresh.com) had no Traefik router —
deploy.sh only ever set one HOST_DOMAIN (defaulting to fleetmcp.fivetitude.com),
so requests to the prod domain returned 503 "no available server" even with the
container healthy.

- HOST_DOMAINS: comma-separated list folded into one Traefik router rule
  (Host(`a`) || Host(`b`)). One LE cert covers all names (SANs), so connectors
  on either domain keep working. Defaults to HOST_DOMAIN (back-compatible).
- SKIP_BUILD=1: reuse the existing image for a labels/env-only redeploy, so a
  routing change can't accidentally bake in new/stale code.

Deployed to prod with HOST_DOMAINS="fleetmcp.rahamafresh.com,fleetmcp.fivetitude.com";
both domains verified (healthz 200, /mcp 401, valid SAN cert).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-23 21:35:31 +03:00